search

hop-protocol / hop-airdrop

Hop Airdrop distribution 🐰
176 stars 218 forks source link

Sybil Attacker Report #543

Closed stabiloswano closed 2 years ago

stabiloswano commented 2 years ago

Related Addresses

0x14f319e971ecf759e75f862ee95d139606819656
0x2542138c5513e0be91a50b5830be1b1b43919449
0x2e7b163dabbc104683ae041d771788f93a578e99
0x5087f3a0412f794220f5d3370aa85868562c86d5
0x5ea2c342e8db0abbbcc1f35c8d00cf11608368ff
0x618d31e2b28d27e08237e59a955bc342d41e05b9
0x633c775d3ede3d857e3c0392c6093dd815024e15
0x6d5e169dfac6a37ece331e57a79c8e74fdce4677
0x74a039f2394d709be53cf4b64aa85173c1d1129c
0x837ded94f9c8533512075b48642611b01edcfc86
0x857ec4735e18177b762609d36db8c817bb4329e4
0xa5adf8e7630c9dadc4ad1caf20b89a1d03610020
0xc57b6cfb4fcaa8c4e3a6aa3f2946028ecae65373
0xd83ccd4bf9e2a10442f69909252056237a172519
0xe4a36e58f7fd9a0b3ea83e07444c2c2b7462a9bf
0xffab4b5a629ae68a5b8885c0900588e55f1b90e4

Reasoning

16 addresses perform the exact same transaction sequence on Arbitrum between 2021-12-16 07:44:56 and 2021-12-21 12:04:43: image

All addresses funded by FTX Exchange 2 between 2021-12-16 07:19:45 and 2021-12-21 09:56:31 for 1.4-1.8 ETH, slightly varying amounts. All addresses bridge to Optimism and Arbitrum (some also ZK sync), then HOP back to Ethereum. Finally all addresses transfer ETH to 0x97b9005da14e6309f848d0468a21a076a9227da8 and from there back to FTX Exchange 2.

Methodology

Addresses were detected by programmatically analyzing the transaction history patterns of eligible addresses on Arbitrum.

Rewards Address

0xBCCD7DF161C0d155D3E56D8C57Cc31C185217546

shanefontaine commented 2 years ago

Thank you for your report @stabiloswano. We have verified that the addresses in this report are Sybil attackers.

The report included 15 eligible addresses as Sybil attackers which means you are eligible for 5000.918810308851934471 HOP! When Hop DAO is live, we will make a proposal for this reward — subject to a 1 year lockup, as mentioned in the original Mirror post.

Please note that 0x5ea2c342e8db0abbbcc1f35c8d00cf11608368ff was not eligible because it was submitted in the original post of #542.

The qualified addresses are as follows:

0x14f319e971ecf759e75f862ee95d139606819656
0x2542138c5513e0be91a50b5830be1b1b43919449
0x2e7b163dabbc104683ae041d771788f93a578e99
0x5087f3a0412f794220f5d3370aa85868562c86d5
0x618d31e2b28d27e08237e59a955bc342d41e05b9
0x633c775d3ede3d857e3c0392c6093dd815024e15
0x6d5e169dfac6a37ece331e57a79c8e74fdce4677
0x74a039f2394d709be53cf4b64aa85173c1d1129c
0x837ded94f9c8533512075b48642611b01edcfc86
0x857ec4735e18177b762609d36db8c817bb4329e4
0xa5adf8e7630c9dadc4ad1caf20b89a1d03610020
0xc57b6cfb4fcaa8c4e3a6aa3f2946028ecae65373
0xd83ccd4bf9e2a10442f69909252056237a172519
0xe4a36e58f7fd9a0b3ea83e07444c2c2b7462a9bf
0xffab4b5a629ae68a5b8885c0900588e55f1b90e4
shanefontaine commented 2 years ago

It looks like all addresses had similar behaviors on the Hop protocol as well:

address ensName total mainnet arbitrum optimism polygon xdai totalVolume
0x633c775d3ede3d857e3c0392c6093dd815024e15   2 0 1 1 0 0 $13,195.65
0x618d31e2b28d27e08237e59a955bc342d41e05b9   2 0 1 1 0 0 $13,031.30
0x837ded94f9c8533512075b48642611b01edcfc86   2 0 1 1 0 0 $12,422.95
0xd83ccd4bf9e2a10442f69909252056237a172519   2 0 1 1 0 0 $11,892.15
0x857ec4735e18177b762609d36db8c817bb4329e4   2 0 1 1 0 0 $11,679.36
0xc57b6cfb4fcaa8c4e3a6aa3f2946028ecae65373   2 0 1 1 0 0 $11,399.30
0x14f319e971ecf759e75f862ee95d139606819656   2 0 1 1 0 0 $11,258.27
0xe4a36e58f7fd9a0b3ea83e07444c2c2b7462a9bf   2 0 1 1 0 0 $10,976.39
0x6d5e169dfac6a37ece331e57a79c8e74fdce4677   2 0 1 1 0 0 $10,835.24
0x5087f3a0412f794220f5d3370aa85868562c86d5   2 0 1 1 0 0 $10,796.51
0xa5adf8e7630c9dadc4ad1caf20b89a1d03610020   2 0 1 1 0 0 $10,477.61
0x2e7b163dabbc104683ae041d771788f93a578e99   2 0 1 1 0 0 $10,437.88
0xffab4b5a629ae68a5b8885c0900588e55f1b90e4   2 0 1 1 0 0 $10,385.24
0x2542138c5513e0be91a50b5830be1b1b43919449   2 0 1 1 0 0 $10,316.08
0x74a039f2394d709be53cf4b64aa85173c1d1129c   2 0 1 1 0 0 $10,311.46