Sybil Attacker Report

[gitNickV]

Related Addresses

0x501c55d242422811440b6866c7d9a7e74a73bcd7 0x7ab827b64bca65804f98cf4d0d4d990361377124 0xaca89bbcea89be5b7affd2598994fc465b39a723 0xb2eef2dd33a58c0dd3f2ad9390a13533bfd23cd4 0x13c31d43bb05ec526fc41440b17a06872882e172 0xa43df556c9d48a0202c42496f236d4a04752d3ee 0xda1a32adecb9b826b52570334be4759ad481b0fc 0xf389c517d6a07e07faf03a1f0fe67d57c3760cfc 0x0fe29bcc01e203d3172726599fa04a815c437cc1 0xd836c0bd51625236b137a042864da40e392c6a61 0x074806bcedd902627bf19e19231f68a68717c9a5 0x223d5e5493c91cf9947c255052016aea68f89a21 0x86cc9b7e437b6fd0e95bfbc968b6f5d93880795c 0xcbadf6880566bbb360e313cd95d67c8dfde1ab7b 0xe62776c1462fa66bd2e70e0db89ef8b62df84414 0x19eb478ae9d013313659d8e333cddd8a0590c5f6 0x1f29f9bd6db56c25e46d6933c19baa60d00edc18

Reasoning

All those accounts are related to 0x5904cc3a657d48de0d14dca03bbf3a095ed0ba6e on Ethereum (who is a regular wallet that was used just for a short time to recieve funds from Binance and disperse them between multiple wallets). They was all funded from it in 2 batches:

First batch:

Wallet	Funding date	Funding value
0x501c55d242422811440b6866c7d9a7e74a73bcd7	01.10.2021 8:45	0,15
0x7ab827b64bca65804f98cf4d0d4d990361377124	01.10.2021 8:45	0,15
0xaca89bbcea89be5b7affd2598994fc465b39a723	01.10.2021 8:45	0,15
0xb2eef2dd33a58c0dd3f2ad9390a13533bfd23cd4	01.10.2021 8:45	0,15
0x13c31d43bb05ec526fc41440b17a06872882e172	01.10.2021 8:47	0,15
0xa43df556c9d48a0202c42496f236d4a04752d3ee	01.10.2021 8:47	0,15
0xda1a32adecb9b826b52570334be4759ad481b0fc	01.10.2021 8:47	0,15
0xf389c517d6a07e07faf03a1f0fe67d57c3760cfc	01.10.2021 8:47	0,15

Second batch:	Wallet	Funding date	Funding value
0x0fe29bcc01e203d3172726599fa04a815c437cc1	02.10.2021 13:51	0,1
0xd836c0bd51625236b137a042864da40e392c6a61	02.10.2021 13:51	0,1
0x074806bcedd902627bf19e19231f68a68717c9a5	02.10.2021 13:52	0,1
0x223d5e5493c91cf9947c255052016aea68f89a21	02.10.2021 13:52	0,2
0x86cc9b7e437b6fd0e95bfbc968b6f5d93880795c	02.10.2021 13:52	0,1
0xcbadf6880566bbb360e313cd95d67c8dfde1ab7b	02.10.2021 13:52	0,1
0xe62776c1462fa66bd2e70e0db89ef8b62df84414	02.10.2021 13:52	0,1
0x19eb478ae9d013313659d8e333cddd8a0590c5f6	02.10.2021 13:53	0,2
0x1f29f9bd6db56c25e46d6933c19baa60d00edc18	02.10.2021 13:53	0,2

It is also interested how those wallets was funded on Polygon. Abuser used 0x501c55d242422811440b6866c7d9a7e74a73bcd7 as a disperse wallet there. He funded one part of those accounts from it:

Wallet	Funding date	Funding value
0x7ab827b64bca65804f98cf4d0d4d990361377124	15.11.2021 20:00	10
0xaca89bbcea89be5b7affd2598994fc465b39a723	15.11.2021 20:00	10
0xb2eef2dd33a58c0dd3f2ad9390a13533bfd23cd4	15.11.2021 20:00	10
0xa43df556c9d48a0202c42496f236d4a04752d3ee	15.11.2021 20:01	10
0x13c31d43bb05ec526fc41440b17a06872882e172	15.11.2021 21:05	10
0xf389c517d6a07e07faf03a1f0fe67d57c3760cfc	15.11.2021 21:22	10

And other part was funded with some service (looks like one of CEXes wallets). But all in a same time and with similar specific value (except last one who was funded next day):

Wallet	Funding date	Funding value
0x223d5e5493c91cf9947c255052016aea68f89a21	06.12.2021 0:33	4,92
0x19eb478ae9d013313659d8e333cddd8a0590c5f6	06.12.2021 0:35	4,92
0x1f29f9bd6db56c25e46d6933c19baa60d00edc18	06.12.2021 1:47	4,92
0x074806bcedd902627bf19e19231f68a68717c9a5	06.12.2021 2:46	3,92
0xcbadf6880566bbb360e313cd95d67c8dfde1ab7b	06.12.2021 2:46	3,92
0xda1a32adecb9b826b52570334be4759ad481b0fc	06.12.2021 12:35	2,92
0xd836c0bd51625236b137a042864da40e392c6a61	06.12.2021 13:24	3,92
0x0fe29bcc01e203d3172726599fa04a815c437cc1	06.12.2021 13:27	3,92
0x86cc9b7e437b6fd0e95bfbc968b6f5d93880795c	06.12.2021 13:27	3,92
0xe62776c1462fa66bd2e70e0db89ef8b62df84414	07.12.2021 0:00	3,3

Methodology

I analysed initial fundings those wallets recieved on different blockchains.

Rewards Address

0x72153F1040BDfe6961bB73448f1AF265B2bFDf0b

[shanefontaine]

Thank you for your report.

Unfortunately, only 7 of these addresses are eligible. All eligible addresses are here.

It looks like they were submitted in #540.