search

safe-global / safe-user-allocation-reports

The proposed list of SAFE user allocations has been published on the Safe forum.
Creative Commons Zero v1.0 Universal
34 stars 10 forks source link

airdrop farmers list #133

Closed qlmessi10 closed 2 years ago

qlmessi10 commented 2 years ago

Related Safe Addresses

0xB0DEaE9eD99B795531AaAbF36881AFB8b07d69A5 0x4446fc347DE054F44116bCEDc723D987Fbc6c583 0xc2943d9BC16df11D0454DAF4caFFbd53a6Fb0388 0xBC825c3094436B00A2FFF7576073c974772879EC 0xE6e8714F7764C44921E7Abf01F566AA789686F45 0xF241afed1cE84c267D6CAF770299f1fEb7c493cb 0xFEcD580C94f95eBa4780C375fF6bBc1a95285716 0x48f7Fd042bDa7E19584e7D4f0aB75ed3a26409Ca 0x1d60af0eba8521206CB7f90a85Ef0F5AB45Aa047 0x407c99E07B96dFfdcD4a74d26763796E3B7eD1b4

eth address 0x8e8e31cfb9298a432e24b7f94acf06bec8f5c887 0xfeb41f10aa0a08ac4ee0af30e0d0ee0ad225fd5d 0x5e1e0f59774052344cad68939025f2d959bd6e79 0x23fe60c2e63ddcc13d651946c24baace2bc295e2 0x8fb6db87f556a8207870abd3fae7ffbbaaae7b34 0x31e9a9a158d88628beffb2dfb8319615e377edf0 0x0a782717fc13e2158e09d129b2b58317cf30fdfc 0xc31be59f5522c4e3a89bc3e863f97e6f8253a21c 0x39af030facc2da718b12c490054c1f75887e862b 0x27dac4f72f2de2c4d8c1d702f25009ac7e189106 0xe1ad4a3f64df1c98fea91af310445bd0aea6dec0 0xddf85cb54be5ad31e9e14418233ca80e59eca2ff 0x732a38e6248109693bf63db97965f6cb6b087d2d

Reasoning

Address 732a receives MATIC from Binance on Polygon then sends it to e1ad. A web of sybil addresses are then created that appear to utilise this same MATIC passed around the addresses.

Example transactions leading from Binance to one of the eligible sybil addresses: https://polygonscan.com/tx/0x006a7e183479ce6a612f7150ac7211329a098a33c58666dd7950a4f3e29c2027 https://polygonscan.com/tx/0x5fef5196e4318e2173994b75241792a84919a3f93866316863a21faeb0609682 https://polygonscan.com/txs?a=0x8e8e31cfb9298a432e24b7f94acf06bec8f5c887&p=3 168430141-39632d8e-e7ec-4a53-bf95-d923a37fa22c Each eligible address in the web performs similar bridging behaviour, sending the received MATIC from Polygon to xDai, then back xDai to Polygon, repeated 3 times. 168430129-1b188b3b-0fe4-40fc-ad88-5221eabbc206

Methodology

I utilised the Hop subgraph to build a behavioural signature for every address in the latest eligible airdrop recipients list. I then added the Hop team's metadata such as total transfer volume and timestamp of first transfer.

Next, I binned this dataset in various groups until a suspicious group stood out, which I investigated further and often disregarded as probably normal behaviour. After a few attempts I found this group.

This is a witch report from hop. Hop has identified this as the witch's address. I also checked his safe address.. All the addresses are highly related and suspicious!!

屏幕截图 2022-09-09 021545

Safe Address

eth:0xab31c9A6504b82ec0B1021a8b294eBE04D3bFB4e

tschubotz commented 2 years ago

Address 732a receives MATIC from Binance on Polygon then sends it to e1ad. A web of sybil addresses are then created that appear to utilise this same MATIC passed around the addresses.

Your reasoning doesn't explain how this is related to the Safe addresses you provided.