search

safe-global / safe-user-allocation-reports

The proposed list of SAFE user allocations has been published on the Safe forum.
Creative Commons Zero v1.0 Universal
35 stars 10 forks source link

Report hunderds of sybil addresses(62 of them) #197

Closed memebeat closed 2 years ago

memebeat commented 2 years ago

Related Safe Addresses

0xD5E0Ba4f3DEEFaffE7a1780a9E56B8931CDd6d83 0x08c4238c558e5c41d7804cF96c747274821f151C 0x40903E62c146C36b694E5337c2729F4Bf135bD3c 0x09c80Ff25403f994D643898B6aE211C1E482d0af 0xc04d9ca3679591b71dcfd015F6f445376295b0bC 0x3201E91896bd4Ef22B669E743Bb83001F29cEF8d 0x99A779F7b041c874753D454a73462fFCe9201ec8 0x8c88e6614D447D34f45EEeFC05289c78A3553e3F 0xdDB8E0E807376fa95998013d4287CcC94279764c 0x7Ac4C7d9915d8697dDDdEde5725d90afA0c04bB7 0xC1D3D4932E738d97B8d8Cb5D09Cd43fD75367945 0xfd73D139056698eEB36465a34605aaf8547D04d5 0xD2E108Bb37a695507Ab20bf999702FD1Cb140842 0xfb15487153A793A95C66636368Dc356C57B7fD10 0xB91ED500F32e41E526894959b10DD93398A81176 0x615D1FCe4b1825C1676E317D5CdD56b398b62688 0x922f57796bcb1a92c0b9fee4cdDe999836b073Dc 0x3a80A46145749FA7ef0C1EC20aabb119060CAA5D 0x55497147F00a78aa4d896A2AE1E219000faD77dc 0x9b98b5c4e49bbb1d6aC1DEdFc82a20116673b8f4 0xE2832313B3fe06b02ce4276231a999d7A96520cf 0xa4Cc6106f1B8D9220B1FD07F82243C34a7aea087 0x406618CfdFb4a3E036207597d6d6E3C2Da38bD6C 0x22D3a3905af9235B3B397C5BC8A086801b31c292 0x52B5f698644F80443789A6d57B05B799CbdCB53B 0xaf2FA686815B5e179c3f79Dd07782738910fcaE4 0x53EA691d11b04D5855B1cde7b56D48EcDc916F30 0x412D545F644ef4d6bfE5a6bf07b8047f446F1dF0 0x98cC43981fc724aeda8E4f599a7d0E475c933Da5 0x809Ac13d8Bd6A3d4473C6d89D5032C7da4bF404F 0x3749637D90Fdb98884efc9Ca39f0a0f56A9Be0e5 0xff8931d32b2376669264E1355062BCbd4d61d47d 0xB84F2672Ec4805fA94d55C5fDa539b1e542a83fA 0x22D3a3905af9235B3B397C5BC8A086801b31c292 0xf5F403B6FbDE8abd33F2E0A5Be295e06fC5d98D5 0x5Cc574ac4A189433F1E496042503295EAA541500 0x1F322F23A71FC2C0820294350c1B431f86273401 0x596927dDa080F736e1D93D27A516ECF0e9A6a1Ca 0x8155A1E404afe4B250297CF963Ea146E9e3AfBCe 0x9AEB98Ad7F5010780cCa479A459ebA8f1c023335 0xD1C7B4f6cf5b2af7C06bA92226d3868f3ecf1332 0x615D1FCe4b1825C1676E317D5CdD56b398b62688 0x3662D7cbC01466D73E11943Ed8271C225e3bBe94 0x3d8e300F2fdcED4120f16324CA8d9CfE84687a8B 0x7aDb2FbBA1116D666F581dcE225A7A3dEa9EDd8E 0x0a87c03dc55606C2CD8f581B1089CA0C27259a6a 0xCaFE8237123858CF111882e4A3D39A5b3B1c3272 0x7fB75f5451c8114a59EfEE7bAb527294eD622E3B 0xa27F4026eC1d87ff4e02d083a2862689D2016464 0x66E940eDC253218632225d72BBfC512D0D61D737 0xA6E8D1AFb89F562Fba79c600d60F6f6c5c43AcE5 0xFF05fcf8A8AED3B704f8e164eD72BC49efD1efe1 0x5087e9932f26931BfcbA4D8b944a5efa70588a07 0x8F9A84Dccd92a560d2F0d7CC3704607cA933344F 0xb81988955920a6E5d069F601F405F620b0D25A4B 0x3749637D90Fdb98884efc9Ca39f0a0f56A9Be0e5 0x0a5937CaAB64ec82B891daeB19D2D3C41Efa3157 0x56a272A75CC3DBf95eBE0514D1Fd621CB1EBcF30 0x7c852d1EB9727E380BE976D430d7D616701dc9E5 0x99ec5Aa8b370641b1B4e0A59868D6d348eFA9E42 0x8DC6F7A5f8131D8EAB92D269c7e372610ab82Afd 0xa940262Ff58587D4ED686822420Ee6e35215a5c6

Reasoning

  1. All the OWNER addresses of the safe addresses have 1stkAAVE and 1RHC-DAO NFT, and all have very similar ENS NAME.
  2. The transactions amount and on-chain behaviour of all owner addresses are almost the same. sybilowners(part of them) 0xA06F7636304BBBFB86A2C6420Ed710748cFE0aA7 0x12b0DDC26Fc760c0f9a177737B0D320a75D1f84d 0x74f61E81f62964800815B85cbCD1F2968Ac9fa3F 0xE45e8a3f1B48DFCfc0FEcFe92f392d369F2F9D88 0x9104B12321776b31feb8F69f0b422b562BC48dCB 0x370fc46447197791a14b9FD49b00B4C6194A3377 0xea23eb7243542aAb29E4584a53a87e102470f21f 0x225FF0891F6e96e42A3bb7ee7aA2C8455f1c0Dfa 0x009400329d832e869d776e8348B29D80b800E64f 0x5C238fe06D2cD1b9205ceCC7B3dBA9187906BCD6 0xF2590611321DFc6737aA6AC46018263D7d84FE3D 0x37125B330B7bc1e3E2f67541E9898934BaD0C5eD 0x9DD80F1e91685Ef84240C53E0F919e80b816568F 0xaaeF75b336Bf66B8bbFa9a885fD1b284e18EB511 0xD2f74912fE919036B0753Ef4C06f3c0F4a5442Ab 0x8b80aA8a0D1925E910EAa5398E57a70ADDbC4370 0x4220F85618D0750AeFF84f4aa1cB2B60c6D21279 0x221dA53758278aA11f920447FbF4CA3805D7A904 0xeD95D5FCd2fFD1B50A70A1A4800cFC48Efd0ad42 0x11784FFEF70Bf9247396bfA82512dbe12B321555 0xa97E21e2892BDd31299510462a77971588497502 0x239ea825E9bF1304B434c804Cf2aBd7eBd34836D 0x1a3D44Ab1672f5560eFa2b08F1f2c63333F1649e 0xCBCe103A2976226A0A4f7a6D6f6B283C41B49efE 0x74281ee8bAA1697c92D979F7A9eb6f8378b07A77 0xad0200B10DAD2fa98DEde31c6137f4C13898D449
  3. All safe addresses have almost the same transaction amount, a large number of 0.0000001ETH transactions.
  4. The transactions of all addresses are concentrated in a period of time, it seems that the transactions made by the script.

My inference: Since ftx accounts can create many sub-accounts, this means that one sub-account corresponds to 1-2 multi-sig addresses and more than 3 owner addresses.(For funds transfer in and out) 1 2 3

Methodology

I accidentally found one of the safe addresses and then saw that several of the owner addresses associated with it had very similar balances, then I checked all the mint records of RHC-DAO NFT and found a large number of addresses with similar behavior based on mint records from two months ago. These addresses are all manually searched by me (have spent hours), I have tried my best to sort them out, but they are still incomplete. Nonetheless, all the relevant sybil addresses can be found in the mint records of the following link (RHC-DAO NFT mint pages), I hope someone with technical skills can sort out the remaining addresses, if there is a reward, I just want to get my report rewards from these safe addresses i listed above.(rewards for reporting 62 addresses)

Here is the source where I found these sybil addresses—————— https://etherscan.io/txs?a=0xc9a42690912f6bd134dbc4e2493158b3d72cad21&ps=100&p=76 https://etherscan.io/txs?a=0xc9a42690912f6bd134dbc4e2493158b3d72cad21&ps=100&p=77 https://etherscan.io/txs?a=0xc9a42690912f6bd134dbc4e2493158b3d72cad21&ps=100&p=78 https://etherscan.io/txs?a=0xc9a42690912f6bd134dbc4e2493158b3d72cad21&ps=100&p=79 https://etherscan.io/txs?a=0xc9a42690912f6bd134dbc4e2493158b3d72cad21&ps=100&p=80 https://etherscan.io/txs?a=0xc9a42690912f6bd134dbc4e2493158b3d72cad21&ps=100&p=81 https://etherscan.io/txs?a=0xc9a42690912f6bd134dbc4e2493158b3d72cad21&ps=100&p=82 https://etherscan.io/txs?a=0xc9a42690912f6bd134dbc4e2493158b3d72cad21&ps=100&p=83 https://etherscan.io/txs?a=0xc9a42690912f6bd134dbc4e2493158b3d72cad21&ps=100&p=84 https://etherscan.io/txs?a=0xc9a42690912f6bd134dbc4e2493158b3d72cad21&ps=100&p=85 https://etherscan.io/txs?a=0xc9a42690912f6bd134dbc4e2493158b3d72cad21&ps=100&p=86

Safe Address

0x3d3e65254b79C5f2e8108573D7232eafB07B7A14

memebeat commented 2 years ago

I think all addresses of this sybil attacker are on the 11 pages of mint records above. Since there are 100 addresses on one page, excluding some irrelevant addresses, I think at least 500 addresses are controlled by the same person, and all have almost the same on-chain behavior, and all the transaction amounts are very small,I don't think this can be a legitimate user,This guy created all these addresses for the sole purpose of getting airdrops.

tschubotz commented 2 years ago

closing this one since #221 seems to be the full report of these.

tschubotz commented 2 years ago

Reevaluating this based on https://github.com/safe-global/safe-user-allocation-reports/issues/221#issuecomment-1250022810 and #519

The following Safes are removed based on this report:

0xd5e0ba4f3deefaffe7a1780a9e56b8931cdd6d83
0x08c4238c558e5c41d7804cf96c747274821f151c
0x40903e62c146c36b694e5337c2729f4bf135bd3c
0x09c80ff25403f994d643898b6ae211c1e482d0af
0xc04d9ca3679591b71dcfd015f6f445376295b0bc
0x3201e91896bd4ef22b669e743bb83001f29cef8d
0x99a779f7b041c874753d454a73462ffce9201ec8
0x8c88e6614d447d34f45eeefc05289c78a3553e3f
0x7ac4c7d9915d8697ddddede5725d90afa0c04bb7
0xc1d3d4932e738d97b8d8cb5d09cd43fd75367945
0xfd73d139056698eeb36465a34605aaf8547d04d5
0xfb15487153a793a95c66636368dc356c57b7fd10
0xb91ed500f32e41e526894959b10dd93398a81176
0x615d1fce4b1825c1676e317d5cdd56b398b62688
0x922f57796bcb1a92c0b9fee4cdde999836b073dc
0x3a80a46145749fa7ef0c1ec20aabb119060caa5d
0x55497147f00a78aa4d896a2ae1e219000fad77dc
0x9b98b5c4e49bbb1d6ac1dedfc82a20116673b8f4
0xa4cc6106f1b8d9220b1fd07f82243c34a7aea087
0x406618cfdfb4a3e036207597d6d6e3c2da38bd6c
0x22d3a3905af9235b3b397c5bc8a086801b31c292
0x52b5f698644f80443789a6d57b05b799cbdcb53b
0xaf2fa686815b5e179c3f79dd07782738910fcae4
0x53ea691d11b04d5855b1cde7b56d48ecdc916f30
0x412d545f644ef4d6bfe5a6bf07b8047f446f1df0
0x98cc43981fc724aeda8e4f599a7d0e475c933da5
0x809ac13d8bd6a3d4473c6d89d5032c7da4bf404f
0x3749637d90fdb98884efc9ca39f0a0f56a9be0e5
0xff8931d32b2376669264e1355062bcbd4d61d47d
0xf5f403b6fbde8abd33f2e0a5be295e06fc5d98d5
0x5cc574ac4a189433f1e496042503295eaa541500
0x1f322f23a71fc2c0820294350c1b431f86273401
0x596927dda080f736e1d93d27a516ecf0e9a6a1ca
0x9aeb98ad7f5010780cca479a459eba8f1c023335
0xd1c7b4f6cf5b2af7c06ba92226d3868f3ecf1332
0x3662d7cbc01466d73e11943ed8271c225e3bbe94
0x3d8e300f2fdced4120f16324ca8d9cfe84687a8b
0x7adb2fbba1116d666f581dce225a7a3dea9edd8e
0x0a87c03dc55606c2cd8f581b1089ca0c27259a6a
0xcafe8237123858cf111882e4a3d39a5b3b1c3272
0xa27f4026ec1d87ff4e02d083a2862689d2016464
0x66e940edc253218632225d72bbfc512d0d61d737
0xa6e8d1afb89f562fba79c600d60f6f6c5c43ace5
0xff05fcf8a8aed3b704f8e164ed72bc49efd1efe1
0xb81988955920a6e5d069f601f405f620b0d25a4b
0x0a5937caab64ec82b891daeb19d2d3c41efa3157
0x56a272a75cc3dbf95ebe0514d1fd621cb1ebcf30
0x7c852d1eb9727e380be976d430d7d616701dc9e5
0x99ec5aa8b370641b1b4e0a59868d6d348efa9e42
0x8dc6f7a5f8131d8eab92d269c7e372610ab82afd
0xa940262ff58587d4ed686822420ee6e35215a5c6