Closed wjw12 closed 2 years ago
Please see https://github.com/safe-global/safe-user-allocation-reports/issues/215 for more addresses with the same pattern
eth:0x984129b1C8D6048DF516D81f730475AF7D0E4223
Thanks for the report. These Safes have been already removed by an earlier report though, hence closing this one.
Hey @tschubotz Some of my addresses are actually earlier than #221 Can you please check the timeline described at https://github.com/safe-global/safe-user-allocation-reports/issues/221#issuecomment-1250113842
@memebeat the author of #221 also helped to confirm the correct time sequence.
Reevaluating this based on https://github.com/safe-global/safe-user-allocation-reports/issues/221#issuecomment-1250022810 and #519
The following Safes are removed based on this report:
0xf7e10e94e383bac8a616173ecfd3a54a8d9c7a1f
0xf737db95decca228100f2547711f447dd86686b8
0xf4d063d27c4a3c90d2ecf3e366744c88ece5c17b
0x02823bfa2d213538b016ebbbb5bc621e1ab7a2fa
0x2b20522eec11450feff2cef2f5dac23442090fa1
0x2e1e509e4d8ad11bc71ca64e6b947ef2c5d0da73
0x3b4b77019ddbb8bd08a2058d77669374d598761f
0x43b2e80d68e7ee56dc443a0dc9384f2e901b6231
0x52e7fb6572c2f174dba35872e21f63bee66fccc4
0x67339eb8dc6dad74cae01f18706a12ed74a0d0b6
0x675acd4dafc192ff390dcd567ba3905068312975
0x6b2650aa9a6f22623df74c25ab59632f0599a9e7
0x93d6f3b0cd1b83993e403657f843c62368d715b6
0x97d9ca631907d2f963af539afe4784441692a0b7
0x994e556ee4314c2e57dc1487fddb4765fa6cab75
0xac4cd010b9bc64007383d752d22702bcfb698e97
0xc647ac01b01e0a7f5ed88151cf28591113b5f4c8
Related Safe Addresses
Provide a list of Safe addresses that would currently receive a SAFE user allocation.
Reasoning
These addresses have exactly 11 transactions between Jul-02-2022 6 AM and Jul-02-2022 10 AM UTC. The first incoming transaction are all of 0.0000011 ETH. Next, these safes transferred out 0.0000001 ETH to some other addresses. They repeated the transfer for 10 times, and left with a dust of 0.0000001 ETH.
Such behaviors are obviously non-organic.
You can just search these addresses on etherscan:
https://etherscan.io/address/0x0da95cf71313986599468cc95decebc3da28d924
https://etherscan.io/address/0xf81ec65848d5728551847ae0bc0a1a38d61ce0dc
https://etherscan.io/address/0xf7e10e94e383bac8a616173ecfd3a54a8d9c7a1f
The ENS names that initiated these transactions follow the same pattern. For example: Wilderness.eth, SouthernPine.eth, Caramel.eth
If you see the tx history of these ENSs that created the safes, they follow the same pattern, too. First, they received some ETH from another ENS (and the name follow the same pattern for example Fuchsia.eth which starts with capital letter), then they registered ENS, then they created a safe and did 11 transactions, then they received some ETH from FTX, then they staked AAVE and finally they deposited into zkSync. It's very likely that these are controlled by the same airdrop farmer.
Methodology
I sorted the excel sheet by the amount of eligible SAFE tokens. I identified that there are some addresses eligible of exactly the same amount of tokens (207.557 SAFE). After manually checking etherscan tx history, I found these addresses with exact same activity pattern.
Since the airdrop amount is determined partially by the balance of SAFE, it very unlikely that different SAFEs have exactly the same amount of airdrop. This is a useful clue.
Safe Address