About owner 0x1a84e9f0c3e4d4f4278182a126ef6ba55fee0f3c, 0x2e2c0ef26fa67c20a5dd49708f367261240c4bbf

[skyonedot]

Related Safe Addresses

Only part of the data set is here. Please see the more complete AddressAndReason. 🌺

In this issue, I detailed the problematic multi-sign address and the corresponding owner's abnormal behavior. 🍄

The owner of group is same, also it has never changed since its creation, which is the most doubtful and basic point. 🚨🚨

0x076b07007baac3d3690bdc2fc03690eda9a40d14
0xf6a53684b77f7e93e7e5c6dd4848f852bf0bb8cc
0x341e15f0e1b2fb09d9bd5b782f7cf1fc9c1a09db
0x3bc66599aa2755cca6a4e8d7dee056386ccc09a0
0x5205b843efb9c297e0eff3cce34e9b32b755e44e
0x5e44fd3077ae205c7eb53dd2e3d51b87b863f7df
0x6a3399031cd11debe387cb91aeec2e993bc0b8a7
0x7bce07eee7f6a6e7b115bb50278dcafdffea5854
0x809d021c5a91be46078024661900bf9ce15de9f5
0x81b7433a7fa1fdd6baa362d1fe9aba4a1e42b98a
0x8b7cbb06f193bcb5f80f5f1e66c8518c2e2fac00
0x96a674c05961cf0a84020c561e71de3091a97c60
0x972c3a64c4c0ccac2fd6b9f259496ef20900b10c
0xaddbb774d31150aec2ed7b1cf27e23f10b143738
0xc075fc07c9ff1b4496cf167b0ed6c2cb1c36a85c
0xc158ed1732d6351222f0030fb9cde3e60a12d2b1
0xc5e89b37ee508845a057ccf26ffedebe8d360d2b
0xdacf71e33b63bff2b4dc41e362cbd9424cf4a432
0xf1c154d86761b9ff0598a15339965b27ceabfd2a
0xf55050f5559b7e277b21d952640f5fa55596ff8c

Reasoning

• Common Feature of these address

  There is an abnormal behavior that is understandable

  However, if there are many abnormal behaviors, then there is enough reason to determine that these addresses are airdrop farmer.

  • They all have the same owner. From beginning to end, this group of owner, never changed. never add owner or remove owner 🚨🚨🚨🚨

  • 100% of the group address is worked as USDT station, means USDT transfer in and transfer out. 🚨🚨🚨🚨

    • The number of transfers is roughly similar, ranging from 100,000 to 200,000.
    • The USDT came from 0x4b9c8e40b34945cf7cabc94ecc454f812882ad4d mostly
    • The transfer-in and transfer-out time of funds is about 22 days, and the difference between the corresponding blocks diff is 130,000 And There is a certain fluctuation range. .

  • The owner address has very abnormal behavious 🚨

  • The number of multi-sign address is very small, most like airdrop farmer 🍄

---

---

Please Check 👇🏻

---

• The number of multi-sign address is very small, most like airdrop farmer

  0x076b07007baac3d3690bdc2fc03690eda9a40d14 -- only execute 1 transactions 
  0xf6a53684b77f7e93e7e5c6dd4848f852bf0bb8cc -- only execute 1 transactions 
  0x341e15f0e1b2fb09d9bd5b782f7cf1fc9c1a09db -- only execute 2 transactions 
  0x3bc66599aa2755cca6a4e8d7dee056386ccc09a0 -- only execute 1 transactions 
  0x5205b843efb9c297e0eff3cce34e9b32b755e44e -- only execute 2 transactions 
  0x5e44fd3077ae205c7eb53dd2e3d51b87b863f7df -- only execute 1 transactions 
  0x6a3399031cd11debe387cb91aeec2e993bc0b8a7 -- only execute 1 transactions 
  0x7bce07eee7f6a6e7b115bb50278dcafdffea5854 -- only execute 2 transactions 
  0x809d021c5a91be46078024661900bf9ce15de9f5 -- only execute 1 transactions 
  0x81b7433a7fa1fdd6baa362d1fe9aba4a1e42b98a -- only execute 1 transactions 
  0x8b7cbb06f193bcb5f80f5f1e66c8518c2e2fac00 -- only execute 1 transactions 
  0x96a674c05961cf0a84020c561e71de3091a97c60 -- only execute 1 transactions 
  0x972c3a64c4c0ccac2fd6b9f259496ef20900b10c -- only execute 1 transactions 
  0xaddbb774d31150aec2ed7b1cf27e23f10b143738 -- only execute 1 transactions 
  0xc075fc07c9ff1b4496cf167b0ed6c2cb1c36a85c -- only execute 1 transactions 
  0xc158ed1732d6351222f0030fb9cde3e60a12d2b1 -- only execute 1 transactions 
  0xc5e89b37ee508845a057ccf26ffedebe8d360d2b -- only execute 1 transactions 
  0xdacf71e33b63bff2b4dc41e362cbd9424cf4a432 -- only execute 1 transactions 
  0xf1c154d86761b9ff0598a15339965b27ceabfd2a -- only execute 2 transactions 
  0xf55050f5559b7e277b21d952640f5fa55596ff8c -- only execute 2 transactions 

---

• The owner address is same, and them have very abnormal behavious

  • 0x1a84e9f0c3e4d4f4278182a126ef6ba55fee0f3c, owner send 61 transactions. wallet1, The last money tranfer to wallet2: https://etherscan.io/tx/0xa7b01ec79a3f757a29e19cde0a6d42c7444aaac60d72fbd37b923adaded6fcea
  • 0x2e2c0ef26fa67c20a5dd49708f367261240c4bbf, owner send 161 transactions. wallet2, The First money tranfer from wallet1: https://etherscan.io/tx/0x1987746bcff44f21bdc760e93aa6c5ae7f82669c089c6f471aac2299d1b40a17
  • 0xaf723b0fec4772f3b219b7ce884e1afd38b0c85e -- send 0 transactions
  • 0xd9cd8336b0551704fb8dc2c74865b9bad05f5484 -- send 0 transactions

---

• The amount of Token transfers in and out them is extremely small, and it is obvious that airdrop farmer acts.

  • 0x076b07007baac3d3690bdc2fc03690eda9a40d14 only has 2 internal tx, block height diff is 146651 , 2223387.78 USDT transfer from 0x4b9c8e40b34945cf7cabc94ecc454f812882ad4d and 2223387.78 USDT to 0xf323542dbcbaef5276546f00c8225244b9a153e7
  • 0xf6a53684b77f7e93e7e5c6dd4848f852bf0bb8cc only has 2 internal tx, block height diff is 103692 , 1509186.62 USDT transfer from 0x4b9c8e40b34945cf7cabc94ecc454f812882ad4d and 1509186.62 USDT to 0xb244758ba8fe0f3f973afaf486152885df6ff9c1
  • 0x3bc66599aa2755cca6a4e8d7dee056386ccc09a0 only has 2 internal tx, block height diff is 136863 , 1382594.04 USDT transfer from 0x4b9c8e40b34945cf7cabc94ecc454f812882ad4d and 1382594.04 USDT to 0x8c0946cc27d2cd8b4b69e3bb623a91c004380f44
  • 0x5e44fd3077ae205c7eb53dd2e3d51b87b863f7df only has 2 internal tx, block height diff is 128577 , 2090987.54 USDT transfer from 0x4b9c8e40b34945cf7cabc94ecc454f812882ad4d and 2090987.54 USDT to 0x93053938b9990e673ce99ae0bebb67d5c6649c23
  • 0x6a3399031cd11debe387cb91aeec2e993bc0b8a7 only has 2 internal tx, block height diff is 78284 , 1509186.62 USDT transfer from 0x4b9c8e40b34945cf7cabc94ecc454f812882ad4d and 1509186.62 USDT to 0xe905175f74bfe692bf77b5b1093e90b3ff400bfc
  • 0x809d021c5a91be46078024661900bf9ce15de9f5 only has 2 internal tx, block height diff is 122641 , 1234451.81 USDT transfer from 0x4b9c8e40b34945cf7cabc94ecc454f812882ad4d and 1234451.81 USDT to 0xf289e19c0c379eb914dd1492b21f3a268cfab547
  • 0x81b7433a7fa1fdd6baa362d1fe9aba4a1e42b98a only has 2 internal tx, block height diff is 120769 , 1382594.04 USDT transfer from 0x4b9c8e40b34945cf7cabc94ecc454f812882ad4d and 1382594.04 USDT to 0xde0164c44e4937f2dca9f319bb42e31e1ab4b161
  • 0x8b7cbb06f193bcb5f80f5f1e66c8518c2e2fac00 only has 2 internal tx, block height diff is 90130 , 1570540.42 USDT transfer from 0x93546278241fc5ccaf866dba39430957da262606 and 1570540.42 USDT to 0x4c81b60c9391ec83dbe96f08976f94d27e39529d
  • 0x96a674c05961cf0a84020c561e71de3091a97c60 only has 2 internal tx, block height diff is 128633 , 2090987.54 USDT transfer from 0x4b9c8e40b34945cf7cabc94ecc454f812882ad4d and 2090987.54 USDT to 0x6c66c9577499fd8a9da45a48a3c0a746ed0b31ce
  • 0x972c3a64c4c0ccac2fd6b9f259496ef20900b10c only has 2 internal tx, block height diff is 127041 , 1234451.81 USDT transfer from 0x4b9c8e40b34945cf7cabc94ecc454f812882ad4d and 1234451.81 USDT to 0x5a7ccdf5a0e2aab1400d1dfadea3630dffa658b9
  • 0xaddbb774d31150aec2ed7b1cf27e23f10b143738 only has 2 internal tx, block height diff is 112635 , 2223387.78 USDT transfer from 0x4b9c8e40b34945cf7cabc94ecc454f812882ad4d and 2223387.78 USDT to 0xbe46c2f111b49894140e2b91a3296ba3d89bf4e8
  • 0xc075fc07c9ff1b4496cf167b0ed6c2cb1c36a85c only has 2 internal tx, block height diff is 164050 , 1534652.29 USDT transfer from 0x541e16fcc4dd91ff6dffee02594cb63b1c0565ae and 1534652.29 USDT to 0xf736c002d63563019e0f05d3de10e776fcb22c71
  • 0xc5e89b37ee508845a057ccf26ffedebe8d360d2b only has 2 internal tx, block height diff is 90105 , 2377836.2 USDT transfer from 0xaff54690dbc3a4d353c2cba4a3f44e8f03802797 and 2377836.2 USDT to 0xa8bc5effa58561770c0e3c35c448cea5008a3acd
  • 0xdacf71e33b63bff2b4dc41e362cbd9424cf4a432 only has 2 internal tx, block height diff is 133030 , 1627295.73 USDT transfer from 0x5400c443316132f8f34c96d06d98c0a3f7245d2e and 1627295.73 USDT to 0x163e81c25b25fa7d48fd22dbb8ae733871597717
  • 0x341e15f0e1b2fb09d9bd5b782f7cf1fc9c1a09db has more than 2 internal tx, block height diff is 44410 , 213337.84 USDT transfer from 0x4b9c8e40b34945cf7cabc94ecc454f812882ad4d and 1643960.32 USDT to 0xeb778be0e0b66a7eb7f0ce9f7729eee2683ddb29
  • 0x5205b843efb9c297e0eff3cce34e9b32b755e44e has more than 2 internal tx, block height diff is 129558 , 766430.92 USDT transfer from 0x39366dbb6ae980fcdf56e72ec7c9c27fdc92a05d and 2504795 USDT to 0xf26c90641ecb5005f531bdc88ccb97b259293678
  • 0x7bce07eee7f6a6e7b115bb50278dcafdffea5854 has more than 2 internal tx, block height diff is 151289 , 1731765.02 USDT transfer from 0x2a4eeb0bf09977f1d0ac2b34c1da671d01dd2d57 and 646894.85 USDT to 0x8288dcbcef3246ee0a3232ff8e29016bcdd6efa2
  • 0xc158ed1732d6351222f0030fb9cde3e60a12d2b1 has more than 2 internal tx, block height diff is 179651 , 2720554.43 USDT transfer from 0x1b604f91ce689c2989e2f18f7e4327775577bdc0 and 736262.43 USDT to 0xd417740530c03b44698ef213ba96400dd4fb5700
  • 0xf1c154d86761b9ff0598a15339965b27ceabfd2a has more than 2 internal tx, block height diff is 88941 , 1323300.9 USDT transfer from 0x4b9c8e40b34945cf7cabc94ecc454f812882ad4d and 1643960.32 USDT to 0xa70fb49447f8b1a319cb3747e35e484c3e0a6d8c
  • 0xf55050f5559b7e277b21d952640f5fa55596ff8c has more than 2 internal tx, block height diff is 164268 , 694061.27 USDT transfer from 0xb1eb54ae6b0db5144510a8503e332a4946fedfc6 and 2127531 USDT to 0xba5e5d228097c7348187cfebc65010d9e08116fc

---

Methodology

Addresses are reported by retrieving information from the chain, using bitquery's graphql, and detecting abnormal behavior, such as empty wallets, mutual transfers, etc.

When only some of the anomalous behaviors are present, we can consider the address reasonable, but when an address has all the anomalous behaviors, we have good reason to suspect that the address is false. Especially if the multi-signature address and the owner address have obvious exceptions both, then it is obvious that this is airdrop farmer.

Abnormal behaviors include

• For Multi-Sign Address

  • Few transactions were executed
  • There is a lot of overlap in the interactions, such as the destination address, and the time
  • The owner of multiple multi-signature addresses is exactly the same, and never changes from start to finish

• For Owner Address

  • Empty address
  • The first source of funds is the owner.
  • Mutual transfer
  • Behavior similarity

If the verification is passed and my strategy is great, I can provide my source code, but for now it is not conveninet

Safe Address

0xce495858e36c95f491b5a32ca2664405cf10ab76

Thanks

[tschubotz]

The Safes you shared store >1M USD in USDT for some time. Store of value is legitimate use. I'm unable to see with your reasoning how this is airdrop farming.