Same Behaviour

[skyonedot]

Related Safe Addresses

In this issue, I detailed the problematic multi-sign address and the corresponding owner's abnormal behavior. 🍄

Each of The owner in every group is the same, and it has never changed since its creation, which is the most doubtful and basic point. 🚨🚨

0x0be66b26946fcc430ece870c6587ea3b53621645
0x0d6a93b78eb9697e2d3ee87d298bfbc28bb0910b
0x29714481e30dc4ce7eea47fb3b18149ee8c7055d
0x10f32bc1b49a0d0251b415f4653dcf9e3060fee0
0x8acbc5cfad966982881ac430a9fa0c7c00801ac4
0x73b98e7f2752332f9aba816012e51319e2363b48
0xb66b25aa7c094fbd69b96f3ddcee45aaa37e3ba7
0xbe79702c319015891bf89f59c442f0d701de22fe

0x3ab38c803c8e26bb4ecceeeb5aa601f7076d32fc
0x6140ea80f76861f21005e8c9f2712630aa89f6c6
0x774941d99b88fa082475fa5f80adae063ccaf083
0x790a727fdd7f063293cabb95b20dc76d406d014a

Reasoning

There is an abnormal behavior that is understandable

However, if there are many abnormal behaviors, then there is enough reason to determine that these addresses are airdrop farmer.

• The Owner of these two groups have never changed

• Each group will send the same number of ETH to the same address at the same time. 🚨🚨

• Group1

  • The owner addresses in group 1 receive their first funds from Binance, and the timing is close, the amount is also close.

  • All safe addresses transfer 1ETH to the same address 0x92a1ba86c360cb303e83c3ee4f1b72ae287dfdc9, at the same time 2022/01/13 [Check table1 below]

  • All safe addresser receiver 1ETH from same address 0x92a1ba86c360cb303e83c3ee4f1b72ae287dfdc9 as same time 2022-01-13 [Check Table 2 below]

  • Group Owner is always same, no add and no remove

    • 0x31c1bde6d298d15d7b924079b099488d0c99cc92 -- send 21 transactions, First Money Came From Binance. Receive 0.995 ETH at Jan-08-2022 11:03:52 AM +UTC . https://etherscan.io/tx/0xb07fff20696fa9bbe0a1a01c370b517109c02582065c7cd3fb4a398cba67ea17
    • 0x74f1cb023b0ee6f567e9b4bc76f8aa6e3f536114 -- send 10 transactions, First Money Came From Binance. Receive 0.995 ETH at Jan-08-2022 11:02:51 AM +UTC . https://etherscan.io/tx/0x2b42e5f22f50cb235350ae965ba3e83464f4a3df90481be883d5fdab257d8699
    • 0x8f1631de506c6c11869ab2d56d1ba3bdb7b43378 -- send 12 transactions, First Money Came From Binance. Receive 4.994 ETH at May-21-2021 06:59:26 AM +UTC . https://etherscan.io/tx/0x2af6472a2c0f5f72ba4c621c39cff5fbe89186fef6f4ad5149e742a5e1d3d83b
    • 0xac3be45c15598e9564944341dca3e40f54a75949 -- send 1 transactions, First Money Came From Binance. Receive 4.994 ETH at May-21-2021 07:01:12 AM +UTC . https://etherscan.io/tx/0x8a1096b514e2a3bfbf9b36100b4b3275de38a520985bc1fe2b78bb21ece4e108
    • 0xe1ec44ff6f1198324bda891ba91245033a116c6e -- send 30 transactions, First Money Came From Binance. Receive 4.994 ETH at May-21-2021 07:00:45 AM +UTC . https://etherscan.io/tx/0x6094c10b69812138d7e38cec5d08d8602c70e2f117163173e08971351019d305

• Group2

  • All safe addresses transfer 0.01ETH to the same address 0xdac2065211d2cc7cfba865a355c42b2b7ae31017, at the same time 2021/09/16 [Check Table1 below]

  • Group Owner is always same, no add and no remove

    • 0xa6ba02b4ff590eb14b38d12a2d7191bed521ad64 -- send 12 transactions. First money came from coinbase, Receive 0.1ETH at May-21-2021 01:54:53 PM +UTC . https://etherscan.io/tx/0xb556504b756759136061d0d4ddd154e7cc1b28849a7a61ada07a33d1431fbc8d
    • 0xbfa6298620647961f32312aeb05936d839783bb2 -- send 45 transactions. First money came from coinbase, Receive 0.1ETH at May-21-2021 01:55:18 PM +UTC . https://etherscan.io/tx/0x532ed313d3b6fd18714e96418c02ee081f459f1fa506e340350c35c1513361d6
    • 0xa3900a687db795dd7b25d651e353c8f0788cd82b -- send 14 transactions.

• Please Check Table 👇🏻

  • Address -- multi-sign safe address
  • Execute transactions -- The number of execute transactions by multi-sign address
  • Receiver -- The USDT Receiver
  • Token -- USDT
  • Date -- The Date of send USDT to same receiver
  • Tx -- tx

• Table1

  Address	Execute Transactions	Receiver	Date	Amount	Token	Tx
  0x0be66b26946fcc430ece870c6587ea3b53621645	2	0x92a1ba86c360cb303e83c3ee4f1b72ae287dfdc9	2022/01/13	1.0000000000	ETH	https://etherscan.io/tx/0x58cb9a017d052f8fa98fff91a6b09b83e1ffc07584887c56f55982bd760582ed
  0x0d6a93b78eb9697e2d3ee87d298bfbc28bb0910b	2	0x92a1ba86c360cb303e83c3ee4f1b72ae287dfdc9	2022/01/13	1.0000000000	ETH	https://etherscan.io/tx/0xeda4e68c20cfc02e899a9410b486ce6749a102f3b7272a2d76a74b467bb29755
  0x29714481e30dc4ce7eea47fb3b18149ee8c7055d	14	0x92a1ba86c360cb303e83c3ee4f1b72ae287dfdc9	2022/01/13	1.0000000000	ETH	https://etherscan.io/tx/0xd3f8ee495aa9e111644ca2a8d5b5c2641200ec423a74d11828e73e6960389be2
  0x10f32bc1b49a0d0251b415f4653dcf9e3060fee0	3	0x92a1ba86c360cb303e83c3ee4f1b72ae287dfdc9	2022/01/13	1.0000000000	ETH	https://etherscan.io/tx/0x22048693d1863f8b38b8256e63163a379072a8399c9d5584e3ec9508d3893f66
  0x8acbc5cfad966982881ac430a9fa0c7c00801ac4	3	0x92a1ba86c360cb303e83c3ee4f1b72ae287dfdc9	2022/01/13	1.0000000000	ETH	https://etherscan.io/tx/0x56395b5e9c1d22cf41da5ff1cd40ddba9e31180d0266bfcaef5e239d3e08f7c6
  0x73b98e7f2752332f9aba816012e51319e2363b48	3	0x92a1ba86c360cb303e83c3ee4f1b72ae287dfdc9	2022/01/13	1.0000000000	ETH	https://etherscan.io/tx/0x12d51121d56242857322c0a2020fea433a840edda32966dbab03891055e675fc
  0xb66b25aa7c094fbd69b96f3ddcee45aaa37e3ba7	3	0x92a1ba86c360cb303e83c3ee4f1b72ae287dfdc9	2022/01/13	1.0000000000	ETH	https://etherscan.io/tx/0x18ed4a2ed8988875a32840ad6300925c466c97db265a25313f48388299b48aa1
  0xbe79702c319015891bf89f59c442f0d701de22fe	2	0x92a1ba86c360cb303e83c3ee4f1b72ae287dfdc9	2022/01/13	1.0000000000	ETH	https://etherscan.io/tx/0x118f9bbb6674a277d316a945d53ff30250d753c0695ee2d94901d66a306d12ca
  ------------------------------------------	------	------------------------------------------	----------	------------	-----	------------------------------------------------------------
  0x3ab38c803c8e26bb4ecceeeb5aa601f7076d32fc	36	0xdac2065211d2cc7cfba865a355c42b2b7ae31017	2021/09/16	0.0100000000	ETH	https://etherscan.io/tx/0xe2a3559d7033cd3ca53ceb4751a720f833e09673f2f6453b85a5bb2d8333efcc
  0x6140ea80f76861f21005e8c9f2712630aa89f6c6	5	0xdac2065211d2cc7cfba865a355c42b2b7ae31017	2021/09/16	0.0100000000	ETH	https://etherscan.io/tx/0x0069846dcc5959913313fc5426dae99a30e43294aeb342ce103b39418774b6b9
  0x774941d99b88fa082475fa5f80adae063ccaf083	12	0xdac2065211d2cc7cfba865a355c42b2b7ae31017	2021/09/16	0.0100000000	ETH	https://etherscan.io/tx/0x501c19a5ec18e3bd24d4f16a1eed1ae11c4aa245bc707b1932fbbf6b8d792204
  0x790a727fdd7f063293cabb95b20dc76d406d014a	2	0xdac2065211d2cc7cfba865a355c42b2b7ae31017	2021/09/16	0.0100000000	ETH	https://etherscan.io/tx/0x60e82bf56a356755709aa912572ae50360486ce38f5dfad73a94135a1a82d84f

• Table2

  Address	Execute Transactions	Sender	Date	Amount	Token	Tx
  0x0be66b26946fcc430ece870c6587ea3b53621645	2	0x92a1ba86c360cb303e83c3ee4f1b72ae287dfdc9	2022-01-13	1.0000000000	ETH	https://etherscan.io/tx/0x5df6947fe72a9c49ef9e09ea5694f217c4f319e5a7b901dd1ecb7ccd5464a7e2
  0x0d6a93b78eb9697e2d3ee87d298bfbc28bb0910b	2	0x92a1ba86c360cb303e83c3ee4f1b72ae287dfdc9	2022-01-13	1.0000000000	ETH	https://etherscan.io/tx/0xfd8476738a943884abf813d2bfe4740b682d325da8ff066d7a2a44544312565d
  0x10f32bc1b49a0d0251b415f4653dcf9e3060fee0	3	0x92a1ba86c360cb303e83c3ee4f1b72ae287dfdc9	2022-01-13	1.0000000000	ETH	https://etherscan.io/tx/0xc241ee1964c18adf1ff4fed75047f134b0814f8b0e3a616c25c3547d224a4c89
  0x73b98e7f2752332f9aba816012e51319e2363b48	3	0x92a1ba86c360cb303e83c3ee4f1b72ae287dfdc9	2022-01-13	1.0000000000	ETH	https://etherscan.io/tx/0x78850dccbce06096ad34f6b9b2a4b773a017e815e47d36d5afde79a36224dc6a
  0x29714481e30dc4ce7eea47fb3b18149ee8c7055d	14	0x92a1ba86c360cb303e83c3ee4f1b72ae287dfdc9	2022-01-13	1.0000000000	ETH	https://etherscan.io/tx/0x23c63608721aa5b297b3ac542bd2c536be9950fcd6c405f7adeccc74994a62e6
  0x8acbc5cfad966982881ac430a9fa0c7c00801ac4	3	0x92a1ba86c360cb303e83c3ee4f1b72ae287dfdc9	2022-01-13	1.0000000000	ETH	https://etherscan.io/tx/0x0d8c04b60a1ceecd11a3348bc40e47cb71f642c9ef71c2f1419e1d758cbe499a
  0xbe79702c319015891bf89f59c442f0d701de22fe	2	0x92a1ba86c360cb303e83c3ee4f1b72ae287dfdc9	2022-01-13	1.0000000000	ETH	https://etherscan.io/tx/0xe9b793a0b8b0908dc9fa9369eec3d029990ba72574f31ab41020b410e9da6cab
  0xb66b25aa7c094fbd69b96f3ddcee45aaa37e3ba7	3	0x92a1ba86c360cb303e83c3ee4f1b72ae287dfdc9	2022-01-13	1.0000000000	ETH	https://etherscan.io/tx/0x4eddae5318919c298f310804240ef992bb2803ba013e088d1306a29df378aa1e

---

Methodology

Addresses are reported by retrieving information from the chain, using bitquery's graphql, and detecting abnormal behavior, such as empty wallets, mutual transfers, etc.

When only some of the anomalous behaviors are present, we can consider the address reasonable, but when an address has all the anomalous behaviors, we have good reason to suspect that the address is false. Especially if the multi-signature address and the owner address have obvious exceptions both, then it is obvious that this is airdrop farmer.

Abnormal behaviors include

• For Multi-Sign Address

  • Few transactions were executed
  • There is a lot of overlap in the interactions, such as the destination address, and the time
  • The owner of multiple multi-signature addresses is exactly the same, and never changes from start to finish

• For Owner Address

  • Empty address
  • The first source of funds is the owner.
  • Mutual transfer
  • Behavior similarity

If the verification is passed and my strategy is great, I can provide my source code, but for now it is not conveninet

Safe Address

0xce495858e36c95f491b5a32ca2664405cf10ab76

Thanks

[tschubotz]

I'm unable to follow your reasoning. It looks rather to me like some project is distributing their ERC20 to the team.

Also, you have the following high profile wallet in your list. How is this airdrop farming? Store of value is legit use.

https://gnosis-safe.io/app/eth:0x774941d99b88fa082475fa5f80adae063ccaf083/transactions/history