search

safe-global / safe-user-allocation-reports

The proposed list of SAFE user allocations has been published on the Safe forum.
Creative Commons Zero v1.0 Universal
34 stars 10 forks source link

Sybil Attacker Report #424

Closed hushgif closed 2 years ago

hushgif commented 2 years ago

Related Safe Addresses

0x0065bf05b60a06f166cdf022e78dd75e9bdd54b4 0x06f3c2274c290f683e76608e3cdcf57c963f230b 0x0e0817fedaa7503499b2ab2dd7e77ffafb4a6393 0x16c0a1a63a6b50e4695a064a23f23289d55bc298 0x18adb3169d67dc7d43b9d02ca531e57bb5c5fb1b 0x2e6b6a1bf72904585fe51438e5b54950099773e0 0x34984e985ec0756e327d0faa87c38c11db2db649 0x3888306003e66b29df340d7fb71cfd38b0b7e337 0x581f97f4b9f3f43ea98e7363b4d2ae5ae76c0c92 0x5c2fe94d5a04decf6cf613021384cfaa1720fe3f 0x5d225f8da5105c3ad72086357b3cd9ffbc6d4c91 0x675574f10b81fdc4d2f90f4edb794664a1c98001 0x7379d9ee4455194f41fc5eae86eb8d8444a8519c 0x7ad31a749bc24b37b8c8ca6a1a491a96488399be 0x7c8ed1034b453523c3b47a568fd28f1cb909d209 0x8156ef13b57783178224502bf9c1dda459926baa 0x8b2d76bb8e308c3d7e1f06e63727aa4d51d258ba 0x8e09197bdfc0bfa8b7ed8ba8c2a28e031dee1711 0x965bae35fa035e0d44da9fccee0fbd57b09123b8 0x96aa03e884f10bea98dfd5732b4e5573c0108a75 0xa299351b3349742e2ad811d81b453b325cb1b1ed 0xa5aae103d7a5ce328684aef7d2b1bdf7dc898c3b 0xa877601d60679088fa18fd3bfa7bd8151f443b91 0xaf9d80db1d395878dbea08c08d0c235ed772b506 0xba5b317939630610e1a13e8f1ba7786c48513a25 0xbc4a23c9ff9224ee2cc51d13a6ac6260092b8835 0xbc8b428dbca9ab8d66ae519d01ce86c977fe505e 0xbea44b29018068e60a397c3452f184de700c7fee 0xdc308cc0d3080af9d806e0b0ed4ea2d74d905e11 0xe55b8c8b8f85f8d2e661bd95a4919f0bee04247c 0xeace46ea2abf86fe769bbf2fd618901bdf648375 0xfc9a9ffc8cbc83cb3560fb196e17496b330f88c5

Reasoning

The number of tokens acquired by these addresses is exactly the same, and when you look at the on-chain operation records, all the operations of the creator are exactly the same, the creator registered the ENS at the same time and then started the witch attack on the project, and the operation records of these addresses are all the same, 11 operations, the items interacted with are exactly the same, the balance of the wallet address is also the same, $86, and the number of NFTs and tokens owned by the wallet is also the same.

Methodology

First find the token-related addresses through the airdrop form,Through the blockchain on the record query is clear and unambiguous, a glance can see that this is a Sybil attack, the wallet is also a new wallet

https://etherscan.io/address/0x0065bf05b60a06f166cdf022e78dd75e9bdd54b4#internaltx https://etherscan.io/address/0xfcb14edfe4ff118d472086532f7d3219830ebc4e https://etherscan.io/address/0x06f3c2274c290f683e76608e3cdcf57c963f230b#internaltx https://etherscan.io/address/0x06f3c2274c290f683e76608e3cdcf57c963f230b . . . https://etherscan.io/address/0xdc308cc0d3080af9d806e0b0ed4ea2d74d905e11#internaltx https://etherscan.io/address/0xdc308cc0d3080af9d806e0b0ed4ea2d74d905e11 https://etherscan.io/address/0xe55b8c8b8f85f8d2e661bd95a4919f0bee04247c#internaltx https://etherscan.io/address/0xe55b8c8b8f85f8d2e661bd95a4919f0bee04247c

Safe Address

0xa3179e715A97c5aD6F0CeB76464A263A75c132F3

tschubotz commented 2 years ago

Thanks for the report. All of these safes have been found by another report already.