There is an abnormal behavior that is understandable
However, if there are many abnormal behaviors, then there is enough reason to determine that these addresses are airdrop farmer.
The Owner of these two groups have never changed, no Add/Remove
Each group had received the almost same number of ETH from the same address at the same time period. π¨π¨
Group1
The owner addresses in group 1 receive their first funds from Binance, and the timing is close, the amount is also close.
All safe addresser receiver small amount ETH(small 0.1ETH) from same sender address 0xe26650d1146a544e68077b2cbdf40bb3574c2634 as same time 2021/12/19--2021/12/27[Check Table below]
same sender 0xe26650d1146a544e68077b2cbdf40bb3574c2634 is one of the owner
All safe addresses received 0.01ETH or 0.02ETH to the same address 0xcc61df88ee9ae3e945543075e9b66b7e67f3cd31, at the same time 2021/05/13 [Check Table below]
Addresses are reported by retrieving information from the chain, using bitquery's graphql, and detecting abnormal behavior, such as empty wallets, mutual transfers, etc.
When only some of the anomalous behaviors are present, we can consider the address reasonable, but when an address has all the anomalous behaviors, we have good reason to suspect that the address is false. Especially if the multi-signature address and the owner address have obvious exceptions both, then it is obvious that this is airdrop farmer.
Abnormal behaviors include
For Multi-Sign Address
Few transactions were executed
There is a lot of overlap in the interactions, such as the destination address, and the time
The owner of multiple multi-signature addresses is exactly the same, and never changes from start to finish
For Owner Address
Empty address
The first source of funds is the owner.
Mutual transfer
Behavior similarity
If the verification is passed and my strategy is great, I can provide my source code, but for now it is not conveninet
Related Safe Addresses
Reasoning
The Owner of these two groups have never changed, no Add/Remove
Each group had received the almost same number of ETH from the same address at the same time period. π¨π¨
Group1
The owner addresses in group 1 receive their first funds from Binance, and the timing is close, the amount is also close.
All safe addresser receiver small amount ETH(small 0.1ETH) from same sender address
0xe26650d1146a544e68077b2cbdf40bb3574c2634
as same time2021/12/19
--2021/12/27
[Check Table below]same sender
0xe26650d1146a544e68077b2cbdf40bb3574c2634
is one of the ownerGroup Owner is always same, no add and no remove
0x7fe0a22629ecd75cec5e9427dec9f26c4beb49dd
-- send 99 transactions0xe26650d1146a544e68077b2cbdf40bb3574c2634
-- send 96 transactionsGroup2
All safe addresses received 0.01ETH or 0.02ETH to the same address
0xcc61df88ee9ae3e945543075e9b66b7e67f3cd31
, at the same time2021/05/13
[Check Table below]Group Owner is always same, no add and no remove
0x32593dd54cadaeebfa113e7ab57d81664a42e119
-- send 5 transactions0x3fccd3d9bb68e5d8c709fe50fb908040921c310e
-- send 38 transactions0x9ddb4793c55215d18391cf4568ff90a3e81906cc
-- send 0 transactionsPlease Check Table ππ»
Methodology
Addresses are reported by retrieving information from the chain, using bitquery's graphql, and detecting abnormal behavior, such as empty wallets, mutual transfers, etc.
When only some of the anomalous behaviors are present, we can consider the address reasonable, but when an address has all the anomalous behaviors, we have good reason to suspect that the address is false. Especially if the multi-signature address and the owner address have obvious exceptions both, then it is obvious that this is airdrop farmer.
Abnormal behaviors include
For Multi-Sign Address
For Owner Address
If the verification is passed and my strategy is great, I can provide my source code, but for now it is not conveninet
Safe Address
0xce495858e36c95f491b5a32ca2664405cf10ab76
Thanks