Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Sybil Attacker Report #556

Open
defienjoyer opened this issue May 22, 2022 · 1 comment
Open

Sybil Attacker Report #556

defienjoyer opened this issue May 22, 2022 · 1 comment
Labels
Needs More Information

Comments

@defienjoyer
Copy link

Related Addresses

  1. 0x0e1ca0c78c85457e04dd6f256b290f6c31b7629a
  2. 0x79fba65f42731e4a4db8472f0b2a5b48d0b4e7f9
  3. 0x0d7f4c479c8057eef1e1d3a73b142d416595e751
  4. 0xef205e1a13587ad52759cf675b8142120caffc4a
  5. 0x2cdf60d6e5943a40e940dcfb619897c77daa73f0
  6. 0xa546dbdbc1b1d69ef4c66d70194354e0a610aa9b

2-5 have direct link to 1. Clear sybils.
Addresse 2,3,5,6 are all part of disperse transaction (0x598129ca32bb06e8f5af48c63c864f1538fef9500552098de7b68815e01ff4c4)
1 is original wallet of that disperse tx

  1. 0x0ce152623649e9b8f514ba0cb530f035b7552c35
  2. 0x0d15992f28c3a2db5b13c9c481ae5c4651556688
  3. 0x1bbe64e1c584948a7e146817d8ab85c70694d66f
  4. 0x402cfba729a640289f60de1382b86bc9f038fe82
  5. 0x529da082e11edcc410f99577f6668994b794492b
  6. 0xaf2383f14a6a88e2baa9d8e9af455e7602913265
  7. 0xfcdef5bfda205bd0e99baa373fc66ae80d4391ff
  8. 0x5cb5587377141ab761be831493494912e619a3a9 (related to origin of disperse tx)
  9. 0xe4ba20b2fa72d891c98c21569e1f5f0ff145ff64
  10. 0xaf2383f14a6a88e2baa9d8e9af455e7602913265

7-13 related via disperse tx (0x0f1c28f672e9c4ba102d33f5256f0fa97a0a606df6c85646e3267fc3079e9d91) - clear sybil
Direct links between several addresses.

  1. 0xd862b45054ef15bbf7690cd860aa5d1f8a060f6e

  2. 0x031d2da6a39dfe83c314df7c2e7a74bfad01773b

  3. 0xe7841ad5db7f6b9fa089ac3100a9623c6aa3730f
    18,19 linked to 17.

  4. 0x79748bfc42a567c58682add44a072f8900a84998

  5. 0xf6522fc7061f4ab77d5353dd631002d86951d245
    20, 21 linked to 18
    Clear sybil identified using disperse tracker (0x65c772bd9509b10298b5a1b02a601a32792a8d4d1aceb8e0eed76f20c72e113f)

  6. 0x0736d49738F2EEd8ABF86Cf51c532b0CB65BF077

  7. 0x1c27e64fa7d25d34ccc93916f47c62fd816dc42a

  8. 0x6d8445f6f86ec1f80caa133a8d1eadccaf0c06c3

  9. 0x85674a840d4d31213be1bd9b7658fd6374fed307
    found via (0x19864fdebb23eb0d306ab65d53ef287901c302b3892e40c2898c69716d1443c7), very clear sybil (only 4 addresses but the most clear)

  10. 0x7b4defea380d66e354a7c3d77a1a1e403d0c40d0

  11. 0x92c9a639f5cbc4ae32a0e060d83ba4e491f98d8b

  12. 0xb3fb01c33b1b0eb7fe011fdaad3f11957f4fa993

  13. 0xc746c447e4aafb5a007645df3da5292d3f490d8e
    again another very clear set of sybils from one disperse tx (0x8b20dcd0f31e395f2caab7aa75d5ce33bd474a0c429a7d149915c31ee5e781db)

  14. 0x0E1ca0c78C85457e04DD6F256b290f6c31B7629A

  15. 0xb32fc7b40a89e0547bd16664a57fcfceecbeeeec

  16. 0x79fba65f42731e4a4db8472f0b2a5b48d0b4e7f9

  17. 0x0d7f4c479c8057eef1e1d3a73b142d416595e751

  18. 0xef205e1a13587ad52759cf675b8142120caffc4a

  19. 0x2cdf60d6e5943a40e940dcfb619897c77daa73f0

  20. 0x1de6eec2c08830bbec7884f1fc6b502521ae2e54
    31-36 have a direct connection to 30. Four addresses are linked by (0xaec5c4cc2373848c43755c6573f7600c5da1e110453cc11050700c84997e4757). Many clear airdrop farming addresses.

Methodology

I found "from" addresses of a dispersed contract going to hop eligible addresses. I then filtered for the highest count transaction hashes. I then explored those for sybil lists and went deeper by looking at hop eligible addresses next to other ones. Can show the script if desired. I then explored qualatitively.

Rewards Address

0xCBd39631F4fb359cA966424B622aee0A5c1DaAa1
@shanefontaine
Copy link
Member

@defienjoyer We have observed cases of apps sending funds through Disperse to help their users pay for gas on L2s. We have also seen altruistic people and faucets do the same. Because of this, we will need additional evidence. Some potential compelling evidence may be:

  • Identical transactions on the exact same day/time by most or all of the addresses
  • A trace of the ERC20 token between addresses (as opposed to native tokens)
  • A similar time/date that all the addresses started transacting on a chain

Please note that there will need to be much more data provided for this submission. Per the rules, the data will also have to be easily verifiable.

Please let us know if you can provide this data. Thank you for your work.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Needs More Information
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@shanefontaine @defienjoyer