New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Sybil Attacker Report(201 Safes For Airdrop Farming) #384
Comments
虽然我不喜欢举报的人, 但是其实你不说话更好,直接让官方裁定,你说话直接自爆了 |
本身确切判定的案例也不多,你的算是较为隐秘了,大概率不会出事的,但是你的反驳过程中,证实了他的推断,现在就很难了.现在你骑虎难下了 |
The level of details in the stories do not sound like they are all made up, but the on-chain records look very suspicious. If the "students" are all beginners, why didn't they fail a single transaction? Why did they all use the same gas price even on different days? For example the following txns all use 12 gwei max fee on different days https://etherscan.io/tx/0x414170d7886910ae0bf4351be01de5cdb861ffd45b7d08a76295112e4471f2c8 It would be best for @jianggaoyi to defend yourself by proving that these Safes are controlled by the "students" themselves, not a single person / entity, but I'm not sure how to do that. Maybe BrightID identity verification? |
From my perspective, it 's real sybil-attack no matter what storys he makes. |
Thanks for the report, we found the following to be related to airdrop farming:
|
Although the result is not satisfactory. But I accept the result.. Thanks to the SAFE team for providing us with such a wonderful multi-signature safe。 |
Related Safe Addresses
Reasoning
Almost all safes were created on Jul-28-2022 ----Aug-01-2022, and the creation time is very concentrated
And some safes are even created at the same time, such as
0x1E345B2b8b776b239993fEecfAd5F1bF9A1B23c7 and
0x2989705Abbfc7635AADCf8A13CA6F52Bd55a414F
Both were created on Aug-01-2022 12:10:18 PM +UTC
0x7B6eDfBc394A5d5728e1e1CA5f39B049DD2DDBBA and
0x56b803B91aBa4d7861Bb9Cda5FC2B5143fE2fC98 and
0x72b82C0Ce4adcc6964691Ccc5459A9b376c44969
The creation time is Aug-01-2022 06:03:57, Aug-01-2022 06:04:51, Aug-01-2022 06:03:55
Each safe has a similar 13-17 internal txns, and most safes have 14 txns
All transactions are transfers, and almost all safe have interacted with Aztec: Connect (0xff1f2b4adb9df6fc8eafecdcbf96a2b351680455) 1-2 times, and transfer between addresses through Aztec: Connect
Very few safes didn't interact with aztec (such as 0x74911f55819881e6dD2CBF7E0d958779c278d8ea), but other transactions still maintain a high similarity, and their owner addresses also show high similarity with other safe owners
All safes are associated and traceable on the transfer records (including transfers between safe and safe, transfers between safe and owner addresses), I don't know how to make a chart, but I have checked most of the SAFEs' transactions then came to this conclusion.
What owner addresses have in common
The transactions of all owners are almost the same, the amount, the contracts to be interacted with, and the order of the interactions is almost the same
for example
Almost all safe creators (also owners) received transfers from FTX Exchange 2(0xC098B2a3Aa256D2140208C3de6543aAEf5cd3A94) from August 5th to August 8th, and the amount all like 0.3695ETH, 0.3795ETH, 0.3595ETH, similar transfers.
And after receiving the transfer, they made an ENS cast vote, and then interacted with the AZTEC contract.
Lots of transactions happening at the same time, sometimes even script glitches (10 addresses sent 20 ENS Cast Vote Txns almost simultaneously)
for example:
https://etherscan.io/tx/0x9568e4905a76b6ca49a7cba3cc98e53086f6249ccc44f082b666aaf9f77a5570
https://etherscan.io/tx/0x6885f3e24bf975ac333f03cc0415a07a393b7d93fe423ea34fc73b375ad800b5
https://etherscan.io/tx/0xa4e4039df65b2791a7f5df5f848b3ec8b450e1c4e0ab319eefcc9860f1284043
https://etherscan.io/tx/0x47183a2ccb2da77a7397d4d9a5a84580fa8733c8ac1aebf99b1bbb574bf6965f
Summarize:
And all transactions are transfers, including bulk transfers via Aztec: Connect, which is a typical sybil behavior.
These 201 safes are obviously only used for airdrop farming.
Methodology
In the safe allocation list, I randomly selected a large number of safe addresses with 200-300 tokens, and checked and analyzed these safe addresses and their owner addresses one by one.
The way I found these 201 safes was, after finding the similarity of several of them, I checked the transactions of the owners of these safes, and found that all safe creators participated in ENS Cast Vote (interacted with 0x323A76393544d5ecca80cd6ef2A560C6a395b7E3,https://etherscan.io/txs?a=0x323a76393544d5ecca80cd6ef2a560c6a395b7e3), I checked After reading the interaction record of this contract address, I found the owner addresses of these 201 safe addresses, and then I found out these safe addresses, exactly 201.
Additional instructions:
When I sorted out the addresses for the first time, I missed a part. Although most owner addresses have excuted transactions with 3 safes, a small number of addresses have excuted transactions with 4 or even 5 safes, so I did not find out all relevant safes in the first time.
But after discovering this, I carefully checked all transactions of every owner address that participated in ENS Cast Vote and had similar transactions, and finally found 201 safes, I think there is nothing missing now.
Safe Address
0x8e6dd6915F2F2D21A53789a3cC700E726a1aa304
The text was updated successfully, but these errors were encountered: