Sybil Attacker Report
rchen8 opened this issue · 3 comments
Related Addresses
0xbd89351601938494b1d643ed2c15419d491c04ec
0x734444aaf6370a176a82a9cd34a6ebdc9f3a1aa6
0x2a71851d5bff1799b50a975d880f438677414260
0x580731e5603d6faaba4a361e13d35f43082d2f3e
0x517cd3cb3c89d66bb278ac437aaf1f8b2834665c
0x90ff89c637fd1537e151b8ced1d1d0cb94e31ca6
0x4919fcf252fb7c897952ccfd8613be76c24e0578
0xc0b3a5342f3151d6edffde94ab8bb11221ae7e63
0xeb164bc3cda19b2504e0110a6cc22da4b81d8799
0x762d5548ea30bbf09adb153d0a0ceae75ab418cf
Reasoning
All 10 addresses belong to the same connected subgraph component, in which the edges are Polygon transactions between addresses. Additionally, they all form a strongly connected component, which means it's very highly likely they all are controlled by the same Sybil attacker if every address is reachable from every other address (though cycles formed by both to and from transactions).
| Date | # Addresses |
|---|---|
| 2021-12-25 | 6 |
| 2021-11-14 | 5 |
| 2022-04-30 | 4 |
| 2021-12-28 | 2 |
| 2022-01-02 | 2 |
| 2022-05-19 | 2 |
| 2022-01-18 | 2 |
As an example from the table above, on 2021-12-25, 5 of the 6 related addresses sent 3800-4000 DAI back and forth from Polygon to Gnosis Chain in an attempt to fake transaction volume to Sybil the airdrop.
- https://explorer.hop.exchange/?account=0x580731e5603d6faaba4a361e13d35f43082d2f3e
- https://explorer.hop.exchange/?account=0x517cd3cb3c89d66bb278ac437aaf1f8b2834665c
- https://explorer.hop.exchange/?account=0x90ff89c637fd1537e151b8ced1d1d0cb94e31ca6
- https://explorer.hop.exchange/?account=0x4919fcf252fb7c897952ccfd8613be76c24e0578
- https://explorer.hop.exchange/?account=0xc0b3a5342f3151d6edffde94ab8bb11221ae7e63
Methodology
I implemented the Union-Find algorithm, which is a famous graph algorithm that gets all of the connected subgraph components in O(1) time. The nodes in the graph are from the most up-to-date list of eligible airdrop addresses. The edges in the graph are from using Covalent's API to find transactions that connect between these addresses.
Finding the timestamps of Hop transactions per address is done using the Hop Explorer and reverse engineering their API so I can automate it. :)
Rewards Address
0x9bb82fbf10cF4959909BAB9bE07805bd1d28D04A
Thank you for your report @rchen8. We have verified that the addresses in this report are Sybil attackers.
The report included 10 eligible addresses as Sybil attackers which means you are eligible for 3282.999463404596101947 HOP! When Hop DAO is live, we will make a proposal for this reward — subject to a 1 year lockup, as mentioned in the original Mirror post.
The flower petal pattern was a very compelling piece of evidence. 0x762d5548ea30bbf09adb153d0a0ceae75ab418cf looks like the only address that has a Hop transaction outside of Polygon and Gnosis Chain, however, I see that there are many transfers between that address and 0x90ff89c637fd1537e151b8ced1d1d0cb94e31ca6. Additionally, the behavior of 0xeb164bc3cda19b2504e0110a6cc22da4b81d8799 and 0x2a71851d5bff1799b50a975d880f438677414260 on Hop protocol does not follow the others but their chaining behavior on Optimism is very, very strong Sybil attack proof.
The qualified addresses are as follows:
0xbd89351601938494b1d643ed2c15419d491c04ec
0x734444aaf6370a176a82a9cd34a6ebdc9f3a1aa6
0x2a71851d5bff1799b50a975d880f438677414260
0x580731e5603d6faaba4a361e13d35f43082d2f3e
0x517cd3cb3c89d66bb278ac437aaf1f8b2834665c
0x90ff89c637fd1537e151b8ced1d1d0cb94e31ca6
0x4919fcf252fb7c897952ccfd8613be76c24e0578
0xc0b3a5342f3151d6edffde94ab8bb11221ae7e63
0xeb164bc3cda19b2504e0110a6cc22da4b81d8799
0x762d5548ea30bbf09adb153d0a0ceae75ab418cf
Hello, my address is 0x90FF89C637Fd1537E151B8ced1d1D0Cb94e31cA6 At the same time, I am also an active member of discord, I got the airdrop of discord, I boosted the channel, my address was reported, and it has been verified, what I want to say is how many people do I have? After all, many people have multiple wallets in web3, but there are not more than 10. I hope the team can investigate as soon as possible, because I am a blogger and I have my own community, so I often discuss with members of the community There may be some crossovers in the project, the report is: 0x762d5548ea30bbf09adb153d0a0ceae75ab418cf This wallet is my friend's wallet, you can check his wallet activity, our interaction time is not clear, I also read the submission report, but the same activity is only a few This address, I have used hop through the aggregation function of li.FI and the aggregation function of bungee unconsciously.
I know a lot of people want to get rewards by reporting, although I don't agree, but this is your approach, but my wallet does not reach the number of attackers, I do have a few wallets, I admit, the report on Some wallets are addresses of my friends, we often transfer some tokens to each other, and the reporter grouped us together to make up the number.
Please respect the rules