/Sybil-Defender

Tool for filtering Sybil wallet addresses

Primary LanguagePythonOtherNOASSERTION

Sybil Defender

Overview

The Sybil Defender identifies and labels Sybil Attack clusters operating on the application layer of EVM-compatible blockchains. This includes Ethereum, Arbitrum, Optimism, Polygon, Binance Smart Chain, Avalanche, and Fantom. It monitors transactions to detect patterns that may indicate Sybil behavior, such as Airdrop Farming, Governance Attacks, and Wash Trading/Market Manipulation.

Features

  • Real Time Monitoring: Monitors on-chain transactions in real time.
  • Dynamic Clustering: Dynamically updates existing clusters based on incoming activity.
  • Heuristic Analysis: Applies heuristics to initially assess transactions for Sybil attack patterns.
  • Community Detection: Employs sophisticated algorithms to identify communities.
  • Sybil Detection: Filters communities for known Sybil Attack patterns to generate accurate alerts.
  • State Persistence: Keeps track of historical data for dynamic clustering and real-time analysis.

Performance

During a performance evaluation, Sybil Defender analyzed a sample of approximately 8 hours of activity on the Arbitrum network prior to the airdrop snapshot in March 2023. The analysis identified 211 Sybil Clusters consisting of 7731 nodes in total.

In addition, this evaluation confirmed the identification of all 4 clusters highlighted by Arbitrum's Sybil detection mechanisms.

The full sample graph file can be found here.

Sample 1

Sybil Defender: Identified Sybil cluster with 95 eligible nodes
Arbitrum Detection: Identified Sybil cluster with 56 eligible nodes
Common address: 0xc7bb9b943fd2a04f651cc513c17eb5671b90912d

Sample 2

Sybil Defender: Identified Sybil cluster with 99 eligible nodes
Sybil Defender Cluster 		Arbitrum Detection: Identified Sybil cluster with 110 eligible nodes
Arbitrum Cluster
Common address: 0x1ddbf60792aac896aed180eaa6810fccd7839ada

Sample 3

Sybil Defender: Identified Sybil cluster with 507 eligible nodes
Sybil Defender Cluster 		Arbitrum Detection: Identified Sybil cluster with 121 eligible nodes
Arbitrum Cluster
Common address: 0x3fb4c01b5ceecf307010f84c9a858aeaeab0b9fa

Sample 4

Sybil Defender: Identified Sybil cluster with 51 eligible nodes
Sybil Defender Cluster 		Arbitrum Detection: Identified Sybil cluster with 65 eligible nodes
Arbitrum Cluster
Common address: 0x15bc18bb8c378c94c04795d72621957497130400