Nick Vaiman, the CEO of Bubblemaps, warned that Sybil assaults are becoming more common in presales and airdrops. He urged teams to employ KYC or algorithmic detection. A Solana presale event had problems with distribution when a bot farm apparently used more than 1,000 wallets to buy almost all of the Wet (WET) tokens in only a few seconds.
The presale, which was hosted by the decentralised exchange aggregator Jupiter, mostly sold out right away. But, according to the organisers, real customers had almost no chance to take part since one person controlled the presale.
The team behind the presale for Solana automated market maker (AMM) HumidiFi admitted the attack and cancelled the launch completely. The team claimed they will make a fresh token and give it away to real users, but not the sniper.
Source: Jupiter
Bubblemaps links over 1,000 wallets to a single sniper
Bubblemaps finds the alleged sniper by following the money in more than 1,000 wallets. On Friday, the blockchain analytics firm Bubblemaps said it had found the group behind the presale hack by noticing strange wallet clustering during the token auction.
The business said in an X thread that at least 1,100 of the 1,530 wallets that were part of the event showed the same funding and activity patterns, which means that one person controlled them.
Nick Vaiman’s team looked at presale participants on their platform and observed trends, such as new wallets with no previous on-chain activity that were all funded by a small number of wallets.
They likewise got money in a short amount of time with the same quantity of Solana SOL$135.91 tokens. Despite the unlinking of some clusters on the blockchain, they share commonalities in size, timing, and funding, all of which point to a single organisation.
Bubblemaps alleged that the sniper paid for thousands of new wallets from exchanges, which had received 1,000 USDC USDC$1 before the sale. The analytics business said that one of the clusters “slipped”, which let them connect the attack to a Twitter account called “Ramarxyz,” which also went on X to ask for a refund.
Rising wave of Sybil attacks targets presales and airdrops
The hack comes after prior Sybil attacks in November, when groups of people controlled by one person stole token supplies.
On November 18, one person said they had 60% of aPriori’s APR token airdrop. 30% of Edel Finance’s own EDEL tokens were purportedly sniped from their wallets on November 26. The co-founder of the team said they didn’t snipe the supply and that they had put the tokens in a vesting contract.
Vaiman told Cointelegraph that Sybil attacks are happening increasingly often in token presales and airdrops. He did say, though, that the patterns are “different every time.” He suggested that, for safety, teams should utilise Know Your Customer (KYC) techniques or algorithms to find sybils.