Sybil report

•

Published 5 days ago

•

69 views

I am not sure whether I am allowed to post two reports or not; therefore, I am posting a new, more comprehensive report with an updated and more detailed methodology. If you have access to my first report from GitHub and it is allowed, please accept it as well. It contains some extra wallets.

Reported Addresses

Full list here (32,000 wallets):

https://docs.google.com/spreadsheets/d/1ulcqCOOYoenx2_BDcsRcNW5qugO0f0y0QgoxAbFZnNY/

Description

Despite the fact that modern Sybils do not link their accounts or send exact amounts of money via transactions, they can still be easily identified through their Ethereum activity. This is because creating unique patterns for each account is too expensive, especially when dealing with hundreds of wallets.

This methodology provides a systematic approach to identifying Sybil accounts by analyzing and clustering wallets based on their Ethereum activity, LayerZero transactions, and participation in other airdrops.

A snapshot of Ethereum transactions is made for every wallet. Then, wallets with identical snapshots are grouped into clusters for further analysis. Additionally, the Ethereum wallet age, cumulative amount of ETH spent, and number of LayerZero transactions are calculated.

It is shocking, but some clusters are absolutely unique: they have matching snapshots, similar cumulative ETH volume, the same wallet age (within a few days), and the number of LayerZero transactions falls within a limited range. No random wallets were found in such clusters. There are 8800 records in the report, all of which are 100% Sybils without any shadow of a doubt.

Other clusters also show these properties but are mixed with other wallets. Such clusters were manually refined only in cases of evident Sybil properties. The main purpose was not to hurt honest people. These are the rest of the records.

For more details, please refer to the detailed methodology section.