Nothing to Hide

Web3 must stand against the peril of airdrop hunters

Ukraine seizes $19,500 from crypto wallet dedicated to supporting Russian forces

Web3 must stand against the peril of airdrop hunters

As scammers exploit lucrative airdrops, many projects and developers are struggling to mitigate the impact of Sybil attacks.

The following is a sponsored guest article from Sergey Shashev, the founder of Broxus.

From Community Rewards to the Hunt for “Free Money”

The community has been a driving force behind the development of Web3 applications and blockchains. However, fostering and engaging a community is challenging, especially for new projects. To tackle this, developers have implemented various economic mechanisms, such as ICOs and staking.

Airdrops, often overlooked, present another significant incentive for the community. This tool has grown into a considerable niche. According to CoinGecko, the three largest airdrops to date—Uniswap, ApeCoin, and dYdX—collectively account for nearly $12 billion. Over the past three years, the total value of airdrops has reportedly surpassed $26 billion.

Initially designed to reward active community members, airdrops have become so lucrative that they have become a pasture for professional opportunists who exploit them for personal gain. These opportunists create multiple accounts to complete tasks set by organizers, either automatically or with cheap labor.

Their rigged activity ranges from posting basic content on social media and transferring small amounts of cryptocurrencies to spamming a protocol’s source code with useless commits, all in pursuit of what they ultimately see as “free money.”

How Sybil Attacks Tap Airdrops Dry

So, airdrop hunters have emerged as a new, truly malicious actor, disrupting the economic activity within Web3 and harming its future by diverting value from genuine users. In March 2023, Lookonchain reported on X (Twitter) about two “super airdrop hunters” who exploited the Arbitrum airdrop, collecting more than $3 million worth of ARB tokens from around 1500 addresses.

This incident is not isolated. Most major airdrops in the last three years, including those from Optimism, Uniswap, 1inch, and many others, have been similarly targeted by hunters and their bot farms. An anonymous raider claimed to The Block’s reporter, “Blur gave us something like $300,000, Arbitrum gave us around $180,000, Aptos gave us $125,000, and Optimism, $120,000.”

Unlike true community members, airdrop hunters quickly sell off their rewards, causing immediate price drops, and move on to the next target. Starknet, a highly anticipated Layer 2 blockchain built on Ethereum, experienced this firsthand. Researchers found that the network was infiltrated by airdrop hunters months before the launch of its native cryptocurrency in February 2024. The result? STRK plummeted 50% in its first two days of circulation, jeopardizing Starknet’s future. The hunters’ activities even drew the attention of the Chinese police, who arrested an individual on charges of stealing STRK tokens through identity scams.

Other projects, such as Linea, EtherFi, and Connext Network, have also been drained through airdrops, experiencing what is now termed a “Sybil attack,” a phenomenon in cybersecurity where an attacker creates multiple fake identities to gain influence or control in a computer network. If these perpetrators do not get what they want, they often post defamatory statements about the project on social media, spreading FUD. This is essentially a public extortion. We at Everscale have observed such a campaign against our partner blockchain network Venom, launched a few months ago.

Ongoing Search for the Ultimate Protection Against Sybil Attacks 

Despite acknowledging the problem, the industry has yet to find an effective solution. One approach is to raise the eligibility criteria for claiming airdrops. However, even sophisticated airdrop programs like Arbitrum’s did not withstand the Sybil attack.

Some projects attempt to compromise, like LayerZero’s recent proposal to allocate smaller airdrops to hunting accounts if they self-identify as such. Otherwise, their addresses risked being completely excluded from an airdrop. However, distinguishing fake accounts from real ones remains a challenge, not to mention the precedent of recognizing wrongdoers as eligible recipients of community rewards.

Other suggestions include implementing rigorous identity verification for all airdrop participants. Projects like Worldcoin’s iris verification or Humanity Protocol’s palm recognition offer potential solutions, but such procedures may compromise user privacy, a core value of Web3. Besides, professional drop hunters have already found workarounds for all kinds of “digital passports,” creating a market for buying and “pumping” virtual identities in bulk. This measure only raises the costs for fraudsters without solving the problem.

Another solution proposed by Vitalik Buterin is the Soulbound Token (SBT), an NFT permanently bound to a real person (“soul”) that serves as a “proof of person” and identifier without disclosing personal details. Thus, SBTs could verify a user’s reputation in a decentralized manner: if an SBT’s record shows a positive reputation score, its owner gains access to airdrops, incentivizing benign behavior. However, SBTs are still more of a concept and need broader adoption.

These and other options are currently on the table. My article calls for wider discussion and action among all conscientious actors in the Web3 industry. We must address the issue of airdrop raiders before even more Web3 projects and their conscionable supporters fall victim to new Sybil attacks. By working out a universal approach and set of standards together, we would get a chance to once again utilize airdrops for their root mission: compensating vivid communities for their loyalty and dedication.

About Everscale

Everscale is a TVM blockchain powered by an infinite sharding mechanism, flexibly adapting to any workload so that the size of the load does not affect transaction times or network fees.

This makes Everscale an optimal blockchain for hosting high-scale and load-intensive decentralized applications. Over the past years, Everscale has developed a thriving community and robust ecosystem of DeFi, GameFi, NFT, and other web3 projects.