The rapidly growing crypto points market has ignited massive interest in traditional airdrops. However, this surge has also led to a spike in Sybil airdrop farming attacks, with fake users and bots claiming airdrop tokens and severely beating genuine community members.
DailyCoin examines why this trend has exploded and investigates strategies to combat it.
Crypto Points Spark Airdrop Frenzy
Airdrops are seeing a surge in popularity, with crypto projects distributing $26.6 billion worth of tokens in just three years since the first airdrop. That’s nearly the cost of 10 NASA rover missions to Mars.
Sponsored
Such frenzy over free token distributions is relatively new, sparked by the emergence of crypto points in 2023. Projects distributed points as loyalty rewards for completing tasks, such as providing liquidity, making transactions, or holding an NFT. These points were later proportionally converted into tokens, which users received during an airdrop.
Even though they aren’t registered on the blockchain and lack transparency, billions of crypto points have been distributed. It’s no surprise that dedicated speculative pre-markets have formed, where crypto points can be leveraged and traded for cryptocurrency ahead of their token airdrops.
Naturally, the opportunity to profit from trading crypto points made airdrops even more desirable.
They’ve become targets for not just individual users but also large-scale airdrop hunters, which has brought significant challenges to the crypto market.
Sybil Farmers Target Airdrops
But as the golden rule says, popularity comes with a price. Where there’s big money, there are also those looking to game the system. In this case, they are Sybil airdrop farmers – individuals or entities who manage thousands or tens of thousands of fake identities to participate in airdrops.
Named after a fictional character with dissociative identity disorder, Sybil farmers mimic the behavior of genuine users and siphon off the token rewards intended for them. Their goal is simple: exploit loopholes in airdrop qualification and amass as much free money as possible.
Krystyna Kozak-Kornacka, Chief Marketing Officer from MarketingFi platform builder Cookie3 told me that crypto projects were unprepared for industrial-scale airdrop exploits because they had not dealt with this problem before. Sybils kept advancing their technologies.
“Sybil attackers are getting more sophisticated in building algorithms that farm airdrops in such a complex way of on-chain and off-chain behavior that can be caught by airdrop shields because it mimics organic behavior so much.”
Different Attack Vectors Require Different Counter Strategies
As many crypto airdrop distributors have learned, Sybil farmers exploit different weaknesses of the protocols to achieve their goals. So far, they’ve been often successful. Fortunately, crypto industry players also have suggestions on how to turn the situation around.
Linear Distribution Method Targets Loose Eligibility Criteria Issues
One common weakness Sybils exploit is the loose airdrop eligibility criteria. A good example of this is zkSync.
A popular Ethereum scaling solution distributed 3.675 billion ZK tokens in June, marking the largest Layer-2 airdrop ever. Anyone meeting basic criteria—such as interacting with other protocols, adding liquidity, trading ERC20 tokens, or holding NFTs—could participate in the airdrop.
Over 695,000 wallets have qualified. They drove the network’s user activity to new highs and received over $2.5 billion tokens at a pre-market value of $0.69.
Yet blockchain analytics uncovered at least 46,000 wallets that collectively received $94.5 million in ZK tokens. They all constituted 660 clusters, controlled by several entities as part of a Sybil attack.
The project was heavily criticized for failing to prevent Sybil attacks, with the crypto community accusing zkSync of favoring whales over genuine small users.
“I love the zkSync guys but damn that was not a well planned airdrop from a sybil perspective. Those criteria are easy to not hit as a real user, and easy to hit as a farmer, and had no anti-sybil program,” stated a prominent blockchain investor Adam Cochran.
Unfortunately, airdrop eligibility criteria are often easy for Sybil farmers to exploit. Protocols reward users with loyalty points and free tokens based on their fees to qualify for the airdrop rather than the amount of capital in their wallets. This means the more tasks a user completes, the more gas fees they pay and the more tokens they earn—especially when using multiple wallets.
Some in the crypto space believe this loophole could be fixed using a linear airdrop distribution method. This approach calculates rewards based on the amount of capital users hold in the protocol rather than the transaction fees.
“Linear assumes that it scales proportionally with capital used. User who did 100x bridges of $10 gets more tokens than user who bridged 100K for 3-4 times. Thats not linear, it favors sybils, case closed,” claims linear airdrop proponent @@WazzCrypto.
According to him, the non-linear distribution methods unfairly favor people who create many small transactions, which can be an easy entrance for Sybil attacks. In this case, the system rewards the wrong behavior, making it easier for attackers to game it.
Yet, this approach struggles to gain traction, as projects benefit from the inflated activity metrics, which Sybils create and which help raise more money from venture capital investors.
Reputation Systems Prevent Insider Exploits
A weakness of some protocols is that insiders may ignore the Sybil farming issue because it benefits them. A key example is the controversial EigenLayer airdrop, where users from the U.S., Canada, and some countries in Asia and Africa couldn’t receive EIGEN tokens, even though they could stake funds to qualify for the airdrop.
Despite this, clusters of Sybil farmers used thousands of fake wallets to generate millions of dollars in revenue during EigenLayer’s airdrop.
The EigenLayer team has been compared to Sybil itself, as it allegedly pressured projects within its ecosystem to airdrop tokens to its own team members.
This is just a small fraction of the airdrop exploits. Nearly all major airdrops this year—such as LayerZero (ZRO), Optimism (OP), and Starknet (STRK)—have faced Sybil farmers attacks in some form.
The phenomenon is so widespread that fake wallets account for up to 70% of all wallets eligible for their airdrops, says the survey conducted by Cookie3.
Sybils exploit weak identity checks, minimal entry requirements, and insufficient anti-Sybil protections. They use advanced algorithms to mimic genuine user behavior both on-chain and off-chain, making it difficult to differentiate between real and fake users. Poor coordination between platforms and insufficient project oversight further amplify their effectiveness.
However, some crypto industry players believe developing reputation-based systems could prevent this issue.
Reputation systems use various techniques, such as social verification and behavioral analysis, to verify identities. They rate participants based on trust scores and are designed to give more authority to users with a long history of genuine contributions compared to short-term activity from Sybil accounts, showing they are more trustworthy.
As part of the reputation system, Proof of Individuality (PoI) measures require users to complete certain tasks to prove authenticity; however, contrary to Know Your Customer (KYC) measures, they do not reveal user identity.
“Implementing proof-of-individuality measures, such as requiring participants to complete specific tasks or provide unique identifiers (e.g., social media accounts), can help projects verify the individuality of participants and prevent duplicate claims,” says accounting and financial operations software creator Integral.
According to it, analyzing user behavior for patterns common in Sybil farming, like using multiple wallets excessively or completing tasks too quickly and repeatedly, helps identify and filter out fake accounts.
“It is about looking at the whole picture and connecting the dots between on-chain and off-chain activities,” notes the head of marketing at Cookie3. “By putting different data together, projects can get a very accurate image of who is a Sybil attacker or bot and who is not.”
Improved Cyber Security Guarantees Better Protection
Sybil airdrop farmers often outsmart detection measures using complex techniques, like bot automation, hiding internal transactions, and mimicking various behaviors. They constantly adapt their methods and evolve strategies in response to new preventive measures.
“Experienced sybils may attempt to obfuscate their on-chain tracks by using exchange addresses,” says CoinList, the token launchpad that removed 2.4 million bots and fake accounts from its platform.
To mitigate this risk, it’s crucial to establish robust cybersecurity measures from the outset. This involves verifying the legitimacy of devices and browsers, analyzing IP addresses, screening for bot-like activity, and authenticating email addresses.
However, efforts like these should be complemented by additional protective measures to ensure the uniqueness and verification of each participant. Without such safeguards, the consequences of airdrop Sybil farming can be significant.
Airdrop Farming Comes with Consequences
A large part of the crypto community sees Sybil airdrop farmers as a serious threat to projects’ integrity and the overall stability of the crypto ecosystem.
Many believe Sybil farming harms individual projects and the broader industry. Bots and fake users inflate protocol metrics like user activity and total value locked (TVL), misleading investors and creating the illusion of the protocol’s organic growth.
However, such growth is temporary and shifts dramatically on airdrop day as Sybil farmers dump the tokens and shift their focus to other projects.
For example, 40% of zkSync’s ZK token recipients sold everything immediately, and 41% sold part of their holdings. Within a month, 79% of active addresses abandoned the protocol. The token’s price dropped over 26% on airdrop day and hasn’t recovered.
Meanwhile, Sybil farming proponents see industrial-scale farmers as the necessary element of the market. They say Sybils unveil protocols’ flaws and vulnerabilities, positively affect project metrics, generate hype, and attract new investments and users.
“Airdropping on hundreds of accounts becomes a bug bounty, enabling the identification and resolution of system loopholes. Sybils, like vultures, hyenas, and scavengers, are actually contributing to the creation of a better world for everyone,” claims pseudonymous crypto researcher @ardizor.
The line between two fundamentally different perceptions—whether Sybils are “malicious exploiters” or “beneficial participants”—is blurring.
My sources say that as Sybils airdrop farmers become more advanced, it’s nearly impossible to catch all of them using airdrop shield mechanisms.
However, this doesn’t mean we’re powerless against the abusers. We can effectively reduce these Sybil airdrop farming exploits by combining advanced verification tools, reputation systems, and proactive cybersecurity measures. Implementing these strategies will help pave the way for a more secure and transparent future in crypto.
Check out our investigation about Tegeram Wallet:
Telegram Wallet: A Story of Buried Red Flags and Dubious Ties
Know more about how the crypto market could fight organized crime:
Combatting Pig Butchering Scams: Call for Unity in Crypto Sector