As we get closer and closer to the highlight of the LayerZero airdrop, with rewards in the form of the ZRO crypto expected to arrive in June, we share this nice story featuring a Web3 user with the nickname “Ruslan”
Ruslan is a farmers who uses hundreds of wallet in his hunting activities to increase the potential allocation on projects that are about to release an airdrop, just like LayerZero.
Despite on paper seeming like a prepared and highly skilled user, he made a serious mistake that could really cost him dearly. What is it about?
Let’s find out together in this article.
Oh Ruslan…
— Bryan Pellegrino (臭企鹅) (@PrimordialAA) May 28, 2024
LayerZero and the hunt for sybil before the airdrop: caught the user “Ruslan”
The story of “Ruslan” begins when the anonymous user, in order to farm the best LayerZero airdrop and obtain the largest possible allocation of ZRO tokens, decides to use hundreds of different addresses to execute various types of on-chain transactions.
It starts in 2023 to farm the airdrop with each of these addresses using the bridge of Stargate and other dapps that are based on the omnichain technology of LayerZero.
Despite the high number of entities connected to each other (having exchanged funds with each other to finance the interactions), Ruslan still finds an idea to manage to evade the anti-sybil checks and make each address appear as standalone.
Maybe under some advice from another user X, decides to associate an ENS domain with every address he had interacted with to position himself for the LayerZero airdrop, convinced that the on-chain analysis systems would identify his wallets as authentic.
In fact, sybil addresses are usually characterized by a low quality in the history of tx, with few low-value transactions, often advanced by bots and managed by automated scripts: an ENS domain can therefore increase the quality of its portfolio by adding a cryptographic component usually excluded from the economic operations of bot farming.
To carry forward this hedging strategy, Ruslan also spends a considerable amount, exceeding 3000 dollars between registration costs at Ethereum Name Service and Ethereum blockchain commission costs, in addition to obviously all the fees paid for farming.
The problem is that Ruslan comes up with the brilliant idea of sequentially naming all the domains he bought, going in order as follows: ruslan002.eth, ruslan003.eth, ruslan004.eth, ruslan005.eth, ruslan006.eth, ruslan007.eth, ruslan008.eth, etc.
One forgets that by sequentially identifying its addresses, these could be considered as connected to each other, being in fact linked by a fairly obvious logical thread that sees a progressive on-chain identifying name.
After the LayerZero team and its CEO Bryan Pellegrino kicked off the “sybil bounty” phase, inviting the crypto community to report improper behavior by other users, it didn’t take long before Ruslan was identified and marked under the sybil list on Github.
Most likely Ruslan and his addresses will not receive any reward from the LayerZero airdrop, and indeed, a portion equal to 10% of the allocation that would have been due to him will go to the address 0xc37395f3aca821f1f85D897Ee541BCdB4C5B7c7E, owned by the user who reported him with a detailed report.
Fairy tale about stupid sybil
One fine day, drophunter Ruslan saw a guide on $ZRO airdrop.
The author of the guide said that to disguise Sybil accounts you need to purchase ENS domains.
Ruslan did it, but in the most stupid way. Sybils, don’t be as naive as Ruslan. pic.twitter.com/2A2x6iZROO
— Cryptophile (@Cryptophileee) May 28, 2024
Observing more closely the behaviors of Ruslan, we realize how the user is not exactly a newcomer in the crypto world.
Recently, he managed to become eligible for various airdrops such as AltLayer, Eigenlayer, Omni and Renzo, bringing home decent earnings.
The poor Ruslan simply made a serious distraction error, or he was excessively superficial in thinking that the insiders at LayerZero would never consider the progressive ENS domains.
Poor Ruslan, he was farming LayerZero more than a year ago and it seems he bought ENS Domains for his wallets less than 2 months ago (check the examples). You can see clear sybil activity as he for example bridges 0.09 usdc using stargate. Poor Ruslan pic.twitter.com/QZ0D5uEEcP
— Dwight.eth (@OogaDeMonad) May 28, 2024
In the blink of an eye, the entire community turned Ruslan into a viral meme, which spread across all the X boards of the airdrop farmers.
There are even those who have come to his defense, pointing out to Bryan Pellegrino of LayerZero that the addresses in question could belong to a long list of family members of the reported user and that it is not fair to identify them as sybil a priori.
https://t.co/nzFm2KC9Al pic.twitter.com/G5MjD8mQZx
— Blur (@BlurCrypto) May 29, 2024
In the meantime, Ruslan has put his ENS domains up for sale at 5 ETH each, hoping that in the midst of this extravagant and at the same time dramatic story, some crazy degen will want to purchase a piece of cryptographic collection that will remain forever in the history of crypto airdrops.
Ruslan is selling his ENS for 5 ETH now
Y'all did him dirty pic.twitter.com/o9J2fM7BOF
— TOBI (@TobiWebIII) May 28, 2024
The “Sybil Bounty” phase ends: check if your address has been reported
Before excessively making fun of the poor user Ruslan, who will be despairing for having wasted time and money farming an airdrop that will see him ineligible, it would be wise to check if our addresses have also been flagged by the so-called “Sybil Hunters” during the “Sybil Bounty” phase that has just concluded.
The LayerZero team has indeed announced the end of this controversial initiative that saw members of the crypto community pitted against each other, searching for on-chain data that could identify others’ addresses as the result of sybil activities, in exchange for a bounty equal to 10% of the reported address’s allocation.
We can immediately check if the wallets with which we farmed the LayerZero airdrop have been included in the list of some “snitch”: first, click on this link, and then paste our addresses one by one into the search bar to see if they appear under any report.
@LayerZero_Labs Sybil Bounty submission has closed.
You can check whether your wallet is on the list https://t.co/6gb4Y2bTAr
Steps:
1. Enter your wallet address in the search bar.
2. Enter.
3. If found, you have been reported.
4. Otherwise you are safe. ["0 threads… pic.twitter.com/wbzmYEC9ub
— Airdrop Official (@its_airdrop) May 30, 2024
If your address does not appear in any search, you are safe. For safety, you can also individually check the internal links of each report (if there is an external link).
If, on the other hand, you have been reported in some report, you might not be eligible like Ruslan. Considering the high presence of reports, sometimes carried out in “spam” mode, we should wait for the official confirmation from the LayerZero team that will have to examine the documents.
Therefore, even if our address is present in a sybil list, there is the possibility of receiving ZRO tokens as a reward for the airdrop.
Nothing as of now; this is just the list submitted by the bounty hunters.
The final list of LayerZero Sybil addresses will be live once all of the addresses are evaluated.
— Airdrop Official (@its_airdrop) May 30, 2024
Some advice to avoid appearing sybil in the upcoming airdrops
With the new crypto projects releasing airdrops, distributions are becoming increasingly selective, and with the anti sybil checks becoming more stringent, being eligible with your own addresses is becoming really complex.
Let’s see some advice on how not to fall under the identification of sybil, and how to avoid trivial mistakes like the one made by Ruslan, which could jeopardize our earnings from airdrop farming.
First of all, if you are operating with more than 4-5 addresses, it is CRUCIAL not to mix your funds between one entity and another by making direct asset transfers: rather, if you need to move funds, use multiple CEX as bridges for the exchange (one CEX associated with each address).
For a farmer, it is therefore necessary to be registered on as many exchanges as possible or to have connections with different addresses of the same CEX (e.g. accounts of relatives and friends on Binance).
NEVER use a single CEX to distribute funds to multiple wallets.
If you have direct connections between airdrop wallets such as sending funds from Wallet A to Wallet B, or sending funds from Wallets A and B to the same CEX deposit address
You are not a “sybil”, you are just a retard pic.twitter.com/7pSMPMHhkq
— Blur (@BlurCrypto) May 6, 2024
It is extremely important to generate quality tx, such as executing at least 5 transactions and holding at least 0.005 ETH on the Ethereum Mainnet, and being active on-chain for at least 1 year (do not use newly created addresses).
Perform the verification at Gitcoin Passport, or associate a domain ENS to your domain but do not do like Ruslan: choose names that are not connected to each other and not sequential.
Pay attention to the timing of your operations as well: if you perform the same type of transaction at the same time or in similar time frames, you risk being caught as a sybil. Move individually, address by address, without making the same tx in a group, and preferably without automated scripts.
Anti-sybil methods?
➬ New Ethereum addresses (less than 24h from the first and last transaction on the eth mainnet)
➬ Wallets with suspicious behavior patterns
➬ Fake voting on Snapshot
➬ Centralized exchange and fiat on-ramp addresses
➬ Exploit addresses pic.twitter.com/zeHYQX999g
— ardizor (@ardizor) November 23, 2023
Other small tips to avoid appearing sybil are:
download a multisignature wallet on Safe and execute at least 5 tx;
bridge your funds across multiple chains and leave some fraction of ETH on each network;
avoid farming with less than 500-1000 dollars per address and avoid swaps with micro volumes;
act as a liquidity provider (LP) if the project we are farming allows it;
Behave like a real user!!! Avoid appearing in any way as a bot.