Original author: Builders

Original translation: TechFlow

The token launch is a critical moment in a project’s history. If you screw up the token launch, it could be the end of the project.

Nothing can destroy the credibility of a token offering faster than a Sybil attack, in which a malicious actor creates multiple false identities in an attempt to gain a disproportionate amount of influence and token distribution in the network.

No one wants to see a fake community.

Next, we will explore how Sybil attacks affect token issuance through two recent airdrop cases: zkSync and LayerZero.

zkSync

zkSync is an Ethereum Layer 2 scaling solution that uses zero-knowledge proofs and was one of the most anticipated airdrops in 2024. However, it has received a lot of criticism due to its lack of Sybil protection. For example, Mudit Gupta, Chief Information Security Officer at Polygon Labs, commented on X:

The zkSync airdrop has been released.

This is probably the easiest airdrop to farm ever.

As far as I know, there is almost no Sybil filtering done.

It is easily available in large quantities to anyone who understands the standards.

This makes LayerZero's efforts in Sybil filtering more understandable.

Adam Cochran, partner at Cinneamhain Ventures, expressed similar concerns:

I like the zkSync team, but from a Sybil protection perspective, this airdrop was indeed not well planned.

These criteria are easy to miss for real users, but easy to meet for "farm" users, and there are no anti-Sybil measures.

With on-chain projects so new and limited in number, real users may only use 1-2 dapps or hold a small number of tokens.

If projects don’t want “speculators” who sell quickly, they need to spend more time on this aspect.

zkSync network activity

In the month after the zkSync airdrop to users on June 17, 2024 (as of July 17, 2024), the number of active addresses on the network decreased by about 78.7%. This suggests that most users simply wanted to get the airdrop and then abandoned the project.

Source: Dune

The number of daily depositors also shows a similar trend - on July 17, 2024, there were only 32 depositors, while the peak on March 25, 2023 was 41, 257.

Source: Nansen

After the airdrop, more than 40% of zkSync's top recipients sold their entire allocation, and 41.4% sold part of their allocation. Currently, only 17.9% of these top recipients still hold their tokens. According to @CryptusChrist, 746 known Sybil attackers received about $6.9 million in ZK tokens in the airdrop.

Source: Nansen

ZK Price Chart

Unfortunately, the ZK sell-off — most likely orchestrated by a Sybil attacker — exacerbated market selling pressure, causing the token price to drop by approximately 39.29% between the user airdrop date (June 17, 2024) and July 23, 2024.

Source: CoinGecko

So, what went wrong with zkSync? First, the team’s airdrop qualification criteria was relatively easy to exploit by Sybil attackers and lacked effective Sybil prevention measures. In addition, zkSync also excluded certain legitimate users, such as projects that built on zkSync ERA and directly contributed to its ecosystem.

Now, their team needs to redouble their efforts to recapture the significant price speculation that was driven by the Sybil attackers’ fake activity.

LayerZero

LayerZero is an interoperability protocol designed to facilitate seamless communication and asset transfer between different blockchains. Unlike the two examples above, LayerZero implements strong Sybil protection measures.

According to Bryan Pellegrino, CEO of LayerZero Labs, the team ultimately identified between 1.1 and 1.3 million unique Sybil wallets during the Sybil self-reporting and analysis phase, and their team continues to engage and reward the community for reporting Sybil attackers.

LayerZero's network activity

Between April 30, 2024 (the day before the snapshot date) and July 7, 2024, the number of messages on LayerZero dropped by 91.5%.

Source: LayerZero Scan

Similarly, the number of daily transactions also dropped by over 92% between the snapshot date and the airdrop date.

Source: Dune

This drop is partly due to the fact that users generally ceased activity after the snapshot date, as they no longer needed to trade to qualify for the airdrop. However, the Sybil prevention approach of the aforementioned teams may have also influenced this drop, allowing them to conduct airdrops with fewer Sybil attackers.

ZRO Price Chart

From June 20, 2024 (airdrop date) to July 18, 2024, the price of LayerZero’s native token ZRO dropped from $4.79 to $4, a drop of approximately 16%. This drop is significantly lower than ZK's 39% decline over a similar time period. Notably, ZRO’s price eventually exceeded its initial listing price, despite a decline in LayerZero’s network activity.

Source: CoinGecko

While it’s difficult to pinpoint all the factors that have contributed to LayerZero’s relative price stability, its Sybil-proofing technology may have played a role.

Why should builders care about witch prevention?

In the short term, Sybil attacks may appear to be beneficial to a project as they can artificially boost data and generate immediate profits.

However, as shown in the above examples, introducing a Sybil attack can lead to token sell-offs and a drop in network activity — both of which can erode the long-term sustainability of a project.

When Sybil attackers are removed, legitimate participants have more opportunities to participate and contribute, as the removal of fraudulent entities frees up valuable slots.

Most teams launching via airdrops will need to redouble their efforts to re-engage significant price speculation and network activity driven by fake activity. No one wants to see a fake community.