How Sybil attackers ruin the golden age of airdrops

A version of this article appeared in our The Decentralised newsletter on June 25. Sign up here.

GM, Tim here.

Here’s what caught my DeFi-eye recently:

• How Sybil attackers ruin the golden age of airdrops.
• The latest on CertiK’s $3 million Kraken hack.
• DL News uncovers a deal between Lens Protocol and ZKsync.

Airdrop attackers

In recent months the number of crypto airdrops has exploded.

So why are many people saying that the golden age is over?

In short: Sybil attackers.

These buccaneering DeFi players create multiple wallet addresses to spoof airdrops by pretending to execute legitimate activity.

So-called airdrop farming enables them to potentially rake in millions.

The problem with Sybil attackers is that they cost crypto projects millions.

Some airdrops targeted by industrial-scale Sybil attackers recently include:

• ZKsync
• LayerZero
• Wormhole

The increase in Sybils may force airdrops to switch to a distribution method that rewards smaller players with far fewer tokens.

One idea is a linear distribution.

This means the more crypto a user puts in providing liquidity on a blockchain or DeFi protocol, the bigger their airdrop will be.

While a linear distribution may be fairer, it turns airdrops into a whale’s game — skewing airdrops to benefit big crypto holders to the detriment of smaller ones.

Despite issues with Sybil attackers, the number of airdrops isn’t slowing.

Here’s some confirmed airdrops that could be coming soon:

• Sanctum
• Swell
• marginfi

And a couple that have hinted at airdrops by launching points:

• Scroll
• Linea

CertiK’s Kraken spat

Crypto auditor CertiK’s multi-day hack of crypto exchange Kraken left DeFi pundits and security researchers flabbergasted.

CertiK has since returned the $3 million it withdrew from Kraken using a so-called revert attack. But many questions still remain.

Onchain records show a hacker used the same bug to attempt to exploit other exchanges as early as May 17.

Those exchanges include:

• Binance
• OKX
• BingX
• Gate.io

That’s almost three weeks before CertiK said it discovered the bug in Kraken’s systems.

CertiK declined to comment on the issue.

To be sure, the records don’t prove CertiK was behind the earlier attempts.

A security researcher who wished to remain anonymous told DL News that another actor could’ve used the same name that CertiK used for its exploit code.

Lens’ ZKsync deal

Zero-knowledge-powered protocol ZKsync paid Lens Protocol tens of millions of dollars worth of tokens to use its tech, sources told DL News.

The exact number of tokens Lens received in the deal is unclear.

Those who competed with ZKsync to attract Lens to their blockchains bowed out of the bidding war once Lens said they were offered about 0.5% of the total ZKsync token supply.

That’s 105,000,000 ZK tokens, with a market value of $17 million.

The deal may not be as good for Lens as it initially seemed.

When tokens are sold in deals they are usually locked up for a period before recipients can sell them.

Since launching on June 17 at around $0.28 per token, the ZK token has sunk. It’s down 37% and now trades at around $0.16.

It’s not known how long, if at all, Lens’ ZK tokens are locked for.

Data of the week

Ethereum gas fees briefly dropped to around 1.7 gwei over the weekend for the first time since 2020.

Falling demand and a move of activity to Ethereum layer 2s are contributing factors to the low gas fees.

This week in DeFi governance

VOTE: Aave DAO takes first step in onboarding Aave Labs as a service provider

VOTE: True DAO split on Wallfacer Labs’ funding request

VOTE: Compound votes to renew OpenZeppelin security partnership

Post of the week

BitMEX co-founder Arthur Hayes is back with another blog post on how the macroeconomic situation between the US and Japan could benefit crypto.

What we’re watching

Crypto-powered prediction market Polymarket just hit an all-time high in open interest — the total value of bets placed on markets.

Got a tip about DeFi? Reach out at tim@dlnews.com.