Shocking Sybil Attack Uncovered: Individual Controls Over 21,000 Wallets on zkSync Network
According to a recent X thread, it has recently come to light that an individual has orchestrated an incredibly sophisticated Sybil attack on zkSync, a layer-2 scaling solution for Ethereum.
🚨Warning: 21877 sybil wallets by one person #zkSync
— Lingland 09. ∎ (@lingland09) September 10, 2023
Let's disclosure this individuals sybil tactics, he funded all of his wallets with very small amounts of ether, then he deployed Gemstone ( $GEM ) token that wasn't open source. (https://t.co/UXS2O2fivg)
++ pic.twitter.com/firJbfcdfL
This Sybil attack has given this individual control over a staggering 21,877 wallets within the network.
The individual’s strategy involved a meticulously designed bot, which they utilized to execute various transactions within the zkSync network.
Notably, these transactions were not manually conducted but automated by the bot. This level of automation allowed for a high degree of precision in the attack.
One key aspect of this attack was the individual’s ability to manipulate liquidity within the network. By adding liquidity themselves, this actor was able to evade issues related to slippage that might have otherwise occurred.
Consequently, they could execute a series of transactions on the zkSync Era network with remarkable efficiency and cost-effectiveness.
Furthermore, the individual behind this attack demonstrated a keen understanding of how to minimize costs. Despite accumulating an impressive volume of transactions across the 21,877 wallets, they managed to do so with minimal fees.
This calculated approach involved spending only 1.5 to 2 USD worth of ETH fees per wallet. Moreover, the attacker executed transactions at different intervals, including various months, weeks, and days, to mimic the behavior of legitimate users and other layer-2 projects, making their activities appear less suspicious.
However, it’s important to note that despite the complexity of this Sybil attack, it did not go unnoticed. Lingland 09, a diligent observer in the crypto community, managed to track down a substantial portion of the 21,877 fake Sybil wallets created by the attacker.
Unfortunately, zkScan Explorer only supports up to 1,000 pages of history for each contract, limiting the number of wallets Lingland 09 could document.
Although the Matter Labs team, the developers behind zkSync, has not released any official notice about the attack, the community has urged the team to take action to identify and detect all 21,877 fake Sybil wallets associated with this individual’s activities, mainly through the $gem token claim contract.
Surge in Sybil Attacks Hits Crypto Community, Airdrops Under Threat
The crypto community is witnessing a surge in Sybil attacks, with yet another airdrop falling prey to this nefarious tactic. This tactic involves generating numerous eligible wallets to claim the airdrop, promptly converting and profiting from the tokens.
Connext, a cross-chain liquidity network, made waves with its xERC20 $NEXT token airdrop on August 17th.
Connext introduced the Community Sybil Hunter program to ensure fair distribution, drawing inspiration from projects like HOP and SAFE.
However, the spotlight has turned on Connext Network, a protocol enhancing security through native blockchain bridges, due to a suspected Sybil attack during the native token airdrop.
A wallet created just four hours before the NEXT airdrop siphoned off over 200 claims for itself using multiple wallets, despite the airdrop’s one-claim-per-wallet rule.
According to Debank data, the wallet systematically swapped NEXT tokens for tether (USDT) and ether (ETH), accruing approximately $38,000 in profit shortly after the airdrop commenced.
Moreover, the wallet inundated the airdrop’s user interface with a deluge of requests, leading to a temporary outage, as confirmed by Arjun Bhuptani, a founding contributor at Connext.
