“In one evening, you could make up to 10 quality accounts. It’s not rocket science, it’s just everyday work. That’s why so many people are FOMOing over it,” said Ilya, a 33-year old Ukrainian whose main source of income comes from airdrops.

Ilya is also trading crypto for profit, but airdrops have taken up most of his time the past couple of months, he told me over Zoom, speaking from a “Southern European country.”

Ilya is one of the many crypto traders who make money from Sybil attacks on token airdrops. In other words, they spin up multiple accounts on a blockchain project that is expected to airdrop its token, then they snap as many tokens as they can. (A “Sybil” attack gets its name from a 1973 book about a woman with dissociative identity disorder.)

identity disorder.)

 

The attacks exploit the projects’ weak ability to identify and weed out fake accounts and pull tens and hundreds of thousands of dollars out of each airdrop. After they get tokens, they immediately sell.

Decentralized finance (DeFi) projects use airdrops – a giveaway of free tokens to the wallets of active members of its blockchain community – to attract more users and encourage activity on the project’s blockchain, such as providing liquidity to decentralized exchanges, interacting with smart contracts and other transactions.

With airdrops, projects try to identify and reward active users without dropping tokens to people who have created accounts at the last minute before the airdrop to snatch tokens without actually engaging with the project. After they get the tokens, these people sell immediately, which drags down the price of the token.

Sybil attackers keep trying to fool the system, imitating healthy blockchain activity from multiple accounts belonging to one person or team. Thus, organizing an airdrop becomes an endless whack-a-mole game for projects – and they are far from winning.

For example, during the recent airdrop for the Ethereum scaling protocol Arbitrum, users and entities controlling multiple addresses received almost 48% of all tokens distributed, according to researchers.

Sybil millionaires

Ilya is 33, and crypto speculation has been his primary job for the last six years. “I got into it in late 2016, before the ICO hype,” he said. He used to be a small business owner, trading grain in Ukraine, before going into online marketing. When he learned about crypto, everything changed. He invested in several initial coin offers and his returns were tenfold.

After the ICO hype cooled down, initial exchange offerings (IEO) came along, then the 2020 DeFi craze, then the non-fungible token (NFT) obsession. If you get ahead of a trend, Ilya said, it’s just a free-money giveaway, with airdrops  being just the latest hot opportunity.

”One person I know got 200,000 tokens from several thousand accounts
Airdrops are a legally safer way to distribute a project’s tokens than ICOs,” said Igor Pertsiya, founder of the Hypra venture fund. He said especially deft Sybil attackers can get away with up to several million dollars in crypto from a single airdrop, targeting projects such as Ethereum Name Service (ENS)SuiAptos and others.