The following is a sponsored guest article by Sergey Shashev, the founder of Broxus.
From community rewards to the hunt for ‘free money’
The community has been a driving force behind the development of Web3 applications and blockchains. However, fostering and engaging a community is a challenge, especially with new projects. To address this, developers have implemented various economic mechanisms such as ICOs and staking.
Often overlooked, airdrops are another important boost to the community. This tool has grown into a significant niche. According to Coin geckothe three largest airdrops to date – Uniswap, ApeCoin and dYdX – together account for almost $12 billion. In the past three years, the total value of airdrops has reportedly passed $26 billion.
Initially intended to reward active community members, airdrops have become so lucrative that they have become a pasture for professional opportunists who exploit them for personal gain. These opportunists create multiple accounts to perform the organizers’ tasks, either automatically or with cheap labor.
Their counterfeit activities range from posting basic content on social media and transferring small amounts of cryptocurrencies to spamming a protocol’s source code with useless commits, all in pursuit of what they ultimately see as “free money.”
How Sybil Attacks Tap Airdrops Dry
Airdrop hunters have thus emerged as a new, truly malicious actor, disrupting economic activity within Web3 and damaging its future by diverting value from real users. In March 2023, Lookonchain reported on X (Twitter) about two “super airdrop hunters” who took advantage of Arbitrum’s airdropcollecting over $3 million worth of ARB tokens from approximately 1,500 addresses.
This incident is not an isolated incident. Most major airdrops over the past three years, including those from Optimism, Uniswap, 1inch and many others, have been conducted in a similar manner. targeted by hunters and their bone farms. An anonymous robber claimed to The Block reporter“Blur gave us about $300,000, Arbitrum gave us about $180,000, Aptos gave us $125,000, and Optimism $120,000.”
Unlike real community members, airdrop hunters sell their rewards quickly, causing immediate price drops, and move on to the next target. Starknet, a highly anticipated Layer 2 blockchain built on Ethereum, has experienced this firsthand. Researchers discovered that the network was infiltrated by airdrop hunters months before the native cryptocurrency’s launch in February 2024. The result? STRK fell by 50% in the first two days of spread, putting the future of Starknet in jeopardy. The hunters’ activities even attracted the attention of Chinese police one person arrested on charges of stealing STRK tokens through identity fraud.
Other projects, such as Linea, EtherFi, and Connext Network, have also been drained via airdrops, experiencing what is now called a “Sybil attack,” a cybersecurity phenomenon in which an attacker creates multiple false identities to gain influence or control in a computer network. When these perpetrators don’t get what they want, they often post defamatory statements about the project on social media, spreading FUD. This is essentially a public extortion. We at Everscale have observed such a campaign against our partner blockchain network Venom, which was launched a few months ago.
Ongoing search for the ultimate protection against Sybil attacks
Despite the problem being recognised, the sector has not yet found an effective solution. One approach is to increase the eligibility criteria for claiming airdrops. But even advanced airdrop programs like Arbitrum’s were unable to withstand the Sybil attack.
Some projects try to make compromises, such as LayerZero’s recent proposal to assign smaller airdrops to hunting accounts if they identify themselves as such. Otherwise, their addresses risked being completely excluded from an airdrop. However, distinguishing fake accounts from real ones remains a challenge, not to mention the precedent of recognizing offenders as eligible recipients of community rewards.
Other suggestions include implementing strict identity verification for all airdrop participants. Projects such as Worldcoin’s iris verification or Humanity Protocol’s palm recognition offer possible solutions, but such procedures can compromise user privacy, a core value of Web3. Moreover, professional drop hunters have already found solutions for all kinds of “digital passports”, creating a market for bulk purchasing and “pumping” of virtual identities. This measure only increases costs for fraudsters without solving the problem.
Another solution proposed by Vitalik Buterin is the Soulbound Token (SBT), an NFT that is permanently tied to a real person (“soul”) and serves as “proof of person” and identification without revealing any personal data. SBTs can thus verify a user’s reputation in a decentralized way: if an SBT’s record shows a positive reputation score, the owner gains access to airdrops, which incentivizes benign behavior. However, SBTs are still more of a concept and need to be applied more widely.
These and other options are currently on the table. My article calls for broader discussion and action among all conscientious actors in the Web3 industry. We must address the issue of airdrop raiders before more Web3 projects and their conscientious supporters fall victim to new Sybil attacks. By working together to develop a universal approach and set of standards, we would have the opportunity to repurpose airdrops for their core mission: compensating vibrant communities for their loyalty and dedication.
About Everscale
Everscale is a TVM blockchain powered by an infinite sharding mechanism, which flexibly adapts to any workload so that the size of the load does not affect transaction times or network costs.
This makes Everscale an optimal blockchain for hosting large-scale and tax-intensive decentralized applications. In recent years, Everscale has developed a thriving community and robust ecosystem of DeFi, GameFi, NFT, and other web3 projects.