In conjunction with Allium labs, we have done a preliminary analysis on the 10.6K botnet that claimed nearly 2M JUP.
- This is the distribution of swaps by the largest sybil attacker, claiming for 10,613 wallets
- The first swap dates of these wallets on jupiter were scatter across time, beginning as early as May 2023
- The inital timestamps of the swap were varied, scattered throughout the day
- These wallets also had unpredicted swap patterns, with varying swap counts and token pairs they swap to
The swaps were extremely tiny, making < 1cent in volume.
In essence, due to the randomness in their transaction patterns, this looks like an sophisticated farming attempt by a professional that predicted a likely Jupiter airdrop earlier in the year.
We will be collaborating with Allium Labs to have a full report on this to benefit future attempts and any other teams doing large scale airdrops.
In addition, for future airdrops, we will publish all available data and work closely with the community and data experts to to prevent this from happening again.
Notes:
- TIL: There are institutional airdrop farmers: https://twitter.com/ayyyeandy/status/1754693513269104940
- We included all 955K wallets in an attempt to be as egalitarian as possible, but it looks like this would include too many botnets
- We decided the criteria only in nov 23 after the breakpoint announcement and in conjunction with the community.
- We erroneously hypothesized about the botnet being done a few days before the announcement based on speculation before doing a deeper dive on the data. We apologize for this and will do better in the future