The Solana pre-sale event ran into distribution issues after a bot farm allegedly used more than 1,000 wallets to wipe out almost the entire Wet (WET) token sale in seconds.
Hosted by decentralized exchange aggregator Jupiter, pre-sale sold out almost instantly. But real buyers didn’t actually get a chance to participate because one actor dominated pre-sales, according to organizers.
Solana automated market maker (AMM) HumidiFi, the team behind the pre-sale, confirmed attack and completely abandoned the launch. The team said it will create a new token and hold the airdrop to legitimate participants, while specifically excluding snipers.
“We are creating a new token. All Wetlist and JUP staker buyers will get a pro-rata airdrop. Sniper gets nothing,” HumidiFi wrote. “We will do a new public sale on Monday.”
Bubblemaps identifies alleged sniper after tracking over 1,000 wallets
On Friday, the blockchain analysis platform Bubblemaps announced that he identified the entity behind the pre-sale attack by spotting an unusual grouping of wallets during the token sale.
On the UX topic, the company reported that at least 1,100 of the 1,530 participating wallets displayed identical patterns of funding and activity, suggesting they were controlled by a single actor.
Bubblemaps CEO Nick Vaiman told Cointelegraph that their team analyzed pre-sale participants using their platform and saw patterns, including new wallets with no prior on-chain activity, all funded by several wallets.
They also received funding in the short term with similar amounts of Solana (SOL) tokens.
“Despite some of the clusters not being connected to each other on the chain, the behavioral similarities in size, timing and funding point to a single entity,” Vaiman told Cointelegraph.
Bubblemaps he said that the sniper funded thousands of new wallets from the exchange, which received 1,000 USDC (USDC) before the sale.
The analytics firm said one of the clusters “slipped,” allowing them to link the attack to the Twitter handle, “Ramarxyz,” who also went to X on ask for a refund.
Related: Pepe memecoin website exploited, redirecting users to malware: Blockaid
Attacks on Sybil must be treated as a “critical” security threat
The attack follows other Sybil attack incidents in November, where clusters controlled by individual entities targeted token stocks.
On November 18th, an entity claimed 60% of aPriori’s APR token. On November 26, Edel Finance-affiliated wallets reportedly sniped 30% of their own EDEL tokens. The co-founder of the team denied that they were sniping the supply and claimed that they put the tokens in the rights agreement.
Vaiman told Cointelegraph that attacks on Sybil are becoming more common in token presales and airdrops. Still, he said the patterns are “different every time.” He said that for security, teams should implement Know Your Customer (KYC) measures or use sybil detection algorithms.
He said they can also manually screen pre-sale or airdrop participants before allocating tokens.
“Sybil activity should be treated as a critical security threat to the token launch,” Vaiman told Cointelegraph. “Projects should have dedicated teams or leave Sybil detection to professionals who can help.”
Magazine: Inside a farm of 30,000 phone bots stealing crypto airdrops from real users
About the Author
