DEV Community

Cover image for Sybil attacks on airdrops: up to 80% of participants are bots
KeepFlow
KeepFlow

Posted on

Sybil attacks on airdrops: up to 80% of participants are bots

#ai #antifraud #automation #development

That's the real picture in 2026. Not a worst-case scenario — the baseline expectation for any unprotected token launch.

A token launch costs the project millions: marketing, distribution, infrastructure, team time. And most of it goes not to real users, but to farming operations.

How a farming operation is actually structured:

→ Operator rents 10K+ devices (anti-detect browsers running in cloud infrastructure) → Each runs a separate wallet with pre-warmed activity history → Fake names, purchased KYC documents, automated social task completion → After distribution — sell tokens immediately, move to next airdrop

This isn't a hobby. It's a $100M+ industry with dedicated teams, infrastructure providers, and a secondary market for "warmed" wallets.

What doesn't work:

→ KYC — farmers buy real identity data on the darkweb or use KYC-as-a-service → Wallet age requirements — pre-warmed months before launch, sometimes years → Social tasks (follow, retweet, join Discord) — automated by scripts, or done by $0.10/task labor → On-chain reputation (Gitcoin Passport, BrightID) — useful, but farmers buy aged accounts on secondary markets

What works: device fingerprinting + cross-wallet linking.

When the system sees 1,000 wallets being created from 50 devices — that's a clear signal no amount of wallet warming can hide. Even the most expensive farming operation is bottlenecked by physical device count.

Real case: NFT collection airdrop, 47,000 wallet connect attempts in the first hours of launch. 12,000 linked via device fingerprint into clusters. Largest cluster: 1 device created 480 wallets in 90 minutes.

Final result: 92% of airdrop went to unique real users. $340K worth of tokens saved at post-launch price.

Critical for Web3: no mandatory KYC required. Just proof-of-uniqueness via device. Composability with on-chain reputation systems is preserved. No identity-verification UX that gates out real users.

The math protocol teams need to run:

→ If your airdrop distributes $5M in tokens and 80% goes to farmers → $4M wasted → The community feels cheated, the token has worse price discovery, real supporters get diluted

If your next airdrop loses 80% to farmers, the failure isn't the airdrop. The failure is launching without Sybil resistance and pretending it's an even distribution.

Discover how Tracio helps protocols identify Sybil attacks without adding KYC friction.

Top comments (0)