Main navigation

Thousands of Arbitrum (ARB) Airdrop Winners Controlled by Hackers and Sybil Attackers: Data

Fri, 03/24/2023 - 13:22
article image
Vladislav Sopov
While number of specific restrictions was imposed to prevent ARB rewards from ending up in wrong hands, some malefactors reportedly managed to circumvent them all
Thousands of Arbitrum (ARB) Airdrop Winners Controlled by Hackers and Sybil Attackers: Data
Cover image via
Read U.TODAY on
Google News

As Arbitrum (ARB) airdrop became the largest and most anticipated retroactive token distribution in the history of crypto, a number of hackers decided to get the maximum out of it. Here's how some of them managed to benefit from the most impressive "cash rain" in Web3.

$500,000 from vanity addresses: Hacker used well-known vulnerability

On March 23, 2023, Alexander Tkachenko, founder and CEO of Hashscan NFT growth platform, shared his analysis of the potential hack of wallets eligible for the Arbitrum (ARB) airdrop. All of them were created with Profanity, an easy-to-use tool for the activation of so-called "vanity addresses."

Mr. Tkachenko indicated a number of "vanity addresses" — unusual Ethereum (ETH) addresses with personalized names like 0xaaaaaaaaad57... and so on — that the hacker might be using to receive the airdrop. Allegedly, he or she exploited the vulnerability of the Profanity mechanism that made stealing private keys easy for some vanity addresses.

Even before airdrop crypto intelligence firm Arkham spotted a wallet that was preparing to get airdrop rewards from over 2,400 presumably hacked wallets. He/she was sending small amounts of ETH to pay for gas to claim ARB.

By press time, the address of the alleged attacker has already withdrawn almost 22,000 ARB to third-party wallets. As the ARB price has stabilized in the last few hours, this is equal to about $30,000. However, during peak network activity, the hacker was able to sell this loot for $220,000.

253 million ARB tokens distributed among Sybil attackers

Meanwhile, the most detailed report about suspicious activity among the ARB airdrop was released by Chinese journalist Colin Wu and the X-Explore team. They tracked the behavior of "abuser" wallets created for Sybil attacks, i.e., to gain an inappropriate allocation of ARB tokens.

While all modern airdrops have multi-level Sybil protection filters, some of them appeared to be too easy to circumvent. For instance, Arbitrum (ARB) tokens were assigned to Sybil attackers who used bridges, centralized exchanges or smart contracts. Also, Sybil hunters active on other chains — Optimism and Ethereum — were not excluded from distribution.

As a result, researchers say, 150,000 Sybil addresses and at least 4,000 Sybil communities managed to pass all eligibility checks. As such, almost one out of four ARB tokens ended up in their pockets.

Ethereum Layer 2 Arbitrum to Airdrop 1.16 Billion ARB Native Token: Details

As covered by U.Today previously, Arbitrum L2 scaler for Ethereum (ETH) distributed 1.16 ARB tokens between early testers and the most active DAOs on March 23, 2023.

article image
About the author

Blockchain Analyst & Writer with scientific background. 6+ years in IT-analytics, 3+ years in blockchain.

Worked in independent analysis as well as in start-ups (, Monoreto, Attic Lab etc.)