Advertisement
AD

Main navigation

Advertisement
AD
Advertisement

Thousands of Arbitrum (ARB) Airdrop Winners Controlled by Hackers and Sybil Attackers: Data

Advertisement
Fri, 24/03/2023 - 13:22
Thousands of Arbitrum (ARB) Airdrop Winners Controlled by Hackers and Sybil Attackers: Data
Cover image via stock.adobe.com
Read U.TODAY on
Google News
Advertisement

As Arbitrum (ARB) airdrop became the largest and most anticipated retroactive token distribution in the history of crypto, a number of hackers decided to get the maximum out of it. Here's how some of them managed to benefit from the most impressive "cash rain" in Web3.

$500,000 from vanity addresses: Hacker used well-known vulnerability

On March 23, 2023, Alexander Tkachenko, founder and CEO of Hashscan NFT growth platform, shared his analysis of the potential hack of wallets eligible for the Arbitrum (ARB) airdrop. All of them were created with Profanity, an easy-to-use tool for the activation of so-called "vanity addresses."

Mr. Tkachenko indicated a number of "vanity addresses" — unusual Ethereum (ETH) addresses with personalized names like 0xaaaaaaaaad57... and so on — that the hacker might be using to receive the airdrop. Allegedly, he or she exploited the vulnerability of the Profanity mechanism that made stealing private keys easy for some vanity addresses.

Advertisement

Even before airdrop crypto intelligence firm Arkham spotted a wallet that was preparing to get airdrop rewards from over 2,400 presumably hacked wallets. He/she was sending small amounts of ETH to pay for gas to claim ARB.

By press time, the address of the alleged attacker has already withdrawn almost 22,000 ARB to third-party wallets. As the ARB price has stabilized in the last few hours, this is equal to about $30,000. However, during peak network activity, the hacker was able to sell this loot for $220,000.

253 million ARB tokens distributed among Sybil attackers

Meanwhile, the most detailed report about suspicious activity among the ARB airdrop was released by Chinese journalist Colin Wu and the X-Explore team. They tracked the behavior of "abuser" wallets created for Sybil attacks, i.e., to gain an inappropriate allocation of ARB tokens.

While all modern airdrops have multi-level Sybil protection filters, some of them appeared to be too easy to circumvent. For instance, Arbitrum (ARB) tokens were assigned to Sybil attackers who used bridges, centralized exchanges or smart contracts. Also, Sybil hunters active on other chains — Optimism and Ethereum — were not excluded from distribution.

As a result, researchers say, 150,000 Sybil addresses and at least 4,000 Sybil communities managed to pass all eligibility checks. As such, almost one out of four ARB tokens ended up in their pockets.

Related

As covered by U.Today previously, Arbitrum L2 scaler for Ethereum (ETH) distributed 1.16 ARB tokens between early testers and the most active DAOs on March 23, 2023.

A
A
A

Related articles

Advertisement
TopCryptoNewsinYourMailbox
TopCryptoNewsinYourMailbox
Advertisement
Advertisement

Recommended articles

Latest Press Releases

Our social media
There's a lot to see there, too

Popular articles

Advertisement
AD