Arbitrum’s upcoming airdrop for its new governance token, ARB, has reportedly encountered significant Sybil activity, exacerbated by what experts have called “ineffective” detection rules.
According to an analysis by crypto security researcher X-explore, Arbitrum’s Sybil detection rules had flaws that were exploited by more than 279,328 same-person and 148,595 Sybil airdrop addresses.
X-explore surmised that the Ethereum (ETH) layer-2 scaling solution’s Sybil detection standards created loopholes allowing at least 4000 Sybil communities to profit from more than 253 million tokens, or 21.8% of the airdrop.
Sybil rules are ineffective in four instances
Per the security experts, the rules failed to stop four forms of Sybils, namely:
- those with less than 20 addresses;
- those that make deposits and withdrawals using cross-chain bridges, exchanges, and smart contracts;
- those with NFTs or fund collection activities after the snapshot;
- those with detectable batch operation behavior on different chains, like Ethereum and Optimism (OP).
Arbitrum had planned to allocate 44% of its new tokens to investors and significant contributors, while the Arbitrum community will receive the remaining 56%.
Nansen will handle the airdrop, where each user will receive tokens according to the number of transactions they have completed, the applications they have used, and the amount of time they have spent on the network.
The platform also created a separate distribution list comprising 137 projects built in its ecosystem. The projects will receive 112,834,000 tokens, with GMX, Uniswap, and Sushiswap receiving 8 million, 4.378 million and 4.249 million respectively.
Arbitrum’s new governance system could be at stake
Sybiling is an attack in crypto networks where a malicious actor creates multiple fake identities or nodes to gain more influence or resources than they deserve. For example, in a peer-to-peer network that relies on voting or consensus mechanisms, a Sybil attacker can create many fake nodes to manipulate the outcome of the vote or disrupt the network.
As reported by crypto.news, Arbitrum declared the launch of its new governance token, the ARB, in anticipation of evolving into a decentralized autonomous organization (DAO). As such, voting rights for significant changes to Arbitrum One and Arbitrum Nova will be granted to ARB holders. But the hijacking of the process by Sybils could jeopardize the governance of the L2 protocol.
To prevent Sybil attacks, crypto networks often use proof-of-work, proof-of-stake, or reputation systems to limit the number of nodes that can join or participate in the network.