Connext, a cross-chain liquidity network, made headlines when it announced its xERC20 $NEXT token airdrop on August 17th. To ensure the fair distribution of tokens, Connext initiated the Community Sybil Hunter program, following in the footsteps of projects like HOP and SAFE. Community members were encouraged to identify and report Sybil’s attackers between August 24th and September 1st. However, what was intended to be a commendable effort to reward genuine users quickly became mired in controversy.
The focal point of this controversy became known as “poisoning.” Some community members, angered by the airdrop program’s selection process, threatened to poison Connext airdrop addresses, particularly those belonging to the top 10% of transactions on zkSync.
“Poisoning” is a malicious tactic that involves intentionally manipulating transactions by sending tokens from a “Sybil address” to a “non-sybil address”. This action falsely labels innocent addresses as Sybil addresses.
Shockingly, some of these threats materialized.
These attacks have sparked discontent and heated discussions, posing a threat to the trust between users and the projects they support. However, Trusta Labs, an on-chain data analytics and security platform, is stepping up to the plate with their “Proof of Innocence Program” (PoIP), aimed at battling Sybil attacks and restoring trust within the community.
Poisoning Tactic Analysis
Trusta Labs, leveraging their expertise in on-chain data analysis and security, dissected the two primary techniques of Sybil poisoning attacks:
- Forced Association/Clustering and
- Sybil Propagation
Forced Association/Clustering: This tactic involves poisoners using tools like batch operation scripts to conduct mass token transfers. They send tiny amounts of the same token to numerous innocent addresses in a short timeframe, effectively forcing these unrelated addresses into a cluster. This clustering is solely based on the shared source of the poisoner’s address, despite the addresses having no actual connection.
Sybil Propagation: This tactic relies on existing Sybil addresses to spread their label to innocent addresses through transfers. While this limits the actors who can deploy this tactic, Forced Association doesn’t require pre-existing Sybil addresses, making it easier and more cost-effective to execute.
Trust Labs’ diligent analysis uncovered a real-life case of Connext poisoning on Polygon, providing insights into these poisoning techniques.
In one such case, Trusta identified a poisoning incident where a malicious actor, known as “Poisoner 0x6ab,” used disperse.app to batch transfer to seven innocent addresses. The evidence pointed to poisoning, as there were no direct transfers between these seven addresses, and their activity statistics varied significantly, suggesting they couldn’t belong to a single Sybil cluster.
Trusta’s Proof of Innocence Program (PoIP)
Recognizing the widespread issue of innocent addresses wrongly labeled as Sybils, Trusta Labs introduced the “Proof of Innocence Program (PoIP).” This program empowers poisoned addresses to prove their innocence and rectify the damage caused by Sybil’s attacks.
Here’s how it works:
1. Submit Poisoning Details: If your address was infected, you can provide poisoning details, including your address, poisoner, transaction hash, and chain through the PoIP entrance.
2. Trusta’s Evaluation: Trusta Labs employs both manual review and AI analysis to determine whether your address has been poisoned. You will receive a decision within one day via email.
3. Database for TrustScan and Trustgo: The data collected forms a database that proves your address is unrelated to poisoners. TrustScan, a real user identification service, and Trustgo, an on-chain value-scoring product, will incorporate this data to enhance user identification and segmentation accuracy.
Additionally, Trusta Labs will share this data with project parties and anti-Sybil teams to prevent innocent addresses from being incorrectly identified as Sybil addresses due to poisoning attacks.
The Connext airdrop controversy accentuate the necessity for more robust security measures to protect real users from Sybil attacks. The poisoning attacks that occurred during the airdrop program have shown that malicious actors are willing to go to great lengths to game the system and unfairly benefit from airdrops.
Trusta Labs’ Proof of Innocence Program is a step in the right direction, but it is only one part of the solution. The fact that there is a community-driven solution like the Trusta Labs Proof of Innocence Program is a positive development. Projects need to work with security researchers to develop better ways to identify and prevent Sybil attacks. I am optimistic about the future of DeFi.