NFT & ICO Calendar

    Shocking Sybil Attack Uncovered: Individual Controls Over 21,000 Wallets on zkSync Network

    Security is a paramount concern…

    Recent developments have shed light on a shocking incident that has sent ripples through the crypto community.

    An individual with exceptional skill and cunning orchestrated an incredibly sophisticated Sybil attack on zkSync, a prominent layer-2 scaling solution for Ethereum.

    This audacious exploit has granted the attacker control over an astounding 21,877 wallets within the network.

    In this blog post, we’ll dive deep into the details of this shocking incident, exploring the intricacies of the attack, the attacker’s tactics, and the implications for the broader crypto landscape.

    The Sybil Attack Unveiled

    The zkSync network, designed to enhance the scalability of Ethereum, became the unsuspecting playground for a Sybil attack of unparalleled sophistication.

    A Sybil attack occurs when a single malicious entity deploys multiple fake identities to manipulate and compromise a network’s functionality.

    In this case, the attacker leveraged a meticulously designed bot, which executed transactions within the zkSync network, all with a high degree of precision.

    Notably, these transactions weren’t executed manually; instead, they were automated by the bot.

    This level of automation allowed the attacker to conduct a relentless assault on the network, evading the human limitations of time and precision.

    Mastering Liquidity Manipulation

    One of the most striking aspects of this attack was the attacker’s adeptness at manipulating liquidity within the network.

    By injecting liquidity themselves, they skillfully evaded issues related to slippage that might have otherwise impeded their progress.

    This strategic move enabled them to execute a series of transactions on the zkSync Era network with remarkable efficiency and cost-effectiveness.

    The ability to control liquidity not only minimized potential disruptions but also facilitated seamless operations.

    This proficiency in liquidity manipulation showcased the attacker’s profound understanding of the intricacies of zkSync.

    Cost-Efficiency at Its Best

    Moreover, the individual behind this attack demonstrated a keen understanding of cost optimization.

    Despite orchestrating an impressive volume of transactions across 21,877 wallets, they managed to do so with minimal fees.

    This calculated approach involved spending only 1.5 to 2 USD worth of ETH fees per wallet.

    Furthermore, the attacker exhibited a high level of discretion by executing transactions at varying intervals, spanning months, weeks, and days.

    This deliberate variation in timing aimed to mimic the behavior of legitimate users and other layer-2 projects, thereby making their activities appear less suspicious.

    Unveiling the Vigilant Observer

    However, it’s essential to acknowledge that, despite the complexity of this Sybil attack, it did not go entirely unnoticed.

    Within the crypto community, a vigilant observer known as Lingland 09 managed to track down a substantial portion of the 21,877 fake Sybil wallets created by the attacker.

    This determined individual took it upon themselves to monitor and document the activities of the attacker.

    However, Lingland 09 faced a significant challenge due to the limitations of the zkScan Explorer, which only supports up to 1,000 pages of history for each contract.

    This limitation restricted the number of wallets that could be documented, underscoring the need for more comprehensive tools and protocols to combat such attacks effectively.

    Added Liquidity To $Gem Tokens With 80+ Eth
    Added liquidity to $gem tokens with 80+ eth

    The Matter Labs Team’s Response

    As of now, the Matter Labs team, the developers behind zkSync, has not issued any official notice regarding the attack.

    Nevertheless, the crypto community has been vocal in urging the team to take decisive action.

    The primary focus is on identifying and detecting all 21,877 fake Sybil wallets associated with the individual’s activities.

    The community is particularly interested in the utilization of the $gem token claim contract to achieve this.

    The urgency lies in restoring trust and security to the zkSync network and ensuring that such audacious attacks do not undermine the credibility of the entire ecosystem.

    A Surge in Sybil Attacks

    Regrettably, this incident is not an isolated one.

    The crypto community has been witnessing a surge in Sybil attacks, with recent airdrops becoming particularly vulnerable to this nefarious tactic.

    A Sybil attack in the context of airdrops involves generating numerous eligible wallets to claim the airdrop, followed by promptly converting and profiting from the tokens.

    One such incident that grabbed the community’s attention involved Connext, a cross-chain liquidity network, and its xERC20 $NEXT token airdrop on August 17th.

    To ensure fair distribution, Connext introduced the Community Sybil Hunter program, drawing inspiration from successful projects like HOP and SAFE.

    Connext’s Ordeal

    However, Connext Network found itself at the center of controversy due to a suspected Sybil attack during the native token airdrop.

    The essence of this attack lies in its audacity.

    A wallet, created merely four hours before the NEXT airdrop, managed to siphon off over 200 claims for itself, all while blatantly disregarding the airdrop’s one-claim-per-wallet rule.

    The audacious attacker didn’t stop there.

    According to Debank data, the wallet systematically swapped NEXT tokens for tether (USDT) and ether (ETH), amassing a staggering profit of approximately $38,000 shortly after the airdrop commenced.

    This brazen act underscored the attacker’s cunning and disregard for ethical norms within the crypto space.

    Furthermore, the malicious wallet inundated the airdrop’s user interface with a deluge of requests, leading to a temporary outage.

    Arjun Bhuptani, a founding contributor at Connext, confirmed the temporary disruption caused by this orchestrated attack.

    Understanding Sybil Attacks

    To comprehend the gravity of these incidents, it’s crucial to delve deeper into the mechanics of Sybil attacks and their implications for the crypto community.

    At its core, a Sybil attack is a deceptive maneuver that hinges on creating multiple fake identities or nodes within a network.

    These identities are controlled by a single malicious entity, allowing them to exploit vulnerabilities and manipulate the network’s operations for personal gain.

    The Vulnerability of Airdrops

    Airdrops, a common practice in the crypto world, involves the distribution of tokens to eligible wallet holders.

    However, this process is not without its vulnerabilities.

    Sybil attackers exploit these vulnerabilities by creating numerous fake wallets to claim tokens multiple times, thereby unfairly accumulating substantial amounts of cryptocurrency.

    The Impact on Fair Distribution

    Sybil’s attacks disrupt the principle of fair distribution, a cornerstone of many blockchain projects.

    By manipulating the system, attackers gain an unfair advantage, often at the expense of genuine users and token holders.

    This erodes trust within the community and can lead to the devaluation of affected tokens.

    The Need for Vigilance and Innovation

    The recent surge in Sybil attacks highlights the pressing need for vigilance and innovation within the crypto space.

    Developers, security experts, and community members must collaborate to devise robust solutions that safeguard networks against such malicious activities.

    Protecting the Crypto Ecosystem

    In the face of these challenges, what steps can the crypto community take to protect the ecosystem and prevent Sybil attacks from undermining trust and security?

    Enhanced Security Measures

    First and foremost, enhancing security measures is imperative.

    Projects like zkSync and Connext Network must implement comprehensive security protocols that actively monitor and detect suspicious activities.

    This includes the rapid identification of fake wallets and the swift removal of malicious actors from the network.

    Education and Awareness

    Education plays a pivotal role in countering Sybil’s attacks.

    Users and project teams alike must be educated about the risks and vulnerabilities associated with airdrops and similar initiatives.

    This knowledge equips individuals with the tools to identify and report suspicious activities promptly.

    Community Vigilance

    The crypto community’s vigilance is an invaluable asset.

    As demonstrated by Lingland 09’s efforts in tracking down fake Sybil wallets, individuals within the community can make a significant difference.

    By actively monitoring and reporting suspicious activities, community members can contribute to the overall security of blockchain networks.

    Continuous Innovation

    Innovation remains the cornerstone of progress within the crypto space.

    Developers and researchers must continually explore new methods and technologies to thwart Sybil’s attacks effectively.

    This includes the development of more robust identity verification systems and enhanced security measures.


    The recent Sybil attacks on zkSync and Connext Network serve as stark reminders of the ever-present challenges within the crypto landscape.

    These incidents highlight the audacity and sophistication of malicious actors seeking to exploit vulnerabilities for personal gain.

    However, they also underscore the resilience and determination of the crypto community in responding to such threats.

    It’s clear that the crypto ecosystem is not a playground for the faint-hearted.

    It’s a realm where innovation and security are in constant tension with audacious exploits.

    As we navigate this intricate landscape, it becomes evident that collaboration, vigilance, and innovation are our most potent weapons against Sybil attacks and other security threats.

    These incidents must serve as catalysts for change, driving us to develop more robust security measures, educate the community, and foster an environment of trust and fairness.

    The crypto community has faced numerous challenges throughout its evolution, and each challenge has made it stronger.

    While Sybil attacks are a formidable adversary, they are not insurmountable.

    With the collective efforts of developers, researchers, security experts, and community members, we can fortify our networks, protect our assets, and ensure that the promise of blockchain technology continues to shine brightly.

    The shocking Sybil attacks on zkSync and Connext Network are wake-up calls that remind us of the need for constant vigilance and innovation in the crypto space.

    Together, we can strengthen the foundations of trust and security upon which the crypto revolution is built, ensuring that it thrives for generations to come.

    Joshua Carl
    Joshua Carl
    With his finger on the pulse of the crypto industry, Joshua continues to push the boundaries of knowledge and insight, ensuring that readers are well-informed and inspired by the exciting possibilities that lie ahead.

    Stay in the Loop

    Get the daily email from CryptoNews that makes reading the news actually enjoyable. Join our mailing list to stay in the loop to stay informed, for free.

    Latest stories

    You might also like...