Fighting Sybils in Airdrops

Airdrop is a crucial concept in tokenomics. Startups of decentralized applications (DApps) reward early supporters by airdropping newly issued tokens up to a certain amount as a free giveaway. This naturally induces greedy hackers, called Sybils, to create multiple accounts for more shares. Most airdrops have prerequisites for qualification, in which utilizing these DApps is unsurprisingly the principal. One particular characteristic of DApps is to implement users' interactions with them in the form of token transfer transactions or smart contract calling transactions on public blockchains. We argue that these individual transactions could reveal underlying signatures of their sending accounts. Specifically, accounts controlled by the same Sybil may exhibit some common behaviors. A careful analysis of Sybil's behaviors shows that accounts controlled by the same Sybil may produce similar DApp activities and regular token transfer patterns. We model the transactions as graphs by representing accounts as vertices and transactions as edges. When multiple accounts receive tokens from the same Sybil to conduct interactions with DApps, we inspect the graphs for these activities and patterns to detect suspicious accounts. We demonstrate the effectiveness of the proposed method in a recent airdrop by presenting the suspicious accounts controlled by Sybils. All the detected accounts exhibit similar interaction activities and regular transfer patterns.