From zkSync to LayerZero: Witch attacks erode projects, and no one wants to see fake communities
TechFlow Selected TechFlow Selected
From zkSync to LayerZero: Witch attacks erode projects, and no one wants to see fake communities
Most teams launching via airdrops need to work twice as hard to re-engage users, as the significant price speculation and network activity were driven by artificial incentives.
Navigating Web3 tides with focused insightsAuthor: Builders
Translation: TechFlow
Token distribution is a pivotal moment in a project's history. Mess up the token launch, and the project could be over.
Few things can destroy the credibility of a token distribution faster than a Sybil attack. In such attacks, malicious actors create multiple fake identities to gain disproportionate influence and token allocations across the network.
No one wants to see a fake community.
Next, we’ll explore how Sybil attacks impact token distributions through two recent airdrop cases: zkSync and LayerZero.
zkSync
zkSync is an Ethereum Layer 2 scaling solution using zero-knowledge proofs and was one of the most anticipated airdrops of 2024. However, it faced significant criticism due to a lack of Sybil resistance. For example, Mudit Gupta, Chief Information Security Officer at Polygon Labs, commented on X:
The zkSync airdrop has dropped.
This might be the easiest airdrop to farm ever.
As far as I can tell, almost no Sybil filtering was done.
Anyone who knows the basics can easily farm large amounts.
Makes you appreciate even more what LayerZero did with Sybil filtering.
Adam Cochran, partner at Cinneamhain Ventures, echoed similar concerns:
I really like the zkSync team, but from a Sybil-resistance standpoint, this airdrop was poorly planned.
The criteria are easy for farmers to hit but hard for real users to meet, with no anti-Sybil measures.
In such a new space with so few projects, real users may only use 1-2 dapps or hold minimal tokens.
If a project doesn’t want flip traders, they need to put more thought into this.
zkSync Network Activity
Within one month after zkSync distributed tokens to users on June 17, 2024 (up to July 17, 2024), active addresses on the network dropped by approximately 78.7%. This suggests that most users were only interested in claiming the airdrop and then abandoned the project.
Daily depositors showed a similar trend—on July 17, 2024, there were only 32 depositors, compared to a peak of 41,257 on March 25, 2023.
After the airdrop, over 40% of main ZK recipients sold their entire allocation, while 41.4% sold part of it. Currently, only 17.9% of these major recipients still hold their tokens. According to data from @CryptusChrist, 746 known Sybil attackers received around $6.9 million worth of ZK tokens in the airdrop.
ZK Price Performance
Unfortunately, the selling pressure—likely orchestrated by Sybil attackers—intensified market sell-offs, causing the token price to drop approximately 39.29% between the user airdrop date (June 17, 2024) and July 23, 2024.
So what went wrong with zkSync? First, the team’s airdrop eligibility criteria were relatively easy for Sybil attackers to exploit, and there were no effective anti-Sybil measures. Additionally, zkSync excluded certain legitimate users, such as those building on zkSync Era and directly contributing to its ecosystem.
Now, their team must work twice as hard to re-engage users amid significant price speculation and declining network activity driven by fraudulent behavior.
LayerZero
LayerZero is an interoperability protocol designed to enable seamless communication and asset transfers across different blockchains. Unlike the above examples, LayerZero implemented robust Sybil-resistant measures.
According to Bryan Pellegrino, CEO of LayerZero Labs, the team ultimately identified between 1.1 million and 1.3 million unique Sybil wallets during the Sybil self-reporting and analysis phase, and they continue to engage and reward the community for reporting Sybil attackers.
LayerZero Network Activity
Between April 30, 2024 (the day before the snapshot) and July 7, 2024, the number of messages on LayerZero dropped by 91.5%.
Likewise, daily transaction counts fell by over 92% between the snapshot and airdrop dates.
This decline is partly because users typically stop transacting after the snapshot date, as they no longer need activity for airdrop eligibility. However, the team’s proactive Sybil detection approach likely contributed to this drop, allowing them to conduct the airdrop with fewer Sybil attackers.
ZRO Price Performance
From June 20, 2024 (airdrop date) to July 18, 2024, LayerZero’s native token ZRO declined from $4.79 to $4, a drop of about 16%. This is significantly less than ZK’s 39% drop over a similar period. Notably, despite declining network activity, ZRO eventually traded above its initial listing price.
While it's difficult to isolate all factors behind ZRO’s relative price stability, its Sybil-resistant techniques likely played a role.
Why Should Builders Care About Sybil Resistance?
In the short term, Sybil attacks may seem beneficial to a project by artificially inflating metrics and generating immediate profits.
However, as shown in the examples above, allowing Sybil attackers can lead to token sell-offs and declining network activity—both of which erode a project’s long-term sustainability.
When Sybil attackers are removed, legitimate participants have greater opportunities to engage and contribute, as the removal of fraudulent entities frees up valuable space.
Most teams launching via airdrop will need to work much harder to regain trust and rebuild engagement after being undermined by fake activity and speculative trading. No one wants to see a fake community.
Join TechFlow official community to stay tuned
Telegram:https://t.me/TechFlowDaily
X (Twitter):https://x.com/TechFlowPost
X (Twitter) EN:https://x.com/BlockFlow_News
@CoinList
