zkSync faces community backlash over lack of anti-Sybil measures in ZK airdrop

Ethereum scaling solution zkSync has come under fire over the lack of anti-Sybil measures for its ZK token airdrop.

Industry pundits believe the airdrop could be compromised by Sybil attacks, leading to unfair token distribution and market instability.

A Sybil attack in this context is when an entity creates multiple wallets to unfairly claim airdropped tokens. This sabotages even distribution by concentrating tokens in the hands of a few.

On Jun. 11, zkSync unveiled plans to airdrop nearly 3.68 billion of its native token to the community. This is 17.5% of the token’s total supply of 21 billion.

695,232 wallets were deemed eligible for this drop with a 100,000 tokens cap on each of them.

With the announcement, the project revealed a list of seven eligibility criteria deemed crucial to mitigate risks against Sybil attacks. These included interacting with 10 smart contracts, trading 10 ERC-20 tokens, or depositing liquidity into a decentralized finance (DeFi) protocol, etc.

According to Cinneamhain Ventures partner Adam Cochran, the airdrop was not “well-planned.”

Cochran claims the eligibility criteria are very easy for farmers to meet by utilizing scripts and bots to automate the process. In contrast, regular users might only interact with a few dapps and hold “only a handful of tokens” since the project is relatively new.

As such, they might not fulfill airdrop requirements as thoroughly as “farmers.”

Cochran’s concerns were echoed by the Sybil-tracking account “Sybil Horror 6.” Per the platform’s estimation using data from LayerZero Labs, 135 million ZK tokens could be lost to wallets identified as Sybil addresses. These wallets are likely controlled by individuals or entities exploiting the airdrop.

Polygon information security chief Mudit Gupta also criticized the airdrop, calling it the “most farmable and farmed airdrop ever.” He called out the lack of Sybil filtering, adding that anyone familiar with the criteria “could’ve easily farmed the shit out of it.”

Amidst the scrutiny, analytics firm Nansen added that it didn’t perform anti-sybil checks or “advise on the airdrop allocation.” However, the project was reportedly alerted about “specific wallet segments,” including “whales and known scammers.” 

Some users criticized Nansesn for its lack of diligence.

What a cop-out from both parties @zksync and @nansen_ai .

Everyone knows you had this information at your fingertips and you expect people to believe you chose not to act on it because that was otherwise part of some proper procedure? Absolutely shameless. https://t.co/qCdWT75YHT

— Borrowed Thots (@To_the_moon2021) June 11, 2024

Interestingly, Ignas, another prominent crypto researcher, pointed out an excerpt from zkSync’s airdrop announcement, where the project claims it purposefully chose not to apply strict sybil criteria.

“Sybil detection often cuts out real users with arbitrary filters,” zkSync wrote.

zkSync hasn’t addressed any of the claims yet.