w3w scan

Safeguarding the ZetaChain Airdrop from Sybil Attacks and Bots using Unsupervised AI & Machine Learning

January 23, 2024 |

  • ZetaChain needed to identify bots and sybil attacks within their community in order to make sure the data used for their airdrop would drive and reward meaningful community growth
  • In order to accurately pinpoint the right wallets, ZetaChain partnered with SocialScan to leverage their bot detection algorithm to sift through their ecosystem
  • Statistics: 
    • Over 1.3M wallets analyzed in the snapshot
    • Over 300K wallets identified as potential bots



Understanding Sybil Attacks

Sybil attacks involve malicious actors creating numerous fake accounts to claim airdrop rewards multiple times, manipulating the system for their own gain. These actors create and control multiple accounts to obtain more tokens, thereby disrupting the intended purpose of airdrops. While ZetaChain’s Labs product did not announce an airdrop until now, sybil attacks are often performed regardless of official announcements.

Before rewarding communities, the auditing of relevant data plays a vital role in mitigating the risks associated with sybil attacks and ensuring a fair distribution. It helps teams protect the integrity of their projects, maintain the trust of their community, and prevent market manipulation caused by fraudulent behavior. This can be especially true with testnet data like in ZetaChain’s case, which exemplifies the need for robust and fair filtering.


Leveraging AI for Airdrop Auditing

Traditional rule-based systems used for airdrop auditing have limitations in detecting sophisticated bot and sybil patterns. These systems rely on predefined rules and struggle to adapt to evolving fraudulent tactics, making them less effective in identifying new and emerging fraudulent behaviors. 

To overcome the limitations of rule-based systems, SocialScan offers an AI-powered solution for airdrop auditing. By utilizing advanced AI algorithms, SocialScan excels in detecting and preventing bot and sybil behavior, ensuring a level playing field for airdrop participants.


AI-based Machine Learning Detection

Behavioral Detection: Unsupervised machine learning excels in discerning atypical behavioral patterns within vast datasets, proving highly adept at detecting bots that subtly mimic legitimate user behavior. While bots may appear similar to genuine users on an individual basis, their suspicious activities become conspicuous when scrutinizing hundreds or thousands of instances, such as wallets or user profiles.

Adaptability to Emerging Threats: Unsupervised learning can adapt to new and evolving bot behaviors without the need for constant retraining. This is crucial in the context of rapidly changing bot tactics, as supervised methods may struggle to keep up with the diversity of new patterns.

Reduced Labeling Overhead: Unsupervised learning doesn't require labeled datasets for training, saving the effort and cost associated with manually annotating data. This makes it more practical for scenarios where obtaining labeled data is challenging or expensive.

Discovery of Unknown Patterns: Unsupervised methods can uncover previously unknown patterns or trends in data. This is beneficial for detecting novel bot behaviors that might not be covered by predefined rules or labeled datasets used in supervised learning.


Key Advantages of SocialScan's AI Algorithm:

Comprehensive Detection: SocialScan's AI algorithm excels in accurately identifying intricate patterns and anomalies in transaction behaviors, enabling the detection of bot and sybil activity with a high level of precision.

Adaptive Learning: SocialScan's AI algorithm evolves over time, learning from new bot tactics and adapting its detection capabilities to counter emerging threats.

Enhanced Explainability: SocialScan’s AI algorithm provides clear output on the reasons behind its detections, allowing project teams to openly engage with the community and explain why particular wallets are classified as bots.

Efficient Resource Allocation: By accurately identifying fraudulent behavior, project teams can optimize the distribution of airdrops, ensuring that genuine users receive the rewards they deserve.


ZetaChain Detection and Patterns

ZetaChain is a simple, secure, and fast omnichain blockchain. ZetaChain’s Omnichain Smart Contracts, build truly interoperable dApps that span multiple chains from Ethereum to Bitcoin and beyond. Rather than bridging messages, all of the logic can live in a single place, allowing for a more seamless experience as well as significantly less development overhead and risk when trying to integrate many chains including Bitcoin. In its testnet, ZetaChain offered a community product – ZetaLabs – for users to test the novel network functionality out and help grow the community. ZetaLabs allowed for users to perform on-chain (testnet) transactions to earn ZETA Points to mark their progress over time.

SocialScan's AI-powered solution outlined above has successfully identified various bot patterns in ZetaChain’s airdrop data snapshot from its product ZetaLabs. Given this data from their snapshot taken August 20th, 2023, SocialScan’s solution was utilized to map out bot detection based on data across all connected chains. Through this methodology, over 300,000 addresses were identified as potential bots.


Here are three examples of key patterns found:

Pattern #1: Deceptive Funding Wallets

In this case, a group of 1000+ wallets in the same airdrop campaign exhibited suspicious behavior. They made identical fund transfers of the same amount at the same time, using different funding wallets to mask their actions. Among them, more than 500 wallets followed the exact same transaction sequences during a specific timeframe.

Further analysis revealed a consistent and synchronized behavior among the funding wallets. They all conducted identical withdrawal actions in a systematic manner. This indicates a highly advanced form of fraudulent activity.


Pattern #2: Coordinated Bot Activity

The coordinated bot group demonstrated a suspicious behavior by utilizing the same funding wallets to conduct identical transaction behaviors across the group. Notably, once these wallets received airdrops, they immediately executed transfers to the main wallet, a behavior that is unusual for legitimate wallets.



Pattern #3: Cross-Chain Bot Fraud

SocialScan uncovered a sophisticated form of bot fraud called Cross-Chain Bot Fraud. Multiple bots collaborated across different blockchain networks, executing synchronized operations to deceive and manipulate the system for illicit gains.

These bots not only engaged in fraudulent transactions within a single blockchain but also orchestrated identical transfer activities across multiple chains.


Together, this approach has allowed the ZetaChain airdrop to more confidently go out to its community, ensuring that more of the community is awarded rather than large allocations going to individual sybil attack accounts. With a clear “why” for any detected group, the model was able to tune accurately to the dataset. Combined with other data used in the snapshot, the team was able to calculate a distribution for their airdrop that you can read more about in their announcement here.




As the Web3 ecosystem continues to evolve, the prevalence of Sybil attacks poses a significant threat to the integrity and fairness of airdrop campaigns within the space, and projects’ abilities to reward and grow their real communities effectively. Traditional rule-based systems have proven inadequate in effectively detecting and preventing the evolving tactics by malicious actors. The introduction of AI-powered solutions marks a crucial advancement in airdrop auditing, offering comprehensive detection capabilities, adaptive learning, enhanced explainability, and efficient resource allocation. Using this, ZetaChain has been able to offer a more meaningful distribution to their supporters along the way, filtering out a significant amount of clear sybil groups that were found using SocialScan’s AI tooling and methodology.