Declassifying the Technical Details Behind Energi’s Meticulous Earndrop Audit
Throughout these last several months, Energi’s Core team has been putting in thousands of extra hours in addition to their normal duties to ensure a fair and proper distribution of coins to our community. Unfortunately, we have discovered that nearly half of all submissions were in one way or another fraudulent. Energi’s Defense department deployed a suite of techniques to help filter down the nearly 60,000 applicants using a combination of network analysis and specialized tools. With our exposé we hope to provide a role model to other projects who choose to follow a similar path to ensure a coin distribution to a diverse range of community members. Additionally, we hope our community members will now better understand the delay in the auditing process. We would like to remind everyone that thanks to our meticulous auditing process, NRG will be sent only to those that share our long-term vision.
Data Input Correlation
First, Energi used data input correlation via inputting the massive amounts of information we received via earndrop submissions into databases that could be scanned for intelligence. One of the easiest reasons for banning accounts was discovery of duplicate submissions, which surprisingly, a fair amount of bad actors attempted. Submissions from different accounts for the same social media accounts was also grounds for banning. Next, we used an algorithm to perform fuzzy searches (formally known as approximate string matching) to find very similar name submissions on social media accounts that’d be indicative of a sockpuppet (e.g. Cryptobull123 and Cryptobull124). With the latter methodology to prevent false positives, we did a deeper dive into similar accounts.
Outside Network Correlation
The earndrop portal logged specific IP addresses and ISPs used by applicants during the submission process. Our analysis identified users who submitted multiple times using the same IP address and users who logged into the same IP address during the application process. Due to there being outliers in this type of filtering for family members or friends who would submit from the same home computer or workplace, this wasn’t used as automatic ban criteria. However, it did show that these accounts warranted greater scrutiny. Additionally, we calculated and constantly updated the probability of a certain ISP or VPN being used to submit fraudulent submissions to further assist in identifying fake accounts. On several occasions the vast majority of submissions coming from a specific ISP or VPN provider were found to be fraudulent, so unfortunately due to the bad apples and massive amount of submissions, on a few cases Energi mass banned users from a specific service to save resources. We also used external providers such as Scamalytics to help us identify high risk ISPs.
Additionally, Energi utilized complex social network analysis via sophisticated tools like Gephi to further filter through submissions. We found that often users who had various connections to other users (as friends) in the earndrop were involved in an intricate sockpuppet ring of fake accounts. We were however sure to do a deep dive on these networks to make sure it wasn’t just a large number of legitimate friends or family involved in the earndrop. Our tools also automatically updated to show when users were connected to submissions which were previously found to be fraudulent. Again these particular methodologies weren’t necessarily used as an auto-ban, but showed that our auditors needed to apply additional scrutiny to these accounts. Social media accounts that were created explicitly to receive coins via the earndrop and lacked network activity automatically failed.
Image Exif Data — Metadata Analysis
Energi utilized data from the JPEG quantization table (Q-FP in the graphic below) to derive an ID number for each individual picture. If numbers between multiple accounts matched up in a particular pattern, this would lead our auditors to apply greater scrutiny to these submissions. Then we looked at whether each picture contained a software signature and the variation between the two photos submitted as far as metadata was concerned. Next, our tools allowed us to see whether there was an overlay in the picture indicating that edits were made to photos submitted. Since some users would edit their KYC photos to mark out sensitive information, this flag just meant our auditors would need to do more due diligence. If no sensitive information was striked out yet we still saw an overlay, this would help us determine that an ID was photoshopped in a fraudulent manner.
We’re excited to announce that our original projection of Q4 2019 for earndrop distribution is still the case. After these detailed explanations, we hope our community now further understands and appreciates the reasoning behind a drawn out earndrop audit. We want our coins distributed to a diverse community of supporters rather than malicious actors who criminally created thousands of illegitimate submissions in a greedy selfish effort to dump them and enrich themselves in the process.
As our previous articles indicated, we don’t plan to allow these crimes to go unpunished. These very same bad actors are more likely to sell their coins and negatively affect the community rather than join the Energi’s long term growth. Therefore, our efforts not only support the long-term viability of the project, but each individual coin holder as well.