Pre-Launch House Cleaning
A behind the scenes look at the latest anti-sybil action before the Pion launch
Creating anything of value also brings out malicious actors, who try to game the system at the cost of others. The history of blockchain and the web3 is a constant evolution of this cat-and-mouse game and with a bit of sportsmanship one can simply see malicious actors as “uninvited security-consultants”.
Everyone is looking forward to the launch of Pion and its token on the 18th and 1,500+ operators have already claimed their bonPION node drop. As usual, some tried to make unfair gains by running more than one node (some in the double digits). If not discovered and removed, they would have lowered the network’s security and reduced all the honest node operators’ rewards.
Learn more how Pion’s anti-Sybil attack team found them out and excluded them.
Discovering Suspicious Actors
Since we first started uniqueness verification, we created a dedicated anti-Sybil attack team to monitor the network and study the node-data for certain patterns and behavior and identify malicious actors, exploits and potential attacks. In this case, we studied faucet usage patterns, as well as suspicious deployment activities to discover malicious operations.
Suspicious Faucet Patterns: tBNB Source
Honest ALICE users got tBNB from the BNB faucet whose link we provided on the dashboard or might have gotten it from a friend or relative. However, malicious users generally didn’t use the faucet and used other methods that pointed to a targeted operation.
One way was to send tBNB to many wallets that were apparently owned by the original one; in other words, many wallet addresses received tBNB from one address.
Another way was to send tBNB sequentially. Wallet A sent tBNB to wallet B. Wallet B created a node and right after it, sent the remaining tBNB to wallet C which did the same with wallet D. And this went on for a multitude of times.
Deployment Patterns on ALICE
There often was a pattern with which the would-be-exploiters added their nodes to ALICE V1, V2 and also went through uniqueness verification. For instance, many nodes were added to ALICE V2 in the same order in which they had joined V1. Not only that, they even went through uniqueness verification in that same order. Even when we asked all operators to manually rebuild their nodes on March 25th, all these nodes were rebuilt at the same time. See the following image.
If you carefully look at the below image, you can see the following:
- All the wallets received tBNB from the wallet address 0xd45…e520c (column H)
- We sorted the data based on the time of adding nodes on V1, and all the info from V2 and uniqueness verification exactly followed the order of V1. (Columns B, C and E)
- The time for rebuilding them is the same.
Interestingly, when we asked the people who could not claim bonPION to fill out a form, this malicious player, in a last-ditch attempt, filled the form 150 times using fake accounts that had joined our Discord all on the same day. See column D in the following image.
Making an Appeal
Sometimes legitimate actors unknowingly display suspicious patterns — anyone who thinks his/her wallet address was wrongly flagged as suspicious should fill out the form, present evidence and our anti-sybil attack team will get in touch.
In one example a number of users obtained tBNB from Pancake Swap and Zetachain. The exchange wallet addresses were originally not recognized as valid. They explained how they obtained tBNB, studied the other criteria and checked their activities during the last 7 months, and found no suspicious activity, so they were whitelisted.
We are constantly working hard to maintain a secure network and a fair distribution of operator rewards for Pion users and the recent round of house-cleaning was another step toward that goal.
Muon Network
Muon is a chain-independant and stateless DON (Decentralized Oracle Network) that enables dApps to make their off-chain components decentralized. By incorporating Muon, the manner in which decentralized applications store, process, and access data will be fundamentally transformed, redefining the landscape of decentralized systems.
Run a Pion node.
Twitter | Telegram | Discord | Website | Medium | GitBook | Developer’s Guide
