Sybil
A single entity controlling many wallets that pretend to be independent participants. Used to game airdrops, governance votes, fair-launch allocations, and any system that distributes value or weight per address.
Also known as: sybil attack, sybil cluster, sybil farming
A sybil attack exploits the gap between “address” and “person”. A blockchain treats every address as an independent participant; humans operating those addresses do not have to be independent at all. The same operator can fund a thousand wallets from a single seed, hop the funds through layers of fresh addresses to obscure the origin, then claim a thousand identical airdrop shares, cast a thousand governance votes, or absorb a thousand fair-launch allocations. From the chain’s point of view the activity looks distributed; from any honest distribution’s point of view it is concentrated.
The pattern is detectable in retrospect. Wallet-clustering tools like BubbleMaps, Arkham and Nansen group addresses by funding source, transaction timing, and behavioural fingerprints. A cluster funded by similar deposits from the same exchange, routed through three layers of throwaway wallets, and then converging on the same airdrop claim function is the canonical sybil signature. The April 2026 BubbleMaps analysis of the Openmind / ROBO community airdrop is one of the cleaner public worked examples: 7,500+ freshly funded wallets, ~199M ROBO claimed (about 40% of the community slice), ~$8M of value at launch price, all funded through the same multi-exchange-to-throwaway-to-claim pipeline.
The defences are imperfect. Proof-of-personhood schemes (World ID, Gitcoin Passport, BrightID) try to bind one verified human to one identifier, but each carries its own privacy tradeoff and adoption cost. Heuristic anti-sybil scoring (Optimism’s airdrop methodology, the StarkNet provisions, Linea’s filter) blacklists clusters that fail behavioural checks; the trade-off is some false positives that exclude real users. Quadratic-funding-style schemes weight the marginal contribution from each address less, reducing the payoff for sybil clusters. The cleanest answer is structural: distribute by long-tenure behaviour or per-device limits that a sybil cluster cannot fake cheaply. Most airdrops still distribute per-address or per-transaction-count, and most still leak meaningful value to clusters. The question worth asking when an airdrop concentration is disclosed is not “was there a sybil” but “what did the foundation do about it?”