- 1 zkSync became popular when it surpassed Solana being an avant-garde Layer-2 solution.
- 2 The project launched its airdrop some time ago and became a victim of a scam.
- 3 One user created 21,877 wallets and obtained an inordinate amount of tokens.
zkSync became an overnight sensation when it outflanked Solana in weekly DEX volume. It is a Layer-2 scaling solution for Ethereum that shows many possibilities for the future. However, a recent incident has compelled crypto users to reconsider their stance on it. In fact, it has questioned the security standards of all the DeFi platforms.
What Exactly Happened With zkSync Airdrop?
On September 11, X (Twitter) user lingland09 shared a post exposing a major vulnerability in zkSync’s airdrop. He highlighted another user, an airdrop participant who created 21,877 Sybil wallets. With a massive volume of wallets, the professional airdrop hunter attempted to swindle an inordinate amount of tokens from the platform.
The miscreant deployed a classy strategy to pull off this feat. He funded each wallet with small amounts of Ether; inciting their owners to use a closed-source token Gemstone ($GEM). The next step was to artificially boost the token’s value using a self-made decentralized exchange. They did it while trading and profiting from these wallets.
He also used a bot to make fake transactions look real and to make detection difficult. Still, Lingland90 somehow identified 10,000 wallets linked to this scheme. He exposed all of them and emphasized the need for enhancing security.
What Makes zkSync’s Airdop Exploit an Alarming Issue?
Scams and forgeries are not new to the crypto space. While the methods change, the motive remains the same and it is gaining profits. In this context, the miscreant went on to the extent of creating 21,877 wallets to obtain tokens. Before getting into the details of the exploit, it is important to know how airdrops make a difference. Airdrops have played a phenomenal role in promoting crypto-based projects.
Airdrops do a great job of extending the outreach of the project. They propose free tokens to loyal users and enthusiastic supporters. Moreover, it inspires the participants to get creative in the promotional efforts for winning tokens. Like many other initiatives, zkSync also utilized an incentive mechanism to promote trading. It encouraged users to engage with the platform, examine its features, and realize its advantages.
Nonetheless, its structure is not impervious to fraud as it focuses on reaching more users without checking their existence. As it happens, some individuals can take advantage of that and get more tokens than others. This practice compromises the effectiveness of the campaign and exposes the whole tokenomics to risks.
Possible Solutions to Airdrop Scam
Know Your Customer (KYC)– The KYC process is a tried and tested formula for keeping forgeries at bay. It works for both centralized and decentralized platforms.
WorldCoin– Worldcoin offers an alternative by bringing biometric identification. It also ensures fair distribution of tokens and flawless verification.
Personhood Oracles– Suggested by Vitalik Buterin, Personhood Oracles verifies the uniqueness of individuals. It brings multiple parties on one platform and reduces the risk of abuse.
The incident brings focus to the feeble structure of airdrops. It also compelled the leaders of decentralized space to take more caution in this process. While the incident raised some issues, it also paved the way for better security measures.