~/tokens/airdrops $ cat sibil-filtry-za-chto-rezhut-koshelki.md
Sybil filters: what gets wallets cut from airdrops
A sybil attack is when one person pretends to be a thousand to collect a thousand allocations. Projects respond with filters, and before every major TGE there's a purge that cuts tens of percent of addresses.
What exposes a farm
- Transfer graph: hundreds of wallets funded from a single address or through one CEX payout in a row - a classic deanon. Graph clustering is the first and main filter.
- Identical behavior: the same actions in the same order with similar intervals. Scripts leave a signature.
- Synchronicity: a batch of addresses active in the same minutes.
- Emptiness outside the farm: a wallet that only lives "for the drop," with no history before or after.
Why legitimate users get cut too
Filters are heuristics with false positives. A family with three wallets on the same IP, or a user who split gas from a main address across their own wallets, looks like a mini-farm to the graph. Appeals rarely work: it's cheaper for a project to lose a hundred honest users than to leave ten thousand bots in.
In practice: if you're farming honestly with several wallets, fund them independently, spread activity out over time, and give the wallets a normal life. Or better - one wallet with deep activity: filters keep getting stricter, and depth consistently beats breadth.
#сибил фильтр#за что режут кошельки airdrop#мультиаккаунт крипта