BTC $- · ETH $- · SOL $- · BNB $- · XRP $- · DOGE $- · TON $- · ADA $- · AVAX $- · LINK $- · SUI $- · TRX $- · gas - gwei degen 86/100

~/tokens/airdrops $ cat sibil-filtry-za-chto-rezhut-koshelki.md

tokens Airdrops ·June 28, 2026 ru · en · zh · es · pt · de · fr · ja · ko · tr · ar · it · id · vi

Sybil filters: what gets wallets cut from airdrops

the crptch team · analytics desk · 2 reading time

A sybil attack is when one person pretends to be a thousand to collect a thousand allocations. Projects respond with filters, and before every major TGE there's a purge that cuts tens of percent of addresses.

What exposes a farm

  • Transfer graph: hundreds of wallets funded from a single address or through one CEX payout in a row - a classic deanon. Graph clustering is the first and main filter.
  • Identical behavior: the same actions in the same order with similar intervals. Scripts leave a signature.
  • Synchronicity: a batch of addresses active in the same minutes.
  • Emptiness outside the farm: a wallet that only lives "for the drop," with no history before or after.

Why legitimate users get cut too

Filters are heuristics with false positives. A family with three wallets on the same IP, or a user who split gas from a main address across their own wallets, looks like a mini-farm to the graph. Appeals rarely work: it's cheaper for a project to lose a hundred honest users than to leave ten thousand bots in.

In practice: if you're farming honestly with several wallets, fund them independently, spread activity out over time, and give the wallets a normal life. Or better - one wallet with deep activity: filters keep getting stricter, and depth consistently beats breadth.

$ grep --tags: #сибил фильтр#за что режут кошельки airdrop#мультиаккаунт крипта

✓ track record