This article is jointly published by X-explore and WuBlockchain.

Conclusion: X-explore announces a Sybil attack warning. The Mycelium project has been suffering from large Sybil attacks since last month. More than 90% of the addresses of the NFT OG given by the Mycelium project on the Arbitrum chain are low quality address and more than 60% of addresses are considered as sybils.

1. Project Overview

Domain: Defi / Dex

Website: https://mycelium.xyz/

Chain: Arbitrum/ETH

Participated Addresses: 2369 Arbitrum, 623 ETH

NFT Contract Address: 0xcf72978cf3f17a6194a394888a1d7a4e6effa405

Mycelium was formerly known as Tracer DAO. In August 2022, TracerDAO was upgraded and transitioned to Mycelium. Mycelium has launched the first perpetual future contract "Mycelium Perpetual Swaps" on Arbitrum chain.

After TracerDao migrated to MYC, Mycelium officially launched the following activities until now. Users can swap TCR tokens and MCY tokens on 1:1. After the swap is successful, they can receive an NFT issued by the Mycelium project for free. The Mycelium does not set any entry requirement on the amount of swap so that users can use a tiny amount of TCR token to swap MYC token while returning a Mycelium OG NFT at almost zero cost. Addresses holding OG NFT have a greater chance of getting airdrops in the future. This zero-entry requirement breeds the econnoisseur to pour into the Mycelium project.

2. Sybil Attack Data Analysis

2.1 MYC Token Amount

We found that the amount of MYC tokens swapped by most addresses that obtained Mycelium NFT on the Arbitrum chain is extremely small, and users spend almost 0 costs to get an NFT for free. Therefore, we speculate that those users who transacted a tiny amount of MYC tokens are probably the econnoisseur. Compared with the Arbitrum chain, the quality of addresses on the ETH chain is much better. The users on ETH tend to purchase and hold a bulk of MYC tokens.

Based on the statistics we have, a total of over 60% (about 1500) Arbitrum addresses got free NFT for less than 10 MYC tokens, around 0.5 USD. Compared to the Arbitrum chain, only about 10% of ETH addresses swapped MYC tokens for less than 10, and more than 80% of ETH addresses purchased more than 100 MYC tokens when they received the MOGs.

As shown in the figure below, on the Arbitrum chain, there are more than 60% of users with about 1,500 addresses traded less than 10 MYC tokens. it is worth mentioning that since October 20, the number of low-quality addresses with small MYC transactions in exchange for AMOGs NFT has suddenly increased, and the proportion has soared to more than 90%. we deduce that these addresses are most likely wool users. Compared with the Arbitrum chain, the address quality on the ETH chain is relatively premium, and both the percentage of low-quality users and the absolute number have been far lower than that of the Arbitrum chain.

2.2 Token Balance Status

More than half of Aribtrum's obtained AMOGs addresses have a balance of less than $5, which further suggests that the quality of the addresses obtained for AMOGs NFT is poor.

3. Sybil Attack Example

We discovered that on October 27th, there were Sybil attacks on the Arbitrum chain, with a total group size of 35, for the following reasons.

1. Same source of fund: the address is 0x641C00A822e8b671738d32a431a4Fb6074E5c79d

2. Same Swap method: both swapped USDT for WETH at Uniswap, swapped WETH for TCR at Sushiswap on the same day on October 27, and finally exchanged TCR for MYC and got AMOGs NFT on the same day

3. Highly consistent on other behavior: all are small swaps, and all are involved in GMX staking and other coins Elk, VSTA, SPA token transactions

As shown in the figure:

4. X-explore Comment

The project owner needs to design reasonable campaign rules to attract users and avoid a large influx of econnoisseur. Mycelium has no limit on SWAP amount, causing econnoisseur to receive NFT OG at a few cents cost. X-explore suggests that establishing the prescreen steps of the address is needed for future airdrops on Mycelium.

For more, please follow x-explore.
Mirror: https://mirror.xyz/x-explore.eth
Twitter: https://twitter.com/x_explore_eth