From zkSync to LayerZero: Witch attacks will erode projects, and no one wants to see a fake community
Author: Builders
Compiled by: ShenChao TechFlow
Token issuance is a critical moment in the history of a project. If the token issuance is mishandled, the project may come to an end.
Nothing can destroy the credibility of a token issuance faster than a witch attack. In such an attack, malicious actors create multiple fake identities to try to gain disproportionate influence and token allocation within the network.
No one wants to see a fake community.
Next, we will explore how witch attacks can impact token issuance through two recent airdrop cases: zkSync and LayerZero.
zkSync
zkSync is an Ethereum Layer 2 scaling solution that uses zero-knowledge proofs and was one of the most anticipated airdrops of 2024. However, it faced criticism for a lack of witch prevention measures. For example, Mudit Gupta, the Chief Information Security Officer of Polygon Labs, commented on X here:
The zkSync airdrop has been released.
This may be the easiest airdrop to "farm" in history.
As far as I know, there was almost no Sybil filtering done.
Anyone familiar with the standards can easily acquire a large amount.
This makes one better understand the efforts LayerZero has made in Sybil filtering.
Adam Cochran, a partner at Cinneamhain Ventures, also expressed similar concerns:
I really like the zkSync team, but from a Sybil prevention perspective, this airdrop plan is indeed not very good.
These standards are easy for real users to miss, while they are easily achievable for "farming" users, and there are no anti-Sybil measures.
In a situation where on-chain projects are so new and the number of projects is limited, real users may only use 1-2 dapps or hold a small amount of tokens.
If the project does not want those "speculators" who quickly sell off, it needs to put more thought into this aspect.
zkSync's Network Activity
In the month following the zkSync airdrop to users on June 17, 2024 (as of July 17, 2024), the number of active addresses on the network decreased by approximately 78.7%. This indicates that most users were only interested in obtaining the airdrop and subsequently abandoned the project.
The number of daily depositors also showed a similar trend—on July 17, 2024, there were only 32 depositors, compared to a peak of 41,257 on March 25, 2023.
After the airdrop, over 40% of the primary recipients of zkSync sold all of their allocated tokens, and 41.4% sold part of their allocation. Currently, only 17.9% of these primary recipients still hold their tokens. According to data from @CryptusChrist, 746 known witch attackers obtained approximately $6.9 million worth of ZK tokens during the airdrop.
ZK Price Trends
Unfortunately, the sell-off of ZK—likely orchestrated by witch attackers—intensified selling pressure in the market, causing the token price to drop by approximately 39.29% between the user airdrop date (June 17, 2024) and July 23, 2024.
So, what went wrong with zkSync? First, the team's airdrop eligibility criteria were relatively easy for witch attackers to exploit, and there was a lack of effective witch prevention measures. Additionally, zkSync also excluded certain legitimate users, such as projects that built on zkSync ERA and directly contributed to its ecosystem.
Now, their team needs to double down on efforts to re-attract significant price speculation driven by the false activities of witch attackers.
LayerZero
LayerZero is an interoperability protocol designed to facilitate seamless communication and asset transfer between different blockchains. Unlike the two examples above, LayerZero has implemented strong witch prevention measures.
According to Bryan Pellegrino, CEO of LayerZero Labs, the team ultimately identified 1.1 to 1.3 million unique witch wallets during the self-reporting and analysis phase, and their team continues to engage and reward the community for reporting witch attackers.
LayerZero's Network Activity
Between April 30, 2024 (the day before the snapshot date) and July 7, 2024, the number of messages on LayerZero decreased by 91.5%.
Similarly, the daily transaction count also dropped by over 92% between the snapshot date and the airdrop date.
This decline is partly because users typically stop their activities after the snapshot date, as they no longer need to trade to qualify for the airdrop. However, the witch prevention methods employed by the aforementioned team may also have influenced this decline, allowing them to conduct the airdrop with fewer witch attackers.
ZRO Price Trends
From June 20, 2024 (the airdrop date) to July 18, 2024, the price of LayerZero's native token ZRO fell from $4.79 to $4, a decrease of about 16%. This decline is significantly lower than the 39% drop experienced by ZK during the same period. Notably, despite the decline in LayerZero's network activity, the price of ZRO eventually exceeded its initial listing price.
While it is difficult to determine all the factors contributing to LayerZero's relatively stable price, its witch prevention techniques may have played a role.
Why Should Builders Care About Witch Prevention?
In the short term, witch attacks may seem beneficial to projects as they can artificially inflate data and generate immediate profits.
However, as the examples above illustrate, introducing witch attacks can lead to token sell pressure and a decline in network activity—both of which erode the long-term sustainability of a project.
When witch attackers are removed, legitimate participants have more opportunities to engage and contribute, as the removal of fraudulent entities frees up valuable positions.
Most teams that launch through airdrops need to double their efforts to re-attract significant price speculation and network activity driven by false activities. No one wants to see a fake community.