In recent years, cryptocurrency airdrops have become widely popular. These community-based rewards can sometimes be very lucrative, but are now largely hijacked by bots lying in wait.
Airdrop farming: organized misuse of crypto distributions
The development of the cryptocurrency sector relies on the adoption of its innovative features, but also on a few highly effective incentives. Among these, airdrops, initially intended to reward the first users of a protocol, feature prominently.
However, a lot has happened since the historic experience of the Uniswap (UNI) platform in September 2020. These operations are now widely used for promotional purposes to encourage users to interact with the protocols concerned in exchange for the promise of a payment that is sometimes not even enough to cover the costs incurred.
At the same time, this financial windfall has given rise to what are known as airdrop farmers. These are mostly fake accounts managed by bots with the aim of stealing some of the rewards intended for real users.
This is a reality that borders on illegality, deliberately constructed in the shadows, which Mirai Labs CEO Corey Wilton finally managed to access. It was an opportunity to discover a “truly frightening” world, capable of managing tens of thousands of fake accounts simultaneously.
It all started in 2021 with the NFT horse racing game Pegaxy. Corey Wilton was particularly fond of this protocol during the heyday of crypto gaming. But what was supposed to be a simple automated race between 15 horses quickly turned from “who can win” to “who can extract value the fastest.”
This change in dynamics was greatly accelerated by the emergence of bots designed to accumulate rewards at the expense of the protocol itself, to the point of causing its outright demise. This was a real declaration of war for Corey Wilton, who was determined to expose this abuse.
This is what he has finally done on the X network, facing a phone farm capable of handling more than 30,000 smartphones.
I just visited one of the most sophisticated phone farms (30,000 phones) in [location censored] to understand the scale of the attacks against cryptocurrency airdrops. Their client list is long. This is a real wake-up call. Change must happen.
Corey Wilton
Digital identity vs. airdrop farming
Corey Wilton explains how the smartphones used are both simple and complex enough to allow the geolocation of a real account to be spoofed. A system allows a single human to control a “master smartphone” connected to more than 500 “slave phones,” which are designed to replicate its operations identically.
But, as Corey Wilton explains, these airdrop farming farms are ultimately simple “production lines,” offered as a service available to players based elsewhere. The latter are able to hijack these cryptocurrency airdrops, as in the case of Zksync in June 2024, a protocol from which more than $750,000 was stolen by the holder of 85 wallets.
Experts agree on the need to link cryptocurrency airdrops to real digital identities. However, this is a fairly complex procedure, particularly in the face of increasingly low blockchain fees, which make these diversion procedures very inexpensive compared to the potential profits. Food for thought.
