Written by: Lucy
On February 18, Toghrul Maharramov, a senior researcher at Scroll, said on the social media platform, "If you spam GitHub repositories and fix spelling errors, you are just wasting your time and ours." In this tweet, Toghrul Maharramov specifically named Celestia and Starknet, "accusing" them of undermining encrypted OSS.
Scroll GitHub is full of spam
Toghrul Maharramov’s “dissatisfaction” with Celestia and Starknet stems from the fact that they extended airdrops to developers and contributors.
According to Starknet’s latest airdrop, developer Tom Kysar received 1,800 Starknet tokens for a single commit on Starknet’s GitHub that simply spell-checked a single word in a Starknet document. Before Starknet tokens were traded, the airdrop was worth $3,200.
Kysar’s success has spawned a number of copycats, who have flocked to tokenless project repositories on GitHub in the hope of receiving future airdrops, and Scroll is the first choice for attack in this copycat craze.
Recently, short hunters are spamming Scroll's GitHub repository with low-quality contributions, causing the team to spend a lot of time filtering spam. A Scroll developer said that the "core team is stretched thin" and this issue could "make their lives harder."
While Toghrul Maharramov said it's not a big problem at the moment, spam submissions continue to increase, with DLNews reporting that there are now over 1,100 questions, with 300 added in the past 24 hours. Despite the constant spam, Toghrul Maharramov said the team has the situation under control and "it should take a few hours to filter out all the spam."
In fact, Tom Kysar’s word modification of Starknet cannot be compared to spam, and Celestia and Starknet rewarding OSS contributors is not a bad thing. As Toghrul Maharramov wanted to express, “Even the most noble cause in the crypto space, rewarding open source software contributors, may create some perverse incentives that some people may choose to take advantage of.”
Attacking Github, LuMaoJuan comes up with a new trick
Airdrops are designed to reward early users of DeFi protocols, turning the first fans of a project into a group that guides the next step of the project. For example, these tokens are often used to propose changes to the project. Toghrul Maharramov also said, "The goal of airdrops should be to distribute your tokens to as many users as possible who are relevant to your project."
Cryptocurrency airdrops have become increasingly attractive as a small number of airdrop recipients have received prizes worth tens of thousands of dollars, which has become a major problem for crypto projects.
In order to maximize their potential airdrop rewards, the Maomao party will create multiple wallet addresses, invest hundreds of hours and deploy complex strategies to cover up their farm activities, and as long as they are not caught, they can earn millions of dollars in free tokens. Last June, a team held a Zksync offline event in Shenzhen, where more than a hundred people held hundreds of thousands of addresses, and the number is still growing.
Inspired by the myth of OP and ARB, a large number of people and funds poured into the industry. They frantically looked for new public chains and L2 that had not yet issued coins. Among them, L2 was the absolute main force of interaction. Hundreds of thousands or even millions of addresses were generated, and a large amount of ETH entered it for "meaningless" interactions.
As for the project owners, they know that most of the addresses are scammers who take the money and run away, so they will also find ways to counter it. When L2 is competing for supremacy, a large part of the gas fee in the L2 transactions on the market is the handling fee, and the latter will flow into the pockets of the project owners. In addition, the multi-chain scams have also made "cross-chain bridges" a rigid demand, especially Orbiter Finance, which focuses on L2 low-fee cross-chain, has become the biggest winner. By collecting "bridge fees", it earns millions of dollars every month, of which more than 90% is contributed by the scammers.
Under this game, L2 made a lot of money from the transaction fees, and the profiteering changed from "low cost and high return" to "high cost and low return", or even "high cost and negative return". The profiteering party did not get the profit from the project but was rewarded with a profit. Many people exclaimed on Twitter that "the profiteering studio is about to face a wave of bankruptcy."
In an increasingly competitive industry, studios have to look for new ways to make money. The new airdrop rules of Celestia and Starknet and the thousands of dollars of airdrop temptation of Kysar have undoubtedly pointed out a way out for the money-making party, turning from new public chains and Layer2 that have not issued coins to GitHub of unissued projects.
A large number of freeloaders followed Kysar’s lead by spamming Scroll’s GitHub repository with low-quality contributions, then fixing the typos themselves in the hope of getting a potential airdrop from Scroll.
The spam attack on Scroll’s codebase is similar to the Sybil attack that caused Arbitrum’s $1 billion airdrop last March, which still saw thousands of Sybil attackers bypass prevention measures and steal millions of dollars.
Although, in the face of the Sybil threat in airdrops, various projects have begun to deploy so-called "Witch Hunters" to detect and filter attackers, it is difficult for the crypto industry to effectively exclude attackers through protocols because Sybil attacks make it difficult to ensure that DeFi users remain anonymous while receiving only one airdrop. After all, most projects do not want to risk excluding actual users and causing a public relations storm like ParaSwap did.
While deceptive airdrops are seen by some as fair game in the freewheeling world of cryptocurrency, and some DeFi people agree that Sybil attackers are cunning, Toghrul Maharramov also hinted that attacking the Scroll repository would not earn you an airdrop.
