This article is jointly published by X-explore and WuBlockchain.

The crypto market's crazy in October came to an end with the launch of the Celestia. The Celestia airdrop attract the people interest for airdrop and sybil again. According to our statistics, as of November 1, 2023, 20:00 UTC+8, a total of 138,981 addresses have claimed the airdrop, accounting for 72% of the total airdrop addresses of 191,391. The claimed airdrop amount totals 44.4 million, representing 74% of the total airdrop amount of 60 million. Based on Celestia node data, this article focuses on revealing three key results:

1. The distribution of the celestia airdrop sybil groups.

2. The profitability of large-scale sybil group.

3. Technical analysis of certain sybil group.

Sybil groups often swiftly deposit airdrop tokens into various exchanges. These exchanges allocate only one deposit address per user and we do tracking of funds flowing to the airdrop addresses. When funds from multiple airdrop addresses converge into a single address, it is considered these addresses are controlled by a certain sybil group. Furthermore, based on intelligence, we have excluded exchange addresses and suspected exchange addresses, including hot wallet addresses from eight exchanges such as Binance, Bybit, Kucoin, OKX, MEXC, etc.

We gathered data from 209,989 valid TIA transfer transactions on Celestia blockchain from block 1 to block 6471. We traced the funds of the 138,981 addresses that claimed the airdrop one by one, considering the tracking complete when the funds remained in a specific address or went to the deposit addresses allocated by exchanges to their users. The graph below illustrates the distribution of sybil group sizes based on the number of addresses.

1. Large-scale sybil groups(group more than 20 addresses) have 27,090 airdrop addresses, accounting for 20.1% of the total. They have received a total of 5.22 million TIA.

2. Sybil groups(group between 5 and 20 addresses) have 27,907 airdrop addresses, accounting for 20.7% of the total. They have received a total of 6.65 million TIA.

3. Additionally, there are 51,494 addresses that do not form part of a group, representing 38.2% of the total. They have received a total of 17.05 million TIA. In conclusion, the number of addresses receiving airdrops by sybil groups is nearly equivalent to that of regular users. This reflects the continued widespread participation in the airdrop market and sybil group, posing a significant challenge for project owner in their efforts to identify and filter out sybil addresses.

Below is our discovery of the most profitable sybil group, holding a total of 300 airdrop addresses and receiving a total of 77,391 TIA. This sybil group initially consolidated the funds from the airdrop addresses into the address: celestia135605ttacyg3q42c062dxg66g86y8wt5dl0y72, and then deposited from the consolidation address to user deposit address on OKX: celestia15tk34janlw2nqwa65zcw7kh6g6xysz665yggde.

Additionally, we noticed that all 300 addresses of this sybil group received exactly 258 TIA each, indicating that the Celestia Project owner did not successfully detect this batch of highly similar addresses while filtering out sybil addresses.

Apart from this super-large-scale sybil group, there are also:

1. Sybil consolidation address (Address: celestia17kswujt05rzpprkdtyav42xla0rkf5lx2zsks4), with 372 addresses, and receiving 64,443 TIA.

2. Binance user deposit address (Address: celestia1fd3mclxp4e2fh0wpau3eg55x2fsm7yjxzg29j2, memo: 102235249), with 404 airdrop addresses, and receiving 66,082 TIA.

3. Binance user deposit address (Address: celestia1fd3mclxp4e2fh0wpau3eg55x2fsm7yjxzg29j2, memo: 100324643), with 312 airdrop addresses, and receiving 50,909 TIA.

4. Binance user deposit address (Address: celestia1fd3mclxp4e2fh0wpau3eg55x2fsm7yjxzg29j2, memo: 101213950), with 340 airdrop addresses, and receiving 57,564 TIA.

5. Sybil consolidation address (Address: celestia1zzk9p6lgapadnv4q5n4m2uqcrfchycne605jag), with 373 addresses, and receiving 60,687 TIA.

6. Kucoin user deposit address (Address: celestia1cylgjyd70mheg3j3e2n7t758r07rarwytagltr, memo: 1934750426), with 297 airdrop addresses, and receiving 31,131 TIA.

7. Sybil consolidation address (Address: celestia1l7c4nddq0t5ncllhst8d8mtwtcq5mg70ajgq5t), including 278 addresses, and receiving 57,267 TIA.

8. Binance user deposit address (Address: celestia1fd3mclxp4e2fh0wpau3eg55x2fsm7yjxzg29j2, memo: 100415822), with 212 airdrop addresses, and receiving 37,389 TIA.

It's worth noting that sybil groups were among the first users to engage in large-scale transactions on Celestia. The graph below illustrates the number of valid TIA transfer transactions in each block for the first 100 blocks. It is evident that a significant surge in transactions occurred as early as the 4th block, with a total of 149 transactions, of which 101 were attributed to a sybil user's fund consolidation activities. This occurred long before the surge in trading following the opening of deposits by exchanges such as Binance, approximately 95 blocks later.

Taking a closer look at this group, in the 4th and 5th blocks, they consolidated all TIA tokens from 106 airdrop addresses into the address celestia1r7wln0ggc22y5hv6ny960j2lh9lg40gyl56s6c. It's worth noting that they used uncommon fixed gas values of 127,843 and 127,965, suggesting that they not only possess automated scripting capabilities but can also run multiple programs simultaneously. This further indicates that some sybil groups have advanced technical skills.

For more, please follow x-explore.

Mirror: https://mirror.xyz/x-explore.eth

Twitter: https://twitter.com/x_explore_eth