In a shocking revelation, it has been discovered that an individual orchestrated a complex Sybil attack on zkSync, controlling 21,877 wallets on this network.
The perpetrator initiated their plan by funding each wallet with a small amount of Ether and then deploying an exclusive token called Gemstone (GEM), which is not open-source. They proceeded to whitelist all their wallets, demanding all self-deployed tokens.
To facilitate transactions between the wallets, this individual went a step further by creating a non-open-source Decentralized Exchange (DEX), enabling indirect asset transfers.
To increase the value of the GEM token, the attacker added liquidity with over 80 ETH to their own DEX contract. They then tested the market by trading the GEM token. Subsequently, they swapped the requested GEM tokens from the 21,877 wallets to profit from 0.6 to 0.7 Ether.
All these transactions were automated and executed by a meticulously programmed bot. This approach allowed them to maintain control and avoid manual intervention.
Remarkably, the attacker adjusted liquidity as needed, achieving a volume of $10,000 and 10 transactions per wallet while incurring fees ranging from $1.5 to $2 in Ether. They carefully timed their transactions across different months, weeks, and days to mimic the activities of other Layer 2 projects.
Although the attacker’s reach was limited to 10,000 wallets due to zkScan Explorer Matter Labs’ historical limitations, the group behind zkSync is actively working to identify and mitigate the Sybil attack through the discovery of contracts requiring the GEM token.