“Airdrops” are giveaways of crypto tokens. They're often used as a means of marketing or drawing in new users to their project. When projects give away tokens via airdrops, they often give some of them to their historical users, and another portion to themselves and their investors. Sometimes, these tokens give you the ability to vote on the future of the project: these are called "governance tokens".

  • One example of an historical airdrop is the one that the Uniswap platform did September 2020. They created, and then gave away, 1 billion UNI tokens to investors, the core development team, a newly-formed "Treasury", and historical users.
  • Of the 1 billion tokens, 100,613,600 of them were sent to 251,534 crypto wallets that used Uniswap prior to September 1, 2020. Each of these wallets received 400 UNI each, worth approximately $1,400 at the time.

In October, it became clear that at least one venture capital firm had been “double dipping” by using inside information to obtain more than their fair share of an airdrop.

On May 17th, Ribbon Finance told its investors that an airdrop was coming in the future. On May 18th, one of their investors, Divergence Ventures, set up dozens of crypto wallets so they could receive dozens of airdrops (a technique referred to in the crypto community as “sybil farming” an airdrop). None of this was broadly known at the time by Ribbon Finance users.

Months later, on October 8th, an anonymous blockchain analyst who goes by “Gabagool.eth” posted to Twitter several suspicious trades, noting that they were tied to a wallet owned by an employee of Divergence Ventures.

Following much online speculation, Divergence admitted on October 9th that they had, in fact, used multiple wallets to gain access to multiple airdrops of the Ribbon Finance token (RBN). In a long statement, they noted “we aren’t the only one that has tried this tactic.”

Ribbon Finance also disclosed (in a post by community manager Julian Koh) that Ribbon had told investors on May 17th that an airdrop was coming.

Some members of the crypto community defended the move. Dennis Qian, who is a senior software engineer at Coinbase, tweeted the following:

“Yes, it's not classy to sybil farm the airdrop, but this is DeFi. Go back to TradFi if you want to KYC/AML to literally do anything and @GaryGensler to protect you from this stuff.”
6/ Remember, you yourself can go do a sybil on the newest protocol and beat most DeFi VCs at their own game. Products like @nansen_ai make it so no one can hide and everyone can chase. Chain data is only going to be come more accessible. DeFi is a MUCH more even playing field. (via Twitter)

By contrast, Gabagool.eth tweeted that these sybil attacks work against the “decentralization” argument:

@dennis_qian's thread goes as far as arguing researchers exposing the sybil will draw the attention of the SEC / Fed (lol) the greater regulatory risk in my mind is having supposedly decentralized protocols that are in fact heavily centralized from...idk sybil attacks maybe?”

The incident raises questions about how many other Venture Capital firms (or other large crypto institutions) are using this same tactic, and if so - what that says about the numbers of users on protocols. For example, following the incident, the head of research at The Block, Larry Cermak, tweeted:

“Now that the world suddenly discovered that basically every fund/whale Sybil farms airdrops, how accurate do you think those user numbers are now anon?”