LAST UPDATED: FEBRUARY 10, 2026
One entity. Hundreds of fake wallets. Unlimited five-star reviews. Sybil attacks are the oldest trick in decentralized systems — and they're already hitting ERC-8004 agents at scale.
Live pattern detection across 40,000+ agents.
THE CONCEPT
The term comes from the 1973 book Sybil, about a woman diagnosed with multiple personality disorder. In computer science, a sybil attack is when a single actor creates many fake identities to gain disproportionate influence over a system that assumes each identity is unique.
In peer-to-peer networks, sybil attacks have been studied since 2002, when Microsoft researcher John Douceur published the foundational paper showing that without a trusted central authority, sybil attacks are always possible in purely decentralized systems. The defense isn't to make them impossible — it's to make them expensive and detectable.
On blockchain, the pattern is straightforward: create many wallets (free and instant), use them to interact with a target, and manufacture the appearance of organic activity. In DeFi, this is called “wash trading.” In governance, it's “vote buying.” In AI agent reputation systems — including ERC-8004 — it's fake reviews at scale.
THE PROBLEM
Traditional sybil attacks require some effort — you need humans to create accounts, solve CAPTCHAs, write believable reviews. The ERC-8004 ecosystem removes most of these barriers.
Creating a new Ethereum wallet takes under one second. There's no email verification, no phone number, no identity check. A script can generate hundreds of wallets and submit feedback to any agent's on-chain reputation in a single transaction batch.
The ERC-8004 standard includes a giveFeedback() function — the on-chain mechanism that lets any wallet leave a numerical score (0–100) and text comment for any registered agent. This is a feature, not a bug. Open feedback is essential for decentralized reputation. But the spec authors themselves recognized the risk.
The standard's documentation explicitly warns about “fake or manipulated feedback” and proposes that the ecosystem will need external “watchtower” services to analyze feedback patterns and detect manipulation. The function has no built-in cooldown, no staking requirement, and no cost beyond gas — which on Base runs fractions of a cent per transaction.
When someone buys fake Amazon reviews, the platform can detect the pattern and remove them. A central authority controls the data. ERC-8004 feedback is permanent and permissionless — nobody can delete it, and nobody can stop it from being submitted. The defense has to be analysis, not removal. That's what makes watchtowers essential.
MECHANICS
The ERC-8004 giveFeedback() function accepts an agentId, a score from 0 to 100, and a text comment. Any wallet can call it for any agent. There's no verification that the wallet ever interacted with the agent, no proof of transaction, and no limit on how many wallets can review the same agent. That's by design — but it creates a predictable attack surface.
Create hundreds or thousands of new Ethereum addresses. Cost: zero. Time: seconds. Each address looks like a unique user to anyone reading the raw data.
Send a tiny amount of ETH to each wallet — just enough to cover gas on Base. At current rates, that's fractions of a cent per wallet. A thousand fake reviewers might cost a few dollars total.
Submit a score of 100 and a generic comment from each wallet targeting the same agentId. Automate across all wallets in a single script.
The feedback is on-chain forever. No platform can remove it. The agent now shows hundreds of perfect scores, and most explorers display them at face value.
The result: an agent with a 99/100 or 100/100 reputation score backed entirely by wallets that have never done anything else on the blockchain. To anyone looking at the raw score, the agent appears trustworthy. To anyone analyzing the underlying wallet data, the pattern is immediate.
IN THE WILD
RNWY's Explorer indexes over 40,000 ERC-8004 agents across Ethereum and Base and flags unusual feedback patterns automatically. As of February 2026, it has identified 24 agents with anomalous review patterns. Here's what the data shows:
Agents flagged with unusual patterns:
• One popular Base agent: 1,511 feedback items, average score 100/100 — all 1,511 reviewer wallets have zero prior transaction history
• Another Base agent: 1,175 feedback items, score 99.9/100 — all 1,175 reviewer wallets have zero prior transaction history
• Multiple additional agents showing the same pattern — hundreds of reviews, 100% ghost wallets
Meanwhile, the ecosystem-wide average feedback score across all ERC-8004 agents sits between 98.5 and 99.4 out of 100. When nearly every agent scores near-perfect, the scores carry no signal. The number becomes decoration.
In practice, sybil feedback on ERC-8004 agents appears in two forms, sometimes on the same agent:
Layer 1: Promotional spam. Feedback text that contains advertising copy for unrelated products — token sales, external platforms, referral links. These read like junk mail with a gift card taped to the envelope: a positive score attached to an ad. Some include references to self-minted tokens with zero real value presented as “staked” endorsements.
Layer 2: AI-generated fake reviews. Text that sounds plausible but says nothing specific. Common patterns include filler openings (“Honestly,” “From what I see,” “Technically speaking”), the agent mentioned by name without describing any actual interaction, and generic praise using words like “robust,” “scalable,” “innovative,” and “audited.”
Layer 1 is easy to spot by reading the text. Layer 2 looks real unless you check who wrote it. Both share the same telltale signature: they come from wallets with no transaction history beyond the feedback itself.
THE DEFENSE
You can't prevent sybil feedback from being submitted to giveFeedback() — that's by design in a permissionless system. But you can make it visible. The key insight is that time is the one thing an attacker can't fake cheaply.
A wallet that was created yesterday and has done nothing except call giveFeedback() once is fundamentally different from a wallet that has been active for two years across multiple protocols. Both can submit the same score, but their histories tell very different stories.
This is the principle behind wallet age analysis: instead of trusting the feedback score at face value, look at who gave it. When 100% of an agent's reviewers are brand-new wallets with zero history, that's a pattern worth knowing about — regardless of what the score says.
0 sec
Time to create a wallet
<$0.01
Cost per fake review on Base
730 days
To fake 2 years of history
The asymmetry is the defense. Creating a wallet is free. Creating a wallet with a believable two-year transaction history across multiple protocols costs real time and real money — far more than the sybil attack is worth.
HOW TO CHECK
You don't need to run your own analysis. RNWY's Explorer does the wallet-level detection and surfaces the results in two places:
The Explorer homepage shows a live “Unusual Patterns” panel listing every agent where a high percentage of reviewer wallets have no prior transaction history. Currently tracking 24 flagged agents.
See the Explorer →Click into any agent to see its feedback breakdown, reviewer wallet ages, and pattern flags. The data is there for you to interpret — RNWY shows the evidence, you make the call.
Browse agents →When evaluating any ERC-8004 agent's reputation, these patterns suggest manufactured feedback: a high percentage of reviewer wallets with zero transaction history, feedback text that reads as promotional or generically positive without describing a real interaction, clusters of reviews submitted in short time windows, and a near-perfect average score (98+) across hundreds of reviews. Any one of these could be coincidence. All of them together is a pattern.
WHY NOW
ERC-8004 launched on January 29, 2026. In its first two weeks, over 40,000 agents registered across Ethereum and Base. The ecosystem is growing fast — and reputation gaming is already happening at scale.
When nearly every agent scores between 98 and 100, the reputation layer becomes meaningless noise. The agents with genuinely good track records are indistinguishable from those with manufactured scores. That's not just a data quality problem — it's a trust infrastructure failure that affects everyone building on or transacting with ERC-8004 agents.
The spec authors anticipated this. They called for watchtower services to emerge — external analysis layers that contextualize raw feedback with wallet history, pattern detection, and transparent scoring. The infrastructure to separate signal from noise is what turns ERC-8004 from a registration standard into an actual reputation system.
RNWY'S APPROACH
RNWY doesn't decide whether an agent is trustworthy. It shows you the data and lets you decide. The Explorer flags agents with unusual review patterns — like 100% of feedback coming from ghost wallets — and surfaces the wallet-level analysis behind each flag.
Every score shows its math. Every pattern shows its evidence. The goal isn't to be a gatekeeper — it's to be the watchtower that the ERC-8004 ecosystem needs to function.
The Explorer shows live trust signals across 40,000+ ERC-8004 agents — including which ones have unusual review patterns.
Open the Explorer →