Each node = one agent. Each orbiting dot = one reviewer wallet, colored by age. Coordinated attacks orbit in tight formation.
A Sybil attack is when a single entity creates many fake identities — wallets, accounts, or AI agents — to manipulate a system designed around one-identity-per-participant. The term comes from the 1973 book Sybil, about a woman with multiple personalities. In blockchain and AI agent ecosystems, Sybil attacks let bad actors flood reputation systems with fake reviews, steal disproportionate shares of token airdrops, or manipulate trust scores by creating armies of puppet identities that vouch for each other.
In AI agent marketplaces, the equivalent is sock puppet reviews: one operator registers dozens or hundreds of fake agents, each leaving positive reviews for the others. The visualization above shows this pattern in live ERC-8004 data — agents whose reviewer wallets were all created on the same day signal coordinated fraud even without knowing the operator's identity.
Across every major airdrop and identity system with public data, 13–40% of participating addresses are confirmed Sybils. These are lower-bound estimates — sophisticated attacks that mimic genuine behavior evade detection entirely.
The largest public Sybil dataset. Chaos Labs and Nansen identified 803,093 probable Sybils. A single coordinated cluster contained 60,995 fake accounts. After the anti-Sybil program was announced, daily protocol messages collapsed from ~300,000 to ~50,000 — an 83% drop revealing how much activity was fabricated.
Source: The Defiant, CoinTelegraph — May–June 2024 →Independent on-chain analysis by X-explore found 279,328 same-person addresses forming 60,000+ coordinated communities, controlling an estimated 47.96% (~557 million tokens) of the total airdrop supply. Forensic evidence: 294 addresses withdrew identical 0.0008 ETH from Binance on the same day.
Source: X-explore mirror.xyz on-chain analysis — March 2023 →At peak fraud rate (GR14), 35.93% of all donors were identified as Sybils. Gitcoin's own summary: "One thing we have learned from years of defending the Gitcoin Grants program is this: Sybil defense is really hard and really expensive."
Source: Gitcoin Governance Forum GR15 Fraud Report, October 2022 →Nansen analysis flagged 516,960 of 1,297,203 eligible addresses as Sybils — the highest Sybil rate of any major airdrop analyzed. Nearly 40% of all participants were fake.
Source: Nansen analysis, 2025 →Community bounty hunters identified and removed 10,253 Sybil addresses, saving ~3.5 million HOP tokens ($315,000) from going to fake accounts.
Source: Hop Protocol official announcement, May 2022 →Moltbook launched as a "social network for AI agents" and went viral. Within days, Wiz Security discovered the platform had 1.5 million registered "agents" controlled by just 17,000 human owners — an 88:1 agent-to-human ratio. The platform had zero verification mechanisms. The breach also exposed 1.5 million API authentication tokens in plaintext.
OpenAI's GPT Store documented similar manipulation within months of launch: coordinated ranking manipulation through click-farm groups, fleeceware apps charging $50/month for free services, and fabricated 4.6-star ratings from 13,000+ fake reviews.
The broader fake review problem is not unique to AI agents. An estimated 30% of all online reviews are fake. Google blocked or removed 240 million policy-violating reviews in 2024 — a 45% year-over-year increase. AI-generated fake reviews specifically saw a 3x increase in 2024 versus 2023. One fraudulent extra star raises consumer demand by 38% — the economic incentive is enormous.
A 2025 paper by researchers at Binance's Risk Department — analyzing 193,701 addresses including 23,240 confirmed Sybils — found that 97.4% of Sybil addresses had lifecycles under one year. Temporal features achieved greater than 0.9 on all metrics: precision, recall, F1, and AUC. Time is, empirically, the most powerful fraud detection signal available.
The fundamental economic logic: maintaining a wallet with consistent, diverse activity over months or years is expensive for Sybil attackers who need to fund hundreds of wallets simultaneously. Sybil wallets show burst activity within narrow time windows — days before a snapshot — while genuine wallets show organic, spread-out activity over months or years.
The ERC-8004 specification explicitly acknowledges the problem in its Security Considerations section: "Sybil attacks are possible, inflating the reputation of fake agents."
ERC-8004 identities are standard transferable ERC-721 NFTs, meaning an agent's identity and accumulated reputation can be sold on secondary markets. A bad actor can purchase a three-year-old account with a clean reputation history and immediately weaponize it.
RNWY's response: ERC-5192 soulbound tokens combined with transparent address age scoring and EAS attestations on Base. A soulbound token cannot be sold. Ownership history and wallet creation timestamps cannot be manufactured. The visualization above shows what that looks like in practice — every orbiting dot is a reviewer wallet, colored by age. Coordinated attacks orbit in tight formation.