- A bot farm exploited over 1,000 wallets to quickly purchase nearly all Wet (WET) tokens in a Solana presale.
- The presale was hosted via the decentralized exchange aggregator Jupiter and sold out within seconds.
- HumidiFi, the presale organizer, canceled the launch, planning a new token and an airdrop for legitimate buyers, excluding the bot operator.
- Blockchain analytics platform Bubblemaps identified the attacker controlling about 1,100 wallets with similar funding and activity patterns.
- Sybil attacks involving multiple fake wallets are increasing, highlighting the need for Know Your Customer (KYC) procedures and sybil detection in token sales.
A presale event for the Wet (WET) token on the Solana Blockchain faced major distribution problems when a bot farm used over 1,000 wallets to buy almost the entire token allocation in seconds. The event took place on Nov. 24 and was conducted through the decentralized exchange aggregator Jupiter, which reported the presale sold out almost instantly. Organizers stated that genuine participants had almost no opportunity to buy tokens due to one entity dominating the sale, according to Jupiter’s announcement.
The presale was managed by the Solana automated market maker HumidiFi. After confirming the bot attack, HumidiFi subsequently canceled the token launch. The team declared plans to create a new token and issue a pro-rata airdrop to legitimate buyers, including those on the Wetlist and Jupiter stakers, while explicitly excluding the sniper, as stated on their official account. They also announced a new public sale would be held the following Monday.
The blockchain analytics company Bubblemaps investigated the incident and identified unusual wallet clustering among the presale participants. Their analysis revealed that out of 1,530 wallets engaged, at least 1,100 showed identical funding patterns and activity, suggesting control by a single actor with a bot farm, as reported in their X thread. These new wallets had no prior on-chain activity and were funded by a few source wallets within a narrow time frame, with similar amounts of SOL token transfers and USDC funding.
Bubblemaps also traced one cluster linked to the attacker’s Twitter handle, “Ramarxyz,” who later requested a refund publicly on X. The attacker reportedly prepared thousands of wallets funded with 1,000 USDC (approximately $1,000) each before the presale.
This incident adds to other recent Sybil attacks, where single entities controlled multiple fake wallets to unfairly acquire large shares of token airdrops or sales. Examples include a case on Nov. 18 where one actor claimed 60% of a token airdrop for aPriori’s APR token, and another on Nov. 26 linked to Edel Finance wallets that allegedly sniped 30% of EDEL tokens. The latter team disputed accusations, stating the tokens were placed in a vesting contract.
Bubblemaps CEO Nick Vaiman emphasized that Sybil attacks pose a growing threat to token launches. He recommended stricter Know Your Customer (KYC) checks, the use of sybil detection algorithms, and manual reviews of participants to improve security. Vaiman stated, “Sybil activity needs to be treated as a critical security threat to token launches. Projects should have dedicated teams or outsource Sybil detection to professionals who can assist.”
✅ Follow BITNEWSBOT on Telegram, Facebook, LinkedIn, X.com, and Google News for instant updates.
Previous Articles:
- Chinese Banks Buy USD to Moderate Yuan Rally at 14-Month Peak
- Polymarket Hires In-House Traders, Shifting Toward Sportsbook Model
- XRP Seen as Nvidia 2000 Investment, Promising Huge Gains
- Italy Probes Retail Crypto Risks Amid Rising Global Regulatory Fragmentation
- Tom Lee Predicts Ethereum to Soar to $62K Despite Current Slump
