Detecting Bot Accounts 101
TLDR: Aegir Tactics cares a lot about fairness and has open-sourced a simple bot detection tool for Algorand.
The Internet has always been a place where individuals can create false identities, speak anonymously, or create bot farms to influence public opinion. However, in crypto, individuals are able to capitalize on multiple anonymous accounts to scam projects and users. Some common targets of multiple account scams are airdrops and shuffle whitelists. These two mechanisms are often used by newer projects to grow their initial user base.
An airdrop is where a project sends an asset to wallets for free which meet certain requirements. These airdrops are often used as a way to reward and incentivize new users to a project by giving free stuff. Scammers can easily create multiple wallets in crypto and register for the same airdrop. Depending on how the airdrop is structured the scammer who created the multiple wallets could greatly capitalize from this and multiply the amount of rewards they would typically earn. The project is left giving assets to wallets owned by an individual entity. This entity could end up liquidating their plunder which would devalue the project assets which were airdropped dramatically.
A shuffle whitelist is a mechanism used to allow users, who wish to buy or win a limited asset, a fair attempt to do so at mint price. Without a shuffle whitelist the project runs the risk of a few scalpers with buying bots being able to buy out the limited supply and resell on the secondary market at a great markup. This doesn’t necessarily hurt the project, but could prevent the projects goal of getting as many unique new users interested in the project for cheaper prices. However, with a whitelist mechanism in place, scalpers can still game the system by creating multiple accounts with the goal to increase their chances of getting on the whitelist with as many accounts as possible.
Why attempt to prevent?
There are two main reasons projects should try to mitigate and combat bot abuse:
Project Value: A project’s value is built around the demand in the ecosystem. This relies on having a large amount of uniquely interested users who value the assets being offered by the project. If the project ends up having a small number of huge whales, the project can die if one of those whales chooses to dump their whole stock at a discount.
Users’ Trust: Trust in crypto is extremely important. The ideal situation would be that everything is trustless and to trust no one, but this is often impossible. The more trustworthy a project is the more loyal a user base will be formed.
Both of these are essential in creating a healthy project ecosystem of loyal fans.
How to detect?
Detecting accounts which may be controlled by a single entity is a challenging task. Often it requires not just one bit of information, but many pieces. The best that can be done is to get as much information as possible to increase the confidence in an accurate detection.
Behaviour: Using transactions on the blockchain similarities can be derived on similar activities. Wallets that do very similar activities could mean that the wallets are owned by the same entity. Examples of some features which would be analyzed: time of transactions, common anomaly wallet interactions, account creation time, and similar assets.
Funding: Looking at where the first funds come from is a great clue. The funding account is usually the same entity as the account it is founding with funds. Central exchanges are where this path usually ends. A central exchange wallet will be responsible for funding the first funds for many many wallets so it usually a dead end. In some cases entities might send their funds to a central exchange to hide the next destination. Sometimes it is possible to correlate the destination address based on the amounts being sent to the exchange and looking up transactions of that same amount to another address following closely after.
External Intel: Additional data should be used if possible to augment confidence. There are so many options for this last section, but the main take away should be the more information the better. Some examples include: social media references, online codebases, and other project shuffles.
While detection is useful, fun, and interesting… projects should be careful to protect their users’ privacy and anonymity.
Why is Aegir Tactics interested in this?
Aegir Tactics has done a few shuffle whitelists in the past where we encountered and worked on solving some of these issues and we have worked with other projects behind the scenes to identify malicious entities. Our future is going to use these detection methods to reduce cheating and identify malicious accounts which could have a negative impact on user experiences. We will be advancing these detection methods and methodology overtime.
We open-sourced one of our simple detection tools for shuffle whitelists which can help aid projects in detecting abusive accounts on Algorand. Check it out https://github.com/Aegir-Tactics/bot-detector.
Reach out to us as well if interested in these topics :)