Sybil Detection System Analysis Report

Overview

This report details a multi-faceted approach to detecting potential sybil wallets in blockchain networks, combining graph analysis, transaction pattern detection, cross-chain activity verification, and third-party reputation scoring.

Detection Methods

1. Graph-Based Analysis

The system employs a sophisticated graph analysis approach that identifies suspicious patterns through two primary mechanisms:

a) High-Volume Sender Pattern

• Identifies addresses that make more than 200 outgoing transfers
• Marks receivers from these high-volume senders as suspicious
• Specifically flags receivers with only one incoming transaction as potential sybil wallets

b) Subgraph Analysis

• Identifies suspicious sink patterns where receiving nodes comprise >90% of subgraph edges
• Marks all addresses in suspicious subgraphs as potentially compromised

Results: This pattern identified 26.30% (146,917) of wallets as “bad receivers”

2. Transaction Pattern Analysis

The system examines temporal patterns in transactions, looking for:

• Transactions occurring within short time intervals (threshold: 120 seconds)
• Regular recurring patterns exceeding 30 occurrences
• Automated transaction behaviors indicating bot-like activity
• Results: This analysis contributed to the identification of high-density patterns, affecting 1.25% (6,966) of wallets

3. Cross-Chain Activity Verification

The system cross-references wallet activity across multiple networks:

Arbitrum Activity

• Data Source: Dune Analytics Query #2226502
• Purpose: Identify wallets with suspicious patterns on Arbitrum
• Results: Flagged 0.05% (258) of wallets

ZKsync Activity

• Data Source: Dune Analytics Query #3097819
• Purpose: Detect suspicious patterns on ZKsync
• Results: Identified 1.28% (7,155) of wallets

4. Third-Party Reputation Integration (Nomis)

The system incorporates Nomis.cc’s comprehensive wallet scoring service:

Reputation Scoring Features

• Aggregates data from 50+ sources including blockchain explorers and third-party services
• Employs ML-driven mathematical models
• Evaluates wallets across 30+ weighted parameters
• Provides normalized reputation scores (0–100)

Results Summary

Total wallets analyzed: 558,549

Suspicious Activity Breakdown:

1. Bad Receiver Patterns: 146,917 wallets (26.30%)
2. High-Density Patterns: 6,966 wallets (1.25%)
3. zkSync Suspicious Activity: 7,155 wallets (1.28%)
4. Arbitrum Suspicious Activity: 258 wallets (0.05%)

Website: https://www.swanchain.io

Twitter: https://twitter.com/swan_chain

Telegram: https://t.me/swan_chain/

Discord: https://discord.gg/DM5xBUnvt9

LinkedIn: https://www.linkedin.com/company/swancloud