An investigation led by CoinDesk has revealed that two brothers — Ian Macalinao and Dylan Macalinao — used pseudonymous developer profiles to inflate the TVL on Solana by $7.5 billion.
The news is a warning to those who may be skeptical of the feasibility of a real-world Sybil attack on the crypto ecosystem. According to Binance Academy, a Sybil attack is “a kind of security threat on an online system where one person tries to take over the network by creating multiple accounts, nodes or computers.”
Kevin Owocki, Co-Founder of Gitcoin, opened EthCC by speaking about the potential risks of Sybil attacks in his talk “Sybil Resistance for a more democratic web3.” The rising popularity of the concept of DeSoc, social graphs, and Soulbound tokens coincides with the desire to reduce the likelihood of effective Sybil attacks.
However, to answer the question of whether this is a real threat, we can look to the report from CoinDesk that details how the Macalinao brothers were able to create fake developer profiles to simulate community development.
In the world of web3, anonymous developer profiles are far more common than in other industries, with the most famous crypto developer being the notorious Satoshi Nakamoto, creator of Bitcoin.
Developer meetings in web3 often look like the below Google Meet call, with all participants contributing from behind their virtual identities.
My favorite kind of meetings are @_ledao townhalls.
Talking about 1/1 art with an elite crew. When are you joining the pâtisserie, anon? pic.twitter.com/TUH83ShU25
— Trade For Tendies (Solana Developer) (@immature69) August 3, 2022
A Hackermoon article from February 2022 commented on the current state of anon developers in crypto:
“If Satoshi was present to witness how we have tweaked anonymity to suit our preferences, he might have to reconsider his stance on decentralization. Because total decentralization would cripple adoption, especially now that scams keep springing up.”
The Macalinao brothers
According to the CoinDesk investigation, Ian Macalinao has been building projects as “11 purportedly independent developers” to create an inflated TVL on the Solana blockchain. CoinDesk alleged Ian authored an unpublished blog post from March 26 that reads:
“I devised a scheme to maximize Solana’s TVL: I would build protocols that stack on top of each other, such that a dollar could be counted several times… I believe it contributed to the dramatic rise of SOL”
The brothers used various anonymous identities to build a network of protocols that would utilize double-counted assets to inflate the total TVL of the ecosystem artificially. Ian allegedly explained, “I wanted to make it look like a lot of people were building on our protocol;” — a prime example of a Sybil attack.
Dylan even went as far as to personally tweet that he felt “comfortable staking [his] own crypto in [the] project” Sunny Agreggator, now believed to have been developed by the brothers.
The pair appear to have used their public identities to shill projects they worked on to bolster adoption anonymously. In the below tweets, the alleged pseudonyms for Ian Macalinao, Surya Khosla, and GokiProtocol seem to have thanked themselves for building web3 tools for the community.
Big thanks to @simplyianm for launching this tool. We should have claims up soon once he finishes up his audit of our SPQR program. https://t.co/yggc0o2mYz
— veSurya Khosla (,) (@SuryaKhosla) April 2, 2022
Huge fan of @GokiProtocol and what they’re doing for @Solana UX.
Take a look! https://t.co/c1Byzrwk5N
— ian.move (@simplyianm) September 4, 2021
The CoinDesk article explains in detail how the brothers manipulated the Solana DeFi ecosystem, which came at a time when Solana was just rocked by the Slope Finance wallet exploit.
The Gitcoin passport aims to tackle the issue highlighted by fake developer profiles by allowing builders to “grow a decentralized identity record with various credentials about you.”
Soulbound tokens (SBTs) are another technology that can help build Sybil resistance through non-transferable NFT tokens tied to a specific wallet. When Vitalik Buterin, founder of Ethereum, introduced the concept of SBTs, he stated, “a common criticism of the “web3″ space as it exists today is how money-oriented everything is.”
The alleged exploitation of the Solana DeFi ecosystem by the Macalinao brothers reinforces the strength of Vitalik’s criticism. The brothers allegedly built an elaborate network of DeFi projects to inflate the TVL of DeFi on Solana — a monetary goal.
Vitalik concluded his presentation on SBTs by declaring, “we need more effort on thinking through and solving these challenges” about the transferability of “identity objects” in the web3 space. One core “identity object” is the identity of developers building in an open-source ecosystem.
While decentralization and “DeSoc” may be a long-term goal for many in web3, a critical problem that has not yet been resolved is that of Sybil resistance. If two young developers from Texas can fool an entire ecosystem of the existence of $7.5 billion, then something is not right.
If you are building a project that looks to solve the Sybil attack vector on the crypto industry, contact CryptoSlate via the email or Twitter links above.
CryptoSlate reached out to the Macalinao brothers but did not receive an immediate response to requests for comment.
The post DeFi Sybil attack created $7.5B fake TVL on Solana from ‘anon’ developers appeared first on CryptoSlate.