Author | Felix Ng
Compiled by | Wu Says Blockchain Aki Chen
Statement: This article is a reprint; readers can obtain more information through the original link. If the author has any objections to the form of reprint, please contact us, and we will modify it according to the author's request. Reprints are for informational sharing only and do not constitute any investment advice, nor do they represent the views and positions of Wu Says.
Original link:
https://cointelegraph.com/magazine/inside-30000-phone-crypto-airdrop-bot-farm/
The full text is as follows:
In a 'tin shed' with refrigeration systems just 40 minutes from Ho Chi Minh City, Mirai Labs CEO Corey Wilton first truly realized the enormous scale of crypto airdrop abuse. 'This is really creepy,' Wilton said in an interview. He had just visited a 'mobile farm' located in southern Vietnam, where he estimated that at least 30,000 smartphones were piled up in a space no larger than a single apartment.
For the past four years, Wilton has hoped to witness firsthand the behind-the-scenes operations that led to the collapse of his flagship NFT horse racing game Pegaxy in 2021. "At that time, Pegaxy was extremely popular, and our daily active users peaked at around 500,000," Wilton recalled. "During that period, we began receiving numerous reports about 'bot farms.'" These bots could simultaneously control hundreds of accounts, quickly purchasing horses with higher winning probabilities and repeatedly participating in races to earn in-game currency, which could then be converted into real-world cash. "You would see screenshots posted by users showing dozens of applications running on their screens, and similar scenes frequently appeared on social media," he explained.
Pegaxy is a horse racing game where fifteen horses compete automatically run by the system. Wilton stated that bot farms have transformed this game from 'who can win' to 'who can extract value faster' — thereby changing the atmosphere of the game and accelerating the project's decline.
On-site: Unveiling Vietnam's 'Professional' Mobile Farms
In May of this year, Wilton finally achieved his wish, gaining exclusive access to a 'highly specialized mobile farm' in Vietnam with the assistance of a former Pegaxy player. This player discovered the farm by chance on TikTok.
(Corey Wilton)
'I went to two places, both about a 40-minute drive from my location, which are relatively remote areas,' he recalled. 'There would definitely be no foreigners going there, and they completely do not want to be known.' Wilton described one location as a tin shed next to a street, with air conditioning set to 'as cold as it can possibly get.'
Inside the tin shed, metal racks are filled with thousands of smartphones, leaving narrow aisles for employees to walk through. The entire layout looks like a 'knockoff' crypto mining farm.
Wilton stated that the client showed him the 'leasing segment' of the business, where customers can rent this mobile farm for any purpose according to their needs. Unlike traditional bot servers, each device in the mobile farm is equipped with independent SIM cards and device fingerprints, and can also disguise IP geographic locations, making them harder to detect, especially suitable for systems that require each account to bind a phone number. Additionally, mobile phones provide a high cost-performance ratio between computing power and cost, and even if one device is damaged, it can be quickly replaced without significantly affecting overall operations.
Wilton stated that in the case he witnessed, an operator would control a 'master mobile phone' via computer, which was connected to over 500 'slave phones.' No matter what operation was performed on the master phone, all slave devices would replicate it synchronously. 'Their clients are mostly from the Web2 industry. For example, K-pop agencies rent these devices to boost traffic; casinos also use them to simulate real players, making the game appear more 'real,' but in fact, it is used to suppress you and guide you to lose money.'
'Some Web2 players batch farm mobile games by leveling accounts and then selling these upgraded accounts,' he added. However, Wilton stated that the core business of this farm is actually 'manufacturing.'
The operator purchases damaged or outdated smartphones at low prices, then modifies them through software and other means, ultimately packaging them into 'self-service mobile farm' devices to be sold in overseas markets. This project can produce more than 1,000 farm phones ready for deployment each week, with each 'mobile farm kit' containing about 20 devices. Wilton stated that these individuals do not personally operate the phones. They do not go out to milk airdrops or perform related operations themselves. Their main business is actually to package and sell these devices, sending them to overseas clients who wish to operate from home. All you need to do next is keep these devices online and buy more phones to connect.
Wilton lamented that it is no wonder that 'bot-assisted crypto airdrop milking' has become a persistent issue in the crypto industry. So-called crypto airdrop milking refers to obtaining free tokens that should be rewarded to real early users by creating numerous wallet addresses and faking user behavior. Although most crypto airdrops do not require phone number verification, it is still possible to bypass Sybil protection mechanisms through unique device fingerprints and IP addresses.
This type of 'milking airdrops' often leads farm users to immediately sell tokens after obtaining them, impacting market prices, and making it more difficult for genuine real users to receive airdrops. Many projects experience a surge of fake active behaviors before airdrops, and once the airdrops are distributed, the number of users and token prices often plummet rapidly.
Crypto airdrop controversies are frequent, and bot behavior is widely criticized.
Whether through controlling a large number of mobile phones or using a single computer, bot behavior has caused significant damage to crypto airdrop activities. In June of last year, the Ethereum zero-knowledge (ZK) Layer 2 scaling project ZKsync faced heavy criticism for suffering extensive bot attacks during its airdrop, with users accusing it of opening the door wide for 'bots to milk the rewards.'
On-chain data analysis platform Lookonchain reported that an 'airdrop hunter' claimed over 3 million ZKsync (ZK) tokens through 85 wallet addresses, with a total value at the time of up to $753,000. Another user publicly boasted on social media that they made nearly $800,000 using an 'extremely efficient $ZK Sybil attack strategy.'
A Sybil attack is a type of security threat in which an attacker creates multiple false identities to gain an improper advantage in a network system. The term originates from a book called 'Sybil,' which describes a case of a woman with dissociative identity disorder. Mudit Gupta, security director at ZKsync's competitor Polygon, called it 'possibly the easiest airdrop to exploit in history, and also the most exploited,' attributing the problem to the lack of anti-bot mechanisms. Although ZKsync has set seven eligibility criteria this time to prevent Sybil attacks.
ZKsync responded in its official FAQ that the current strategies for Sybil attacks have become increasingly complex, making it difficult to distinguish them from real users; while overly strict screening criteria could prevent some Sybil attackers, they could also inadvertently affect many real users.
However, just last month, Binance provided a different perspective while rectifying bot behavior in its 'Binance Alpha Points' program. 'Traditional bots typically follow predictable, repetitive behavior patterns, making them relatively easy to identify,' a Binance spokesperson stated in an interview. 'But with the rise of AI-driven bots, we are now facing a system that closely mimics human behavior — from browsing habits to interaction times, making it much harder to identify.' Binance stated that the platform is continuously increasing its efforts against bots, developing new tools to identify abnormal operations from large-scale behavior patterns. For example, address entity association analysis can help identify wallet clusters controlled by the same entity, even if those wallets appear to be independent at first glance.
These analyses are particularly critical in revealing behaviors such as disguised holdings, multisend manipulation, and wash trading — all of which are commonly employed tactics by AI-driven bots to fabricate real engagement and false liquidity. The impact is not limited to crypto airdrops; bots are also accused of flooding the market, creating countless worthless meme coins. Conor Grogan, head of products at Coinbase, recently pointed out on the X platform: 'Most tokens launched on the PumpFun and LetsBonk platforms are almost entirely controlled by bots.' He found that on the meme coin platform LetsBonk, top accounts publish a new token on average every three minutes.
Daren Matsuoka, a data scientist and partner at a16z Crypto, believes that Sybil attacks are actually a problem that has only emerged in recent years. "Throughout most of cryptocurrency's development, we naturally had a certain level of resistance to Sybil attacks — because gas fees on these Layer 1 blockchains have always been high," he stated in an a16z Crypto podcast episode in April this year.
'In the past, you indeed needed to pay a few dollars or even tens of dollars in transaction costs to qualify for an airdrop. But with the continuous optimization of infrastructure, the cost of operations has now become very low. I believe this will fundamentally change the game of attack and defense mechanisms,' a16z Crypto's CTO Eddy Lazzarin has been emphasizing the importance of building a 'proof of human' mechanism.
'AI can now generate a large number of realistic behavior records. The most advanced bot farms are now almost impossible to reliably identify, and it won't be long before those of moderate technology will also become equally hard to detect,' Lazzarin wrote in an article in May this year. What Lazzarin is most interested in is building a 'proof of personhood' mechanism: it should allow real humans to easily and freely verify their identities while imposing high costs and operational difficulties on bots or fraudsters attempting large-scale deception. He mentioned that the iris scanning project World initiated by Sam Altman is a typical example of this kind of mechanism. The core idea of the project is that everyone can only register once for a World ID, and its uniqueness is verified through iris scanning (since everyone's iris is unique).
Lazzarin added in a podcast about airdrops: 'I would love to see more people try systems like World ID, which combines biometric technology with privacy protection mechanisms to limit each person to only one identity ID.'
However, Ethereum co-founder Vitalik Buterin believes that 'one person, one ID' is not a perfect solution, as it means that all historical actions could be tied to a single attack point — the key associated with that identity. If leaked, the risks are enormous. At the same time, he pointed out that biometric and government identity information could also be falsified.
Why not directly cancel crypto airdrops?
If crypto airdrops are so easily manipulated, the most straightforward option seems to be to simply eliminate the airdrop mechanism. However, some believe that airdrops still have their significance. Distributing tokens to real users participating in the protocol not only helps achieve decentralization of project governance but also diversifies control through methods such as granting voting rights. Additionally, airdrops often generate significant buzz. 'One obvious reason is: When you distribute a large number of tokens that may hold value, it attracts a lot of attention, which in itself is a marketing effect,' Lazzarin stated. 'Airdrops are essentially a marketing tool.'
Wilton also expressed agreement, pointing out that project teams should anticipate that some users will sell their tokens, which is essentially part of the marketing costs required to acquire users. The key is to ensure that these users are real people and are 'willing to stay long-term.' Meanwhile, Binance believes that automated bots are not entirely harmful. In fact, in certain scenarios, if used properly and transparently, bots can play a positive role — for example, in providing liquidity, executing strategies on behalf of users, or conducting stress test simulations during audits.
