MYX, 100 wallets and a $170M airdrop: the on-chain analysis by Bubblemaps suggests a Sybil attack

An independent on-chain analysis by Bubblemaps highlighted suspicious activity from about 100 newly created wallets that claimed 9.8 million MYX (approximately 1% of the supply) with an estimated value of over $170 million at the time of the claim, according to recent data reported by CryptoNews.

Analyses and reports on risks of Sybil attacks and abuses in token distributions have been documented in previous industry studies, including reports by Chainalysis and insights on airdrop cases published by specialized outlets CoinDesk.

The recently published report highlights repetitive patterns in funding and claims and indicates direct links between key addresses and the creator account of the MYX Finance project. In this context, the hypothesis of a coordinated action has taken shape in the analysis, although it remains subject to further verification.

According to the data collected by our editorial team, by cross-referencing on-chain views from Bubblemaps with public explorers, a significant overlap emerges in the funding and claim patterns among the mapped addresses, with repeated operation times and routing that appear non-random.

The analysts consulted observe that, on a sample of about 100 wallets with synchronized funding and claim, the statistical probability of an identical operational sequence by chance is estimated to be low based on clustering models.

Quick Summary

• Suspicious wallets: about 100 addresses, all created around the time of the airdrop (April‑May 2025).
• Token reclamation: 9.8M MYX (~1% of the supply), with an estimated value > $170M at the time of the claim.
• Key dates: funding recorded on April 19, 2025 and simultaneous claims on May 7, 2025.
• Addresses involved: creator 0x8eEB, recurring node 0x4a31, and key recipient 0xeb5A.
• Significant transaction: transfer of 2.8M MYX from 0x4a31 to 0xeb5A.
• Market Valuations: Fully Diluted Valuation (FDV) reached up to $17 billion within the first 48 hours of launch, accompanied by strong price volatility.

Key Facts: Alleged Sybil Attack in the Airdrop, According to Bubblemaps

According to Bubblemaps, the suspicious wallets show an identical funding exchange – in this case OKX – and exhibit identical timing both in funding and in airdrop claims.

The analysis reveals a constant flow of MYX between addresses that seem to be linked to the project creator and the wallets that made the claims. That said, the proposed tracking outlines a precise perimeter of repeated interactions, which are unlikely to be attributed to chance.

Essential Timeline (recently occurred events)

1. April 19, 2025: the wallets have been replenished by OKX, a common funding source.
2. May 7, 2025: simultaneous claims of MYX tokens occurred by the approximately 100 affected wallets.
3. Subsequently, the transfer of 2.8M MYX from 0x4a31 to 0xeb5A occurred, an address linked to the project’s creator.
4. In the next 48 hours, the Fully Diluted Valuation (FDV) reached $17 billion, as reported by market aggregators such as CoinMarketCap (data updated as of September 10, 2025).

Reconstruction of the alleged on-chain scheme

Bubblemaps highlights a sequence that starts with the coordinated creation of wallets, moves through uniform funding via the centralized exchange, and continues with aligned claims and subsequent routing to deposit addresses linked to the team.

According to the analysis, this pattern reduces the likelihood of a random event and suggests possible orchestration. Indeed, the repetitiveness of the steps and the convergence towards recurring nodes are the most indicative points.

Connections between wallet and creator: what tracking reveals

On-chain tracking links the creator’s wallet 0x8eEB to a network of addresses, which spans multiple chains until reaching 0x4a31, which replicates the same behaviors as the other approximately 95 mapped addresses.

In particular, the transfer of 2.8M MYX from 0x4a31 to 0xeb5A is highlighted as a crucial link in the transactional chain. It should be noted that, without direct links to the transactions, some verifications naturally remain partial.

Technical note: for independent verification, it would be useful to provide direct links to the transactions (for example via Etherscan or other explorers related to the chains involved). The partial extracts related to the addresses (0x8eEB, 0x4a31, and 0xeb5A) do not allow for a unique connection at the time of publication.

Token Distribution and MYX Team Response

The MYX Finance team has stated that some address modifications would be required before the launch and specified that only the “Cambrian” campaign included particularly strict anti-Sybil measures.

However, the official communication did not address in detail the on-chain links highlighted by Bubblemaps, nor did it explain the methodology adopted to contest them. That said, the lack of a precise technical response leaves some questions unanswered.

Transparency: a textual quote with date/time and a link to the official source were not made available for independent verification at the time of analysis (status updated as of September 10, 2025).

Impact on MYX Token: Price, FDV, and Trust

The accusations had an immediate impact on market sentiment. Recently, CoinMarketCap reported MYX at $13.81 with a decline of 17% in the last 24 hours (data updated as of September 10, 2025), while recording an increase of over +1,000% on a weekly basis.

The FDV reached approximately $17 billion in the first 48 hours after launch, according to public data from market aggregators. However, the observed volatility suggests that price discovery remains in a delicate phase.

Analysts emphasize that, if confirmed, these findings could undermine trust in token distributions and negatively impact the long-term value of reward campaigns, as well as generate potentially unsustainable volatility. In this context, reputational risk intertwines with the stability of the secondary market.

Quick Guide: How to Identify Sybil Attacks in Airdrops

• Source of funds: distinguish between deposits coming from exchanges and transfers made from personal wallets.
• Temporality: detect simultaneous claims, narrow time windows, and synchronized gas fees.
• Correlations: identify common sources of funding, recurring deposit addresses, and repeated patterns.
• Team-linked tracking: monitor transaction flows to addresses that may be associated with the team or recurring counterparties.
• Tools: use on-chain analytics to visualize transactional graphs and clusters.

Why the MYX Case Sets a Precedent

This episode highlights the fragility of anti-Sybil mechanisms when eligibility criteria and on-chain identity checks are insufficient or inconsistent across various campaigns.

The operational lesson is that dynamic thresholds, multi-signal filters, and preventive audits can help reduce the attack surface and enhance the credibility of token distributions. Indeed, the consistency of policies across different initiatives directly impacts the resilience of airdrops.

Editorial Note

To ensure verifiability, it is recommended to include direct links to transactions and complete addresses on explorers, integrate a textual quote with a timestamp from the official response of the MYX team, and specify the exact source of the data related to the FDV of $17 billion (for example, through official dashboards or aggregators).