Vietnamese mobile phone farms crazy harvesting Airdrop, thirty thousand devices packed in iron sheds.

Author|Felix Ng

Compilation | Wu Says Blockchain Aki Chen

The full text is as follows:

In a "tin shed" with a refrigeration system just a 40-minute drive from Ho Chi Minh City, Mirai Labs CEO Corey Wilton first truly realized the massive scale of cryptocurrency airdrop abuse. "It's really chilling," Wilton said in an interview. He had just visited a "phone farm" in southern Vietnam, and he estimated that the space, no larger than a one-bedroom apartment, contained at least 30,000 smartphones.

For the past four years, Wilton has hoped to witness firsthand the behind-the-scenes operations that led to the collapse of his flagship NFT racing game Pegaxy in 2021. "At that time, Pegaxy was booming, and our daily active users peaked at around 500,000," Wilton recalled. "That was when we started receiving constant reports about 'bot farms.'" These bots could control hundreds of accounts simultaneously, quickly purchasing horses with higher win rates and repeatedly participating in races to earn in-game currency, which could then be cashed out in the real world. "You would see screenshots posted by people showing dozens of applications running on the screen at the same time, and similar scenes frequently appeared on social media," he explained.

Pegaxy is an automated horse racing game where fifteen horses compete against each other. Wilton stated that the robot farm changed the game from "who can win" to "who can extract value faster" — this shift in the game atmosphere has led to a decline in the project.

On-site: Unveiling Vietnam's "Professional Grade" Mobile Farm

In May of this year, Wilton finally got his wish and was able to exclusively visit a "highly specialized mobile farm" in Vietnam with the assistance of a former Pegaxy player. This player stumbled upon the traces of this farm on TikTok.

"I went to two places, both about a 40-minute drive from where I was, which is considered a relatively remote area." He recalled, "There are definitely no foreigners going there, and they completely do not want anyone to know." Wilton described one of the locations as a metal shed right next to the street, with the air conditioning set to the level of 'as cold as it can get.'

The interior of the metal shed is filled with metal racks, each densely packed with thousands of smartphones, leaving only a narrow passage for employees to walk through. The entire layout looks like a "shanzhai" crypto mining farm.

Wilton stated that the other party showed him the "leasing section" in the business, where customers can rent this mobile farm according to their needs for any purpose. Unlike traditional robotic servers, each device in the mobile farm is equipped with an independent SIM card and device fingerprint, and can also disguise its IP geographical location, making it harder to detect, especially suitable for system scenarios that require each account to be linked to a phone number. In addition, the mobile devices have a high cost-performance ratio between computing power and cost, and even if one device is damaged, it can be quickly replaced without significantly impacting overall operations.

Wilton stated that in cases he has personally witnessed, an operator controls a "master phone" through a computer, which is connected to over 500 "slave phones." Whatever operation is performed on the master phone is synchronously replicated by all subordinate devices. "Most of their clients actually come from the Web2 industry. For example, K-pop agencies rent these devices to boost traffic; there are also casinos that use it to simulate real players, making the game appear more 'authentic', but in reality, it is used to suppress you and lead you to lose money."

"There are also some Web2 players who batch farm mobile games, upgrading accounts through account nurturing before selling these upgraded accounts." He added. However, Wilton stated that the core business of this farm is actually "manufacturing."

The operator will acquire damaged or old smartphones at a low price, then modify them through software and other means, ultimately packaging them into "self-service mobile farm" devices to be sold in overseas markets. This project can produce over 1,000 farm phones ready for deployment each week, with each "mobile farm kit" containing about 20 devices. Wilton stated that these individuals do not operate the phones personally. They do not go to harvest airdrops or perform related operations themselves. Their main business is actually packaging and selling these devices, sending them to overseas customers who want to operate from home. Next, you just need to keep these devices online and buy more phones to connect.

Wilton exclaimed that it is no wonder that "robot-assisted crypto airdrop farming" has become a major ailment in the crypto industry. The so-called crypto airdrop farming refers to obtaining free tokens that should be rewarded to genuine early users by creating a large number of wallet addresses, faking user behavior, and other methods. Although most crypto airdrops do not require phone number verification, it is still possible to bypass the Sybil protection mechanism through unique device fingerprints and IP addresses.

The practice of "airdrop farming" often leads to users selling their tokens immediately after receiving them, impacting market prices, and making it more difficult for real users to obtain airdrops. Many projects experience a surge of fake activity before an airdrop, and once the airdrop is distributed, the number of users and the token price often decline rapidly.

Frequent controversies arise over crypto airdrops, and robot behavior faces widespread criticism.

Whether controlled by a large number of mobile phones or a single computer, robotic behavior has caused significant damage to cryptocurrency airdrop activities. Last June, the Ethereum zero-knowledge (ZK) Layer2 scaling project ZKsync faced heavy criticism due to airdrop attacks by numerous bots, with users accusing it of opening the door for "bot farming."

The on-chain data analysis platform Lookonchain announced that a "airdrop hunter" claimed over 3 million ZKsync (ZK) tokens through 85 wallet addresses, with a total value of up to $753,000 at that time. Another user publicly bragged on social media, claiming to have profited nearly $800,000 through an "extremely efficient $ZK witch attack strategy."

The so-called "Sybil attack" is a type of security threat in which an attacker creates multiple false identities in an attempt to gain an unfair advantage in a network system. The term originates from a book titled "Sybil," which describes a case of a woman with dissociative identity disorder. Mudit Gupta, the security chief of Polygon, a competitor of ZKsync, referred to it as "perhaps the easiest airdrop to exploit in history and also the most exploited one," attributing the issue to the lack of anti-bot mechanisms. Although ZKsync has set seven eligibility criteria this time to prevent Sybil attacks.

ZKsync responded in its official FAQ that the current witch attack strategies are becoming increasingly complex, making it difficult to distinguish them from real users; and if overly strict screening criteria are implemented, although it may block some witch attackers, it could also mistakenly harm a large number of real users.

However, just last month, Binance provided a different perspective while rectifying the robotic behaviors in its "Binance Alpha Points" program. "Traditional bots typically follow predictable, repetitive behavior patterns, making them relatively easy to identify," a Binance spokesperson said in an interview. "But with the rise of AI-driven bots, we are now faced with a system that closely resembles human behavior— from browsing habits to interaction times, they can highly simulate real people, making identification significantly more challenging." Binance stated that the platform is continuously ramping up its anti-bot efforts, developing new tools to identify abnormal activities from large-scale behavior patterns. For example, address entity association analysis can help identify clusters of wallets controlled by the same actor, even if these wallets appear to be independent on the surface.

These analyses are crucial for revealing behaviors such as disguised positions, multisend manipulation, and wash trading — techniques commonly used by AI-driven bots to fabricate real engagement and false liquidity. The impact is not limited to crypto airdrops; bots have also been accused of flooding the market, creating countless worthless meme coins. Conor Grogan, head of products at Coinbase, recently pointed out on the X platform: "Most of the tokens currently launched on the PumpFun and LetsBonk platforms are almost entirely controlled by bots." He found that on the meme coin platform LetsBonk, top accounts release a new token on average every 3 minutes.

Daren Matsuoka, a data scientist and partner at a16z Crypto, believes that Sybil attacks have only recently become a noticeable issue. "Throughout most of the development of cryptocurrency, we have inherently had a certain resistance to Sybil attacks—because the gas fees on these Layer 1 blockchains have always been quite high," he stated in an episode of the a16z Crypto podcast in April this year.

"In the past, you indeed needed to pay a few dollars or even tens of dollars in transaction costs to qualify for empty investments. However, with the continuous optimization of infrastructure, the cost of operations has now become very low. I believe this will fundamentally change the game of attack and defense mechanisms." Eddy Lazzarin, the Chief Technology Officer of a16z Crypto, has been emphasizing the importance of building a "proof of human" mechanism.

"AI can now generate a large number of realistic behavior records. The most advanced robot farms are now almost impossible to reliably identify, and it won't be long before those with medium-level technology become just as difficult to detect," Lazzarin wrote in an article in May of this year. What Lazzarin is most interested in is building a mechanism for "proof of personhood": it should allow real humans to easily and freely verify their identity, while making it costly and operationally difficult for robots or fraudsters to fabricate on a large scale. He mentioned that the iris scanning project World, initiated by Sam Altman, is a typical representative of such a mechanism. The core idea of the project is that each person can only register for a World ID once, and its uniqueness is verified through iris scanning (because everyone's iris is unique).

Lazzarin added in the airdrop-themed podcast: "I really hope to see more people try systems like World ID, which combines biometric technology with privacy protection mechanisms to limit each person to only one identity ID."

However, Ethereum co-founder Vitalik Buterin believes that "one person, one ID" is not a perfect solution, as it means that all historical actions could be tied to a single point of attack - the key corresponding to that identity. Once leaked, the risks are significant. At the same time, he pointed out that biometric and government identity information can also be forged.

Why not directly cancel the crypto airdrop?

If crypto airdrops can be so easily manipulated, the most straightforward choice seems to simply cancel the airdrop mechanism. However, there are also views that believe airdrops still have their significance. Distributing tokens to real users participating in the protocol not only helps achieve decentralization of project governance but also disperses control through methods such as granting voting rights. Additionally, airdrops often generate a lot of buzz. "An obvious reason is: when you distribute a large number of potentially valuable tokens, it attracts a lot of attention, which in itself has a marketing effect," said Lazzarin. "Airdrops are essentially a marketing tool."

![]###https://img-cdn.gateio.im/webp-social/moments-d55ebcbb4f6f5671351bff3c8001291d.webp(

Wilton also expressed agreement and pointed out that project teams should anticipate that a portion of users will sell their tokens, which essentially represents the marketing costs that need to be borne to acquire users. The key is to ensure that these users are real people and are "willing to stay long-term." Meanwhile, Binance believes that automated bots themselves are not entirely harmful. In fact, in certain scenarios, if used properly and transparently, bots can play a positive role — for example, by providing liquidity, executing strategies on behalf of users, or conducting stress test simulations during audits.