Skip to content

DeFi Sybil attacks created $7.5 billion fake TVL on Solana, stemming from one developer

  • by
  • 3 min read
Top 7 secure cryptocurrency wallets for Android and iOS

Texa-based Macalinao brothers created multiple fake web identities to create the illusion of a developer community inflating value on the Saber protocol and the Solana blockchain, an investigation by CoinDesk revealed. 

Ian Macalinao, a developer in his early 20s, created 11 independent developer personas, creating a web of interlocking DeFi protocols that ended up boosting the Saber protocol, developed by Ian himself, into billions of dollars of double-counted value. This, in turn, affected Solana’s TVL or Total Value Locked, temporarily inflating the on chain activity. 

Ian built protocols on top of each other such that a dollar could be counted multple times as part of a scheme to maximise Solana’s TVL according to a never published blog post read by CoinDesk. And it worked for a while. Saber and Sunny, both projects built secretly by Ian consisted of nearly $7.5 billion of Solana’s $10.5 billion TVL at their peaks with billions of dollars being doubly counted between the two protocols. 

Bitcoin (BTC) vs Ethereum (ETH) vs Ripple (XRP) vs Litecoin (LTC)

What he really wanted to do was create an ecosystem similar to Ethereum, currently the largest blockchain for DeFi (Decentralised Finance). Ian believed that DeFi projects on Ethereum were stacked to double-count deposites hence giving Ethereum a really high TVL. 

In order to achieve this, Ian made 11 different identities, each developing their own platforms and protocols. Him and his brother Dylan publically addressed these personas as “friends” or “friends of friends” which formed their “Ship Capital” coder club. This was done to lend more authenticity to the entire ecosystem as Ian wanted it look like a lot of people were building on their protocol instead of just one person hammering out 20+ projects. 

The brothers used their public identities to hype up the fake personas, lending them more authenticity and building trust with outsiders who knew them. They often tweeted projects from other fake profiles praising them to boost confidence. 

What it really did was abuse crypto users’ trust in what’s called a Sybil attack. By defination, a Sybil attack is a security threat on an onluine system where one person tries to take over the network by creating multiple fake accounts, nodes or computers. 

However, Cashio, one of Ian’s secret project lost $52 million durign a hack in March. Ian eventually ended up begging the hacker to consider returning the funds. The hacker did eventually ended up returning $14 million out of the $39 million that the victims requested. Ian also pledged in his unpublished blog that he’ll replay affected users with his personal Saber and Sunny tokens but never made good on his promise. 

The entire incident has come to light just as Solana is recovering from the Slope wallet exploit that saw over 8,000 wallets get drained of nearly $6 million in crypto. 

In the News: Twitter slams Musk’s counterclaims as feud gets uglier


Yadullah Abidi

Yadullah is a Computer Science graduate who writes/edits/shoots/codes all things cybersecurity, gaming, and tech hardware. When he's not, he streams himself racing virtual cars. He's been writing and reporting on tech and cybersecurity with websites like Candid.Technology and MakeUseOf since 2018. You can contact him here: [email protected].