30,000 mobile phones in Vietnam are "running in full swing," and the airdrop farm is overcrowded with iron sheds.

Author | Felix Ng

Compiled by Wu Talks Blockchain Aki Chen

Original Title: Vietnamese Mobile Farm Crazy for Crypto Airdrops, 30,000 Devices Overcrowd Iron Shed

The full text is as follows:

In a "tin shed" with a refrigeration system just a 40-minute drive from Ho Chi Minh City, Mirai Labs CEO Corey Wilton first truly realized the enormous scale of the abuse of crypto airdrops. "It's really creepy," Wilton said in an interview. He had just visited a "mobile farm" located in southern Vietnam, where he estimated that at least 30,000 smartphones were piled up in a space no larger than a single apartment.

For the past four years, Wilton has hoped to witness firsthand the behind-the-scenes operations that dismantled his flagship NFT horse racing game Pegaxy in 2021. "At that time, Pegaxy was booming, and our daily active users peaked at around 500,000," Wilton recalled. "That was when we started receiving numerous reports about 'bot farms.'" These bots could simultaneously control hundreds of accounts, quickly purchasing racehorses with higher winning rates and repeatedly participating in races to earn in-game currency, which could then be converted into real money. "You would see screenshots posted by people showing a screen running a dozen or twenty applications at the same time, and similar scenes frequently appeared on social media," he explained.

Pegaxy is an automated horse racing game where fifteen horses compete on the same track. Wilton stated that the robot farm transformed the game from "who can win" to "who can extract value faster" — thus changing the atmosphere of the game and accelerating the decline of the project.

On-site: Revealing Vietnam's "Professional-grade" Mobile Farm

In May of this year, Wilton finally achieved his wish, with the help of a former Pegaxy player, to have an exclusive tour of a "highly specialized mobile farm" in Vietnam. This player accidentally discovered the whereabouts of this farm on TikTok.

"I went to two places, both about a 40-minute drive from where I was, which is considered a relatively remote area." He recalled, "There are definitely no foreigners going there, and they completely do not want anyone to know." Wilton described one of the locations as a tin shed right next to the street, with the air conditioning set to "as cold as it can get."

The interior of the metal shed is filled with metal racks, each densely packed with thousands of smartphones, leaving only a narrow passage for employees to walk through. The entire layout looks like a "shanzhai" cryptocurrency mining farm.

Wilton stated that the other party showed him the "leasing segment" in the business, where customers can rent this mobile farm according to their needs for any purpose. Unlike traditional robotic servers, each device in the mobile farm is equipped with an independent SIM card and device fingerprint, and can also disguise the IP geographical location, making it harder to detect, especially suitable for systems that require each account to be bound to a phone number. In addition, the mobile devices offer a high cost-performance ratio between computing power and cost, and even if one device is damaged, it can be quickly replaced without significantly affecting overall operations.

Wilton stated that in cases he has witnessed, an operator would control a "master phone" through a computer, which is connected to more than 500 "slave phones." Whatever operation is performed on the master phone, all slave devices will synchronize and replicate it. "Most of their clients actually come from the Web2 industry. For example, K-pop agencies rent these devices to boost traffic; there are also casinos that use them to simulate real players, making the games seem more 'real', but in fact, they are used to suppress you and lead you to lose money."

"There are also some Web2 players who batch farm mobile games, upgrading accounts and then selling these upgraded accounts." He added. However, Wilton stated that the core business of this farm is actually "manufacturing."

The operator buys damaged or old smartphones at a low price, then modifies them through software and other means, ultimately packaging them into "self-service mobile farm" devices for sale in overseas markets. This project can produce over 1,000 farm phones ready for deployment each week, with each "mobile farm kit" containing about 20 devices. Wilton stated that these individuals do not operate the phones themselves. They do not go for airdrops or perform related operations on their own. Their main business is actually to package and sell these devices, sending them to people overseas who want to operate from home. Next, you just need to keep these devices online and buy more phones to connect.

Wilton exclaimed that it's no wonder that "robot-assisted crypto airdrop farming" has become a major problem in the crypto industry. A crypto airdrop farming refers to the act of creating a large number of wallet addresses and faking user behavior to obtain free tokens that are meant to be rewarded to genuine early users. Although most crypto airdrops do not require phone number verification, it is still possible to bypass Sybil protection through unique device fingerprints and IP addresses.

The practice of "airdrop farming" often leads to users immediately selling the tokens they receive, impacting market prices, and making it harder for genuine users to obtain airdrops. Many projects experience a surge of fake active behavior before the airdrop, and once the airdrop is distributed, the number of users and the token price often decline rapidly.

Controversies regarding crypto airdrops are frequent, and robotic behavior has faced widespread criticism.

Whether controlled by a large number of mobile phones or a single computer, robotic behavior has caused significant disruption to cryptocurrency airdrop activities. Last June, the Ethereum zero-knowledge (ZK) Layer 2 scaling project ZKsync faced widespread criticism due to airdrop-related attacks by bots, with users accusing it of providing a convenient opportunity for "bots to farm rewards."

The on-chain data analysis platform Lookonchain announced that an "airdrop hunter" received over 3 million ZKsync (ZK) tokens through 85 wallet addresses, with a total value of up to $753,000 at that time. Another user publicly bragged on social media, claiming to have profited nearly $800,000 through an "extremely efficient $ZK witch attack strategy."

The so-called "Sybil attack" is a security threat behavior where an attacker creates multiple false identities in an attempt to gain an unfair advantage in a network system. This term originates from a book titled "Sybil," which describes a case of a woman with dissociative identity disorder. Mudit Gupta, the security chief of Polygon, a competitor of ZKsync, referred to it as "perhaps the easiest airdrop to exploit in history, and also the most exploited one," attributing the issue to the lack of mechanisms to prevent bots. Although ZKsync has set seven qualification criteria this time to guard against Sybil attacks.

ZKsync responded in its official FAQ that the current witch attack strategies are becoming increasingly complex, making it difficult to distinguish them from real users; while adopting overly strict screening criteria may block some witch attackers, it could also mistakenly harm a large number of real users.

However, just last month, Binance provided a different perspective while addressing the robotic behaviors in its "Binance Alpha Points" program. "Traditional bots typically follow predictable, repetitive behavior patterns, making them relatively easy to identify," a Binance spokesperson said in an interview. "But with the rise of AI-driven bots, we are now facing a system that closely mimics human behavior — from browsing habits to interaction times, which can highly simulate real individuals, significantly increasing the difficulty of identification." Binance stated that the platform is continuously enhancing its anti-bot efforts and developing new tools to identify abnormal operations from large-scale behavior patterns. For example, address entity association analysis can help identify wallet clusters controlled by the same actor, even if these wallets appear to be independent on the surface.

These analyses are particularly crucial for revealing behaviors such as disguised holdings, multisend manipulation, and wash trading—techniques commonly used by AI-driven bots to fabricate real engagement and false liquidity. The victims are not limited to crypto airdrops; bots are also accused of flooding the market, creating countless worthless meme coins. Conor Grogan, head of products at Coinbase, recently pointed out on the X platform: "Most of the tokens launched on the PumpFun and LetsBonk platforms are almost entirely controlled by bots." He found that on the meme coin platform LetsBonk, top accounts publish a new token on average every 3 minutes.

Daren Matsuoka, a data scientist and partner at a16z Crypto, believes that Sybil attacks are actually a problem that has only emerged in recent years. "Throughout most of the development of cryptocurrency, we have inherently had a certain degree of resistance to Sybil attacks — because Gas fees on these Layer 1 blockchains have always been high," he stated in an episode of the a16z Crypto podcast in April this year.

"In the past, you needed to pay a few dollars or even tens of dollars in transaction costs to obtain the qualification for empty investment. However, with the continuous optimization of infrastructure, the cost of operations has now become very low. I believe this will fundamentally change the game between attack and defense mechanisms." Eddy Lazzarin, CTO of a16z Crypto, has been emphasizing the importance of building a "proof of human" mechanism.

"AI can now generate a large number of realistic behavior records. The most advanced bot farms are now almost impossible to reliably identify, and it won't be long before those with medium-level technology become equally difficult to detect," Lazzarin wrote in an article in May this year. What Lazzarin is most interested in is building a "proof of personhood" mechanism: it should allow real humans to easily and freely verify their identity, while making it costly and difficult for robots or fraudsters to commit large-scale forgery. He mentioned that the iris scanning project World, initiated by Sam Altman, is a typical example of this type of mechanism. The core idea of the project is that each person can only register for a World ID once, and its uniqueness is verified through iris scanning (as everyone's iris is unique).

Lazzarin added in the airdrop-themed podcast: "I would really like to see more people try systems like World ID, which combines biometric technology with privacy protection mechanisms to limit each person to only one identity ID."

However, Ethereum co-founder Vitalik Buterin believes that "one person, one ID" is not a perfect solution, as it means that all historical actions could be tied to a single point of attack — namely, the key corresponding to that identity. Once leaked, the risks are significant. At the same time, he pointed out that biometric and government identity information can also be forged.

Why not directly cancel the crypto airdrop?

If crypto airdrops can be so easily manipulated, then the most straightforward choice seems to be to simply cancel the airdrop mechanism. However, there are also views that believe airdrops still have their significance. Distributing tokens to users who genuinely participate in the protocol not only helps achieve decentralization of project governance but also disperses control through means such as granting voting rights. Moreover, airdrops often generate a lot of topical buzz. "A very obvious reason is: when you distribute a large number of tokens that may have value, it attracts a lot of attention, which in itself has a marketing effect," said Lazzarin. "Airdrops are essentially a marketing tool."

![]###https://img-cdn.gateio.im/webp-social/moments-0f08f6d28e1f65db92609b129c990b5e.webp(

Wilton also expressed agreement and pointed out that the project team should anticipate that a portion of users will sell their tokens, which actually means bearing the marketing costs required to acquire users. The key is to ensure that these users are real people and "willing to stay long-term." Meanwhile, Binance believes that automated bots are not entirely harmful. In fact, in certain scenarios, if used properly and transparently, bots can play a positive role — for example, in providing liquidity, executing strategies on behalf of users, or conducting stress test simulations during audits.