The Question

There’s been some unusual activity with Gnosis as pointed out by our community. Time to figure out exactly what’s going on.

Take a deep dive into recent activity on Gnosis, especially recent rapid rises in the number of active users, transactions, and more. Make any hypothesis you can about what is driving this activity. Is there a new dapp that launched? Is there some incentive program going on? Or is the spike in users/txns due to some sybil attack?

---

Method

My goal in this dashboard is to review the unusual transactions on the Gnosis network that took place between the 4th and 8th of October. At first, the total number of users and transactions is presented as a graph. Next, the bot activity was checked. In the next steps, the addresses that had the most sending and receiving in those days were checked and their transaction records were presented.

Bots : users with more than 20 txs in one minute

** \n **

Introduction

What is a Layer 2 solution Ethereum?

Layer 2 is a term used for solutions created to help scale an application by processing transactions off of the Ethereum Mainnet (layer 1) while still maintaining the same security measures and decentralization as the mainnet. Layer 2 solutions increase throughput (transaction speed) and reduce gas fees

What is Gnosis ?

Gnosis is an open-source, decentralized prediction market built on the Ethereum blockchain. Users are able to create markets where they can speculate on any event or arbitrary outcome. By using the Ethereum Protocol, Gnosis is able to guarantee a secure and transparent ecosystem.

How Does Gnosis (GNO) Work? 

Gnosis offers 3 main products for users of GNO and these products use 3 separate layers to deliver a proper experience for users. 

The Gnosis Core Layer provides the foundational smart contracts for the Gnosis platform. The Gnosis Service Layer offers resources for consumer applications and is used for tools like chatbots and stable coins. Finally, the Gnosis Applications Layer which contains primarily front-end tools that target particular prediction markets or select customer segments. Some of the applications are built by Gnosis and some are built by 3rd parties. \n \n The Apollo Network (Gnosis’ prediction market) allows a user to create a market for any arbitrary event where users can buy and sell positions to speculate on the outcome. As time passes or related events unfold, certain outcomes are more likely to happen which increases the value of the related tokens. Once the event has finalized, the tokens representing the final outcome receive the full value of the bets while the rest of the tokens for the other outcome become worthless.

Findings

• While on normal days, the number of transactions and daily users in Gnosis is on average 2-3k and 60-70k, on October 5, the number of transactions has reached over 360k and the number of users has reached 57k. The investigations carried out show that ==most of the transactions were done by bots.
• Among the addresses that have had the most transactions in this time period, ==the following three addresses have made approximately 283.5k transactions almost equally.

0xf38f1a8e0dab6a8df95a29135796ae39137b9cee

0x0681f11412c27035f694d7bd6691bf03fb413ff3

0xcbfe6a67319d85b0ad56fd4d7d6d13c26e141904

Findings 2

• Investigations show that these three suspicious addresses sent only to one address: ==AMB Rinkeby Bridge== In those few days, more than ==75.8%== of the submissions have been made only for this address and almost all of them have failed.

  \

• The important point is that ==all transfers to AMB Rinkeby Bridge were made by those three suspicious addresses equally==. It means that each of them has done 33.4% of the number of transactions!

  \

• Checking the history of those three addresses shows that they all made their first transaction in the ==same day and hour==. They have done transactions equally on all days and in general, each of them have done 392 k transactions so far!

Conclusion

• Based on reviewed content, the possibility of attack/hacking is extermely high.