A major Solana token presale collapsed after a large-scale Sybil attack overwhelmed the event, prompting HumidiFi to cancel the launch and announce a fresh token with airdrops for genuine participants.
Bot Farm Snipes Almost Entire WET Presale
The presale for the Wet (WET) token, hosted on Jupiter, sold out within seconds. However, organisers soon discovered that real buyers barely stood a chance. According to HumidiFi, an extensive bot farm used more than one thousand wallets to capture nearly the full supply.
HumidiFi confirmed the breach, scrapped the token, and promised a reset. The team said a new token will be minted with pro rata airdrops for Wetlist members and JUP staker buyers. The attacker will be excluded entirely. The team also plans a new public sale on Monday.
Bubblemaps Traces Over One Thousand Linked Wallets
Blockchain analytics platform Bubblemaps reported that it had identified the entity connected to the attack. Its investigation highlighted unusual clustering during the sale. At least one thousand one hundred of the one thousand five hundred thirty wallets displayed identical patterns. These included newly created addresses with no on chain history as well as matching funding behaviour.
Bubblemaps CEO Nick Vaiman said the wallets were funded within a tight time window using similar Solana amounts. Many received funds from just a few source wallets. Thousands of wallets were also topped up from exchanges using around one thousand USDC shortly before the event.
One cluster revealed an identity link. Bubblemaps found a connection to an X user known as “Ramarxyz,” who later publicly demanded a refund.
Sybil Attacks Rising in Presales and Airdrops
The WET incident follows several other Sybil dominated events in November. On 18 November, a single actor captured sixty percent of the APR airdrop by aPriori. On 26 November, wallets tied to Edel Finance allegedly sniped thirty percent of EDEL tokens. The project denied any wrongdoing and said the tokens had been placed in a vesting contract.
Vaiman said Sybil attacks are increasing across token launches. Although the patterns differ in each case, the effect remains the same. One actor can dominate a distribution that is supposed to reward many participants.
Calls for Stricter Presale Security
Vaiman urged teams to treat Sybil activity as a critical security threat. He recommended introducing KYC checks or implementing algorithmic detection tools to filter suspicious clusters. He added that manual reviews of presale and airdrop participants can add another protective layer.
He said dedicated Sybil detection teams or external specialists can help projects avoid large scale manipulation before tokens are distributed.
