TL;DR:
-
Evidence raises serious concerns about the fairness of the Moonbeam community contest - Moonrise:
- Insider involvement: Several wallets participated Moonrise event including Top 1 winner 0x76322F53b91Cb8849dfB2007eD862940934B3520 linked to svpatrik registered and earned points before the official contest announcement and leveraged insider advantages.
- Multiple wallet violations: The insider used multiple wallets to claim rewards, violating the “one entry per person” rule.
-
Phishing scammer connection: One of the svpatrik’s wallets is associated with a phishing-linked address( Fake_Phishing276037) on Ethereum mainnet, posing potential security risks.
-
Goal: To obtain a thorough explanation and investigation from the Moonbeam Foundation, ensuring the fairness and security of community events while mitigating potential risks.
Background
I thought I’d check back on the Moonrise event for any updates.
Nothing new, sadly. But hey, I just realized you can view individual user IDs on the leaderboard. So naturally, I clicked on the top spot out of curiosity. Aleks Smith. Hmm… account registered in July 2024. Interesting timing since I remember the event was only announced in August. Quick check: yup, the announcement went out on August 6th. So this account was registered before the event began… maybe it was internal testing or something?
The link of Aleks Smith profile:
quests.moonbeam.network/user/df7249c3-2726-4981-83e0-ae2a2bfa21bb
The screenshot of Aleks Smith profile:
But wait, that would mean it’s an insider, right? Starting a day earlier might not sound like much, but in a points-based game, that insider edge could definitely make a difference. Eh, I guess it happens everywhere. Somehow, insiders always end up winning.
Still, I couldn’t help but dig deeper. The Moonbeam team had shared the last few digits of the top wallet address on Twitter, so I decided to track it down.
Evidence
-
Wallet Identification: The top wallet address was 0x763…520, and after searching, I found the full address by using top accounts info on moonscan: 0x76322F53b91Cb8849dfB2007eD862940934B3520. This wallet received a 58K GLMR reward.
-
Insider Connection: The wallet’s ENS name is svpatrik.eth, registered in 2023. A quick search confirmed this is an insider, svpatrik.
app.ens.domains/0x76322f53b91cb8849dfb2007ed862940934b3520
Evidence screenshot of the insider address 1:
https://imgur.com/gallery/evidence-of-insider-address-1-jWhoWaB
Evidence screenshot of the insider address 2:
- Multiple Wallets:
- Another top 10 wallet, 0x4fa446cd1ab0293664198139c65f59ba4694cf81, received 17K GLMR, and is funded by svpatrik.eth.
Funded transaction tx on Moonbeam:
0x22529727b53147765b5e8f61f5ea8fcd2a8224290299d856d7a766c9219f95b9
Received Moonrise reward tx:
0x55ecf2253c675daabf71ffd198c0d0c851b661408482012bbd5924e39c606d24
- A third wallet, ranked 21st, Shurmon hugle, received 8.7K GLMR and is also linked to svpatrik.eth.
- There are more wallets, another top ten profile registered on 24th July 2024, Satoshi Nakamoto:
quests.moonbeam.network/user/7f35ab21-2784-4bcd-9ed1-0a731ade1daf
- Ranked 11, Moon Man, registered on 21st June 2024, Moon Man:
quests.moonbeam.network/user/6de78b9f-dc7b-465f-903b-26d534605c84
In total, svpatrik has taken over 110,000 GLMR across multiple wallets. And if I keep looking, who knows how many more are stashed away?
Phishing Scammer Connection
One of the most alarming discoveries in this investigation is that 0x76322F53b91Cb8849dfB2007eD862940934B3520, linked to svpatrik, is funded by a wallet on the Ethereum mainnet identified as 0x56b217cc582e19B3ca933Fd411E85ca7DeF68445 (Fake_Phishing276037). This strongly suggests a connection between an insider and a phishing-associated address.
Eth mainnet tx: 0xfb05efc8101a7a0bfe21570d5e777a077f077ad202185ebea148a8fc9e6c05e2
Screenshot of the transaction:
This is absolutely not one of those typical phishing scams involving tiny transactions worth just a few cents. Instead, it’s a 0.026 ETH transaction, which was worth approximately $83 at the time it occurred. Moreover, this transaction was the very first activity for the wallet 0x76322F53b91Cb8849dfB2007eD862940934B3520.
If it were a phishing attempt, it’s highly unlikely that a phishing wallet would target an empty wallet with no prior activity. The nature of this transaction strongly suggests a direct connection between the two wallets. It even raises the possibility that both wallets belong to the same individual or organization.
This raises significant concerns because similar scenarios have been reported in recent news. For example, hacking groups such as those linked to North Korea or other cybercriminal organizations have allegedly infiltrated crypto projects by obtaining insider positions. Once inside, they gain access to sensitive project information, exploit vulnerabilities, and potentially take control of critical project operations. Such activities have led to devastating financial and reputational damages to the affected projects.
Given these risks, this issue is far more than a simple rule violation—it could pose a serious security threat to the Moonbeam ecosystem. The connection between svpatrik and a phishing-linked address warrants immediate investigation to ensure the safety of both the project and its community.
Concerns
These findings are deeply concerning for several reasons:
- Unfair Play: Allowing insiders to participate with multiple wallets undermines the fairness of the community contest and the integrity of the event.
- Violation of Rules: The contest rules clearly state:
- “Limit to one (1) entry per person.”
- “employees, independent contractors, officers, and directors of Sponsor, affiliates, subsidiaries, advertising, promotion, and fulfillment agencies, and legal advisors, and their immediate family members and persons living in the same household, are not eligible to participate in the Contest.”
- Security Risks: The connection between an insider’s wallet and a phishing-linked address raises potential security concerns for the community.
- Damage to Trust: These issues could erode trust in Moonbeam’s ecosystem and tarnish its reputation.
Suggestions
To address these issues and protect the community, I propose:
- Investigate thoroughly: Conduct a detailed investigation into the involvement of svpatrik and related wallets.
- Strengthen policies: Review internal procedures to prevent insider participation and security risks in future events.
Conclusion
The reason I chose to share this on the forum instead of social media is that I want to protect the Moonbeam community. I genuinely hope we can resolve this issue within the community, rather than having it exploited by others to FUD the project.
What ultimately made me decide to reveal my findings is discovering that svpatrik has connections to a phishing organization. This is not something to take lightly or laugh about—it’s a serious matter that needs to be addressed. I hope the community and team can understand my stance and take appropriate action.