A highly anticipated presale for Solana’s WET token collapsed within seconds after a bot-driven Sybil attack overwhelmed the sale, forcing HumidiFi to scrap the event and announce a complete relaunch.
A Presale Dominated by Bots
The WET token presale on Jupiter was meant to be a fair, rapid sale for early supporters. Instead, it sold out almost instantly, with legitimate buyers shut out. HumidiFi, the automated market maker behind the launch, confirmed that a single actor allegedly deployed more than one thousand wallets to capture nearly the entire supply.
The team immediately halted the rollout, declaring the presale void. They said a new token will be created, and legitimate participants will receive a pro-rata airdrop. The attacker will be excluded entirely as HumidiFi prepares a new public sale early next week.
Bubblemaps Traces Over a Thousand Linked Wallets
Blockchain analytics platform Bubblemaps stepped in to investigate suspicious clustering during the presale. Their analysis showed that more than 1,100 of the 1,530 participating wallets displayed identical funding patterns, timing, and transaction behavior. These wallets were newly created, funded in tight time windows, and showed matching Solana deposit sizes.
According to Bubblemaps CEO Nick Vaiman, all signs pointed to a single operator. The funds used to power these wallets reportedly came from exchange sources. One of the wallet clusters eventually revealed a link to an X account named “Ramarxyz,” who later went online to ask for a refund after the attack was exposed.
Growing Alarm Over Sybil Threats in Web3
The WET incident adds to a rising wave of Sybil attacks hitting token sales and airdrops. Recent examples include an entity capturing the majority of aPriori’s airdrop and reports of concentrated wallet clusters acquiring large shares of Edel Finance tokens. These events have renewed debate about fairness and security in presale environments.
Vaiman said Sybil attacks are now a recurring threat and should be treated as a major security concern. He urged teams to introduce KYC, algorithmic detection tools, or manual verification when allocating tokens. In his view, proactive screening is becoming essential as attackers continue to evolve their methods.