Rogue Bots are Funneling Millions from Wax Blockchain’s Star Dapp Alien Worlds

Alien Worlds, one of the biggest blockchain games running on the Wax blockchain (EOS fork), is making some participants millions of dollars in weeks. The issue is, these players are gaming the game.  

Players buy NFT tools and click a button to get Trilium (TLM), the in-game currency, as well as more NFTs. Even if the gameplay is simple and repetitive, AW attracted the attention of Animoca and Binance. Depending on the day, TLM’s market cap is around $100m and sometimes exceeds that of its parent chain.

Rogue Bots

The hype surrounding AW comes mostly from the founders ambitious roadmap: TLM is capped to 10 billion coins, with a decreasing release schedule (around 400k per day currently). The token is used in-game to improve items and to take part in future decision-making through a governance system.

But the system is flawed: despite installing captchas and bots protection, TLM is extensively mined by a few botnets, and the founders are apparently unable to slow or shut them down.The rogue bots are bypassing defenses and wreaking havoc.

A single actor is draining 10% of daily TLM and several botnets are earning thousands of dollars “playing.” These exploits are making the competition unfair for human players and investors trusting TLM to be scarce and fairly distributed.

The funny part is this was not difficult to predict.  A game with monetary incentives will necessarily attract people trying to make a living and/or exploit it for their own sake. Huntercoin, a game launched in 2014 where players could earn a cryptocurrency by playing, knew a similar fate and ended up being saturated by bots. In order to not repeat this precedent, AW team tried to implement bots protection from start.

AW aims to be a multiverse powered by TLM: The game’s  economic mechanisms are designed to make it scarce and to ensure that even players buying high-end NFT mining tools won’t get a significant advantage. TLM total supply is thus limited to 10b, with liquidities released slowly (around 400k per day, decreasing). 

Mining Attempts

The main limitation is, in fact, time itself: mining attempts are limited by a cooldown tied to the tools used. In theory, a single miner can’t get much of it because they have to wait between mining attempts. Botters bypass this limitation by running hundreds of accounts in parallel. Using a bot gives an advantage since it allows a player to ramp up mining and thus accumulate more TLM and NFTs. 

AW did its best to repress multi-accounting and bots. Its Terms of Service are clear: they explicitly forbid the use of “any automated software or “bots” in relation to(…) Alien Worlds”. AW communicates clearly about its efforts and warns players their account can be banned if they use macros or third-party software to help them mining.

Two Single Actors

Technically, mining requires computing a SHA256 hash and was for a while protected by captcha. However, those measures are easy to bypass if you interact with the blockchain through a RPC relay instead of using the Wax reference wallet,

Main botnets spawn thousands of accounts to mine. That task is easy to do since AW provides a basic tool for every new miner. Then, those miners’ accounts send the TLM and NFT they acquire to their C&C account. 

* ttmscollectr: one of the oldest AW botnet. It spawned over 6k secondary mining accounts and cashed out more than 335m WAX mining TLM and NFT, or $33m at current market price through KuCoin. The bot more or less stopped mining in April but is still selling its NFT on Atomichub.

* lobster12345: a more advanced botnet, still in activity. Depending on the day, lobster12345 gets around 160 TLM per minute (roughly 10% of total TLM supply) and countless NFT. This botnet has found a way to abuse Web wallet accounts creation and got 761m Wax cashed on Huobi with his hordes.

* rxrxrxrxrxrx: a smaller botnet more focused on NFT, still active. It has cashed out around 340k Wax to ruoruoruoruo, its side account.

The number of botnets running on AW is hard to know. But the three registered so far offer a glimpse of the picture. With two single actors gaining roughly $100m botting the game over the last month, the game’s tokenomics are barely relevant.