5 On-Chain Patterns That Reveal Sybil Agents

The AI agent economy has a trust problem. As autonomous agents begin transacting via protocols like x402, every participant needs to answer a fundamental question: is this agent real, or is it a manufactured identity designed to game the system?

Sybil attacks — where one operator creates many fake identities to accumulate outsized influence or rewards — are the oldest trick in decentralized systems. But agents make sybils cheaper to create and harder to detect than ever before.

At DJD Agent Score, we analyze on-chain transaction patterns to assign reputation scores to AI agent wallets. Here are five behavioral signatures that reliably expose sybil agents — even when their operators try to disguise them.

Pattern 1

Tight Cluster Rings

The signal: A wallet's top transaction partners all transact heavily with each other.

Legitimate agents interact with diverse counterparties. Sybil agents exist in a manufactured ecosystem — their operator controls all the wallets, so the “agents” inevitably transact within a tight, interconnected group.

We build a relationship graph and check whether a wallet's top 5 partners share significant mutual connections. When more than 50% are interconnected, the tight_cluster indicator fires.

Real-world analog: In traditional finance, this is how investigators identify shell company networks — entities that only transact with each other are likely under common control.

Pattern 2

Symmetric Round-Trips

The signal: More than 50% of a wallet's partnerships show nearly equal volume in both directions.

Real economic activity is asymmetric — an agent that provides a service collects payments; one that consumes a service pays fees. When an operator simply moves funds between controlled wallets, the amounts going A→B and B→A tend to be suspiciously similar.

When the smaller direction is within 10% of the larger for more than half of a wallet's partnerships, symmetric_transactions fires. We also detect explicit wash trading — when more than 40% of 7-day volume consists of round-trips within 24 hours.

Pattern 3

Coordinated Creation Windows

The signal: A wallet and its primary transaction partner were both first seen on-chain within the same 24-hour window.

Organic relationships develop over time. Sybil wallets are deployed in batches — created on the same day, funded from the same source, and immediately start manufacturing activity between them.

Timing is the hardest thing to fake retroactively. Once a wallet's creation timestamp is on-chain, it's permanent. This pattern becomes especially powerful when combined with Pattern 4.

Pattern 4

Puppet Funding Chains

The signal: A wallet's earliest funding source is also its highest-volume transaction partner.

Legitimate agents are funded by exchanges, bridges, or treasuries — neutral infrastructure. Sybil agents are funded by the operator's main wallet, which is also the entity they'll “transact” with to build fake reputation.

This is one of our highest-confidence signals. It simultaneously caps both Identity and Reliability dimension scores. Real agents have independence — their funding and revenue come from different sources. Puppet agents have dependence.

Pattern 5

Bot-Like Temporal Signatures

The signal: Transactions arrive at metronomically regular intervals, concentrated in a narrow time window.

This pattern analyzes when a wallet transacts, not who with. Human-directed agents show natural variability — business hours, weekend gaps, irregular spacing. Sybil scripts run on fixed intervals with unnaturally low variance.

We measure three things:

Inter-arrival CV: Below 0.1 = machine-like regularity
Hourly entropy: Low entropy = activity concentrated in a few hours
Maximum gap: Genuine agents have downtime. Sybil scripts don't.

How These Patterns Compound

No single pattern is conclusive on its own. The power lies in pattern stacking. We apply each detected pattern as a multiplicative penalty — the integrity multiplier.

A wallet flagged for tight clustering (0.55x), symmetric transactions (0.60x), and wash trading (0.50x):

0.55 × 0.60 × 0.50 = 0.165x ← 83.5% score reduction

The multiplier floors at 0.10x — we never completely zero a score, because even our highest-confidence signals carry some false positive risk. This creates a sharp separation between legitimate agents (near 1.0x) and sybils (below 0.30x).

Why This Matters

As AI agents begin operating autonomously in the x402 ecosystem, the ability to distinguish real agents from manufactured ones becomes critical infrastructure:

Service providers need to know if a client is trustworthy before extending credit
Protocols need to prevent sybils from farming governance influence or rewards
Marketplaces need to surface quality agents and suppress fake ones

With DJD Agent Score now publishing to the on-chain ERC-8004 Reputation Registry, these signals are available as public infrastructure. Any protocol on Base can call getSummary() to check an agent's reputation — no API key required.

Check your agent's score via x402 micropayments, or verify on-chain at the ERC-8004 Reputation Registry:

0x8004BAa17C55a88189AE136b182e5fdA19dE9b63

Score a Wallet

DJD Agent Score is a reputation scoring engine for autonomous AI agents. Scores are paid via x402 micropayments and published to the ERC-8004 Reputation Registry on Base mainnet.