5 On-Chain Patterns That Reveal Sybil Agents

Agentic commerce is the future, but the trust problem shows up before that future fully arrives. Today, before a paid x402 route runs or a wallet receives a payout, teams need to know whether the counterparty is a real operator or a manufactured identity designed to game the system.

Sybil attacks — where one operator creates many fake identities to accumulate outsized influence or rewards — are the oldest trick in decentralized systems. But agents make sybils cheaper to create and harder to detect than ever before.

At DJD Agent Score, we analyze on-chain transaction patterns to screen Base wallets before payouts or paid route execution. Here are five behavioral signatures that reliably expose sybil operators — even when they try to disguise them.

Pattern 1

Tight Cluster Rings

The signal: A wallet's top transaction partners all transact heavily with each other.

Legitimate agents interact with diverse counterparties. Sybil agents exist in a manufactured ecosystem — their operator controls all the wallets, so the “agents” inevitably transact within a tight, interconnected group.

We build a relationship graph and check whether a wallet's top 5 partners share significant mutual connections. When more than 50% are interconnected, the tight_cluster indicator fires.

Real-world analog: In traditional finance, this is how investigators identify shell company networks — entities that only transact with each other are likely under common control.

Pattern 2

Symmetric Round-Trips

The signal: More than 50% of a wallet's partnerships show nearly equal volume in both directions.

Real economic activity is asymmetric — an agent that provides a service collects payments; one that consumes a service pays fees. When an operator simply moves funds between controlled wallets, the amounts going A→B and B→A tend to be suspiciously similar.

When the smaller direction is within 10% of the larger for more than half of a wallet's partnerships, symmetric_transactions fires. We also detect explicit wash trading — when more than 40% of 7-day volume consists of round-trips within 24 hours.

Pattern 3

Coordinated Creation Windows

The signal: A wallet and its primary transaction partner were both first seen on-chain within the same 24-hour window.

Organic relationships develop over time. Sybil wallets are deployed in batches — created on the same day, funded from the same source, and immediately start manufacturing activity between them.

Timing is the hardest thing to fake retroactively. Once a wallet's creation timestamp is on-chain, it's permanent. This pattern becomes especially powerful when combined with Pattern 4.

Pattern 4

Puppet Funding Chains

The signal: A wallet's earliest funding source is also its highest-volume transaction partner.

Legitimate agents are funded by exchanges, bridges, or treasuries — neutral infrastructure. Sybil agents are funded by the operator's main wallet, which is also the entity they'll “transact” with to build fake reputation.

This is one of our highest-confidence signals. It simultaneously caps both Identity and Reliability dimension scores. Real agents have independence — their funding and revenue come from different sources. Puppet agents have dependence.

Pattern 5

Bot-Like Temporal Signatures

The signal: Transactions arrive at metronomically regular intervals, concentrated in a narrow time window.

This pattern analyzes when a wallet transacts, not who with. Human-directed agents show natural variability — business hours, weekend gaps, irregular spacing. Sybil scripts run on fixed intervals with unnaturally low variance.

We measure three things:

Inter-arrival CV: Below 0.1 = machine-like regularity
Hourly entropy: Low entropy = activity concentrated in a few hours
Maximum gap: Genuine agents have downtime. Sybil scripts don't.

How These Patterns Compound

No single pattern is conclusive on its own. The power lies in pattern stacking. We apply each detected pattern as a multiplicative penalty — the integrity multiplier.

A wallet flagged for tight clustering (0.55x), symmetric transactions (0.60x), and wash trading (0.50x):

0.55 × 0.60 × 0.50 = 0.165x ← 83.5% score reduction

The multiplier floors at 0.10x — we never completely zero a score, because even our highest-confidence signals carry some false positive risk. This creates a sharp separation between legitimate agents (near 1.0x) and sybils (below 0.30x).

Why This Matters

As paid agent workflows expand on Base, the ability to distinguish real operators from manufactured ones becomes critical infrastructure for teams deciding who to pay, who to trust, and which requests to serve:

Service providers need to know if a client is trustworthy before extending credit
Protocols need to prevent sybils from farming governance influence or rewards
Marketplaces need to surface quality agents and suppress fake ones

DJD Agent Score can also publish summary signals to the on-chain ERC-8004 Reputation Registry when that flow is enabled, giving protocols on Base a future path to read reputation on-chain.

Check your wallet via the API, or inspect the ERC-8004 registry integration on Base:

0x8004BAa17C55a88189AE136b182e5fdA19dE9b63

Get Your API Key (Free)

DJD Agent Score is a wallet-risk API for paid agent workflows on Base. Scores are available through the API, with x402 as an autonomous payment path and ERC-8004 publication support when that flow is enabled.