During the weekend many crazy things happened on Shelley HTN. Someone known as the “faucetrider” accidentally emptied the faucet with tADA, ended up on top of the ranking on pooltool.io with over 60 million tADA.

Faucet rider
The person known as “faucetrider” most likely will not reveal its identity after drying up the faucet containing hundred of millions of tADA within a couple of hours.

To abuse the faucet and collect massive amounts of tADA, in a short amount of time, is a sign of many bad actors in the system. We don’t know if this was done accidentally or purposefully.

The goal of a faucet, is to provide everyone who wants to operate a stake pool, with equal chances to activate the stake pool and be able to test and experiment with it, before Shelly Mainnet launches.

To activate a stake pool and to be able to transact with the Shelley HTN, you need tADA from the faucet. This pays for the fees of the network related to the transactions you make on it.

tADAs can be requested from the faucet by using the syntax link : curl -v -XPOST “https://faucet.shelley-testnet.dev.cardano.org/send-money/address”. This address represents a personal payment address.

To avoid further abuse to the faucet, restrictions were made. One computer can only request once per 24 hours from the faucet. It keeps track of the ip address. A payment address is known and a maximum of 100K tADA is given out.

Although these rules keep the majority from abusing the faucet. There are always a certain group of bad actors that are more knowledgeable and are able to find ways to bypass these rules with ease, in their own favor.

Here are some examples:

Someone with multiple servers could make a request from those different servers. Ending up with more than 100K tADA per 24 hours. Although, some only have a limited amount of servers under control.

There is a technique called spoofing. This needs shell scripts and a list of fake server addresses to use. A request is made from the original servers ip address and replaced by a fake ip address, that is not known yet by the faucet. Thus, making the faucet think a new server is being setup and distributing the requested tokens to the payment address of the requester.

Another option would be to make use of free tier services of Amazon and to spin up multiple instances. Every instance will get a new ip address that is unknown by the faucet. A request for tADA can be made from every individual instance.

Due to the manual work involved in the 1st and the 3rd method, they can be completely automated by use of shell scripting. By doing so, people can fake the faucet and make it dry up within minutes. Pulling millions of tADA to their personal addresses where they can distribute it to their destinations. New stake pools, or delegation (staking) addresses.

This is how many new stake pools were created this weekend and showing up highly ranked in pooltool.io. These stake pool appeared from nowhere with immediately over 20 million tADA (in computed stake, pledge plus delegation).

Although tADA does not have any value. There is good reason why these pool operators did abuse the faucet. They get a higher rank on pooltool.io. They will draw more attention from people who look to delegate their ADA on Shelley Mainnet. “By looking good” they think they have more chances to attract delegators for the upcoming Shelley Mainnet.

When there is money in the game it seems rules don’t exist anymore. A small minority of the pool operators were able to screw it for the rest. Small pools have a hard time to mint blocks. Due to the larger pools (with lots of stake) are minting the majority of the blocks.

As ADA4PROFIT stake pool we like to warn all delegators for these bad actors, don’t fall for their manipulation “by looking good”, instead study carefully which pools produced a steady amount of blocks over time (from the start of Shelley_Testnet2) and have put a decent amount of work in their online presence. Have a look at their rankings on Shelley_Testnet1, where we didn’t encounter bad actors. Alas, get yourself informed about the long term goals of the stake pool.

IOHK introduced new measures after the abuse of the faucet this weekend . They reduced the amount of tADA that can be requested from the faucet to 1K tADA once per 24 hours. See the communication of Samuel Leathers one of the IOHK team members that is working on the Cardano blockchain.

A message from Samuel Leathers, IOHK (the development company of the Cardano blockchain) about the about of the faucet by pool owners during Haskell Test Net

This amount of tADA makes it hard for someone to start a stake pool. Don’t worry, you are still able to reach out in the Cardano Shelley & Stakepool Best Practice Workgroup . To one of the Pioneers (early selective group of adopters of Shelley Testnet chosen by IOHK) and request for tADA to get your stake pool up and running.

Luckily the Cardano blockchain was developed with bad actors in mind. On Shelley Mainnet, bad actors will be punished, for their bad practices and behavior on the chain. Off the chain, it is a different story. So be careful, don’t fall for scammers and bad actors.

On Mainnet pool operators most likely will be judged on their skin in the game (pledge), amount of delegation, their reputation and contribution to the Cardano ecosystem.

ADA4PROFIT wish you all the best in choosing a stake pool that matches up with your personal goals and ideology to stake your ADA on Shelley Mainnet.