Two crypto projects have cried foul play over promotional airdrops conducted by CoinMarketCap (CMC) on their behalf, which they allege was "gamed" for the benefit of a small group of exploiters.

These promotional airdrops — designed to be distributed to thousands of wallets to raise awareness of a crypto project — ended with the tokens making their way to just a handful of wallets, suggesting potential manipulation of the system.

SATT token drop

Blockchain advertising solution SaTT told Cointelegraph that a promotional airdrop it paid CMC to conduct in December 2022 ended with 84% of the airdropped tokens going to just 21 wallets.

The promotion was supposed to see 25,000 winning wallets receive 4,000 SATT each, worth $6.30 at the time according to CoinGecko data.

However, SaTT claimed that shortly after the airdrop distribution, 20,953 wallets “automatically transferred the tokens to 21 wallet addresses,” which sold off their token holdings days later, netting around $142,000 for those 21 wallet owners.

The sell-off plunged the price of SATT 70% between the end of the airdrop on Dec. 1, to when the wallets sold their tokens on Dec. 10.

SaTT claims wallet 0x929… (pictured) has over 4,500 transactions of its token, the largest it found out of the 21. Blockchain data shows the wallet sold over 4.3 million tokens through PancakeSwap. Source: BscScan

TokenBot token drop

TokenBot co-founder Shaun Newsum told Cointelegraph of a similar experience when the company did a  CMC-led airdrop of its TKB token on Dec. 9.

Newsum said CMC provided its 30,000 airdrop winners but he chose to “stagger” the airdrop “just in case something happens.”

TokenBot sent out its tokens to a batch of 4,000 winners to start, but around 3,300 ended up sending the funds to one wallet, said Newsum.

Blockchain data shows thousands of TKB transactions flowing to wallet 0x5AF… before initiating a cross-chain swap and then selling its holdings. Source: BscScan.

Newsum said around $20,000 was lost by TokenBot in the incident, with the project having to deploy more liquidity from its treasury.

“Obviously some person figured out how to game CMC,” he added. “If we were to have bulk sent, the whole airdrop would’ve been a complete disaster.”

Newsum said he has since received an apology from CMC who said it was investigating the airdrop and would return with an updated winners list for the project.

Cast your vote now!

In its investigation, SaTT claims to have found another 18 tokens or nonfungible token (NFT) airdrops conducted by CMC since July 2022 that were also allegedly “infected by fraud” to the tune of $6.6 million.

This included airdrops for projects including TopGoal, OwlDAO and AgeOfGods.

SaTT theorized two possibilities of how the “fraud” occurred:

“Either a group of hackers injected tons of fake accounts [into the airdrop on CMC’s website] [...] or it was actually an inside job.”

CoinMarketCap responds

Speaking to Cointelegraph, a CMC spokesperson addressed some of these claims, arguing that at least four of the projects identified by SaTT have yet to distribute rewards, meaning it would be “impossible” for them to have faced “malicious” activity.

The spokesperson also noted that while three projects, including SaTT, AgeOfGods and TokenBot have spoken to the CMC team about their concerns, it has not received any communications from other projects about the alleged issues.

However, the spokesperson acknowledged that “bots are an issue that touches nearly every industry.”

“The industry has been facing this issue among airdrop programs for some time and the reality is that not a single industry has been able to solve the bot issue entirely.”

“We are continuously working to improve our systems and services to limit this issue and will work closely with these projects to find solutions and help resolve any current issues,” the spokesperson added.

Related: Crypto’s recovery requires more aggressive solutions to fraud

They added that any claims of bot participation in its airdrops are taken “very seriously” and it is “working on resolving each case individually.”

They also shared several features employed by CMC to deter bot participation, such as a CAPTCHA challenge and email verification requirements for participants. The company is also developing a two-factor authentication integration.

Cointelegraph contacted TopGoal and OwlDAO for comment but did not receive a response by the time of publication. AgeOfGods could not be reached for comment.