As anticipation around the Arbitrum airdrop builds up, bad actors are making their own preparations to sweep ARB tokens.

Crypto intelligence platform Arkham alerted users to a series of transactions made by an alleged hacker on Monday.

Arkham noted that the individual was sending ETH to 2,400 wallets that were presumably compromised. According to the on-chain researchers, the hacker must have knowledge of the private keys attached to these wallets in order for them to have approved the malicious transaction.

The hacker’s real motivation behind sending this money around is to later run an approval transaction to claim and sweep the tokens distributed to these wallets in the upcoming Arbitrum airdrop, said Arkham.

Although some users initially believed that it was likely a Sybil attack, transaction data suggests that it is actually a sweeper bot deployed by the hacker on user wallets.

A GitHub post documenting accounts of the victims showed that the hacker’s address stood to gain more than 3 million ARB tokens from this scheme.

Arbitrum’s airdrop, scheduled for March 23, is one of the most widely anticipated token distribution events in the crypto industry. ARB IOU tokens, trading on crypto exchange Hotbit, have seen more than $2 million in daily trading volume. These tokens are currently trading for around $10, which would imply ARB is a top five cryptocurrency by market cap. (Although, this preliminary data from markets with lower liquidity like Hotbit should be taken with a pinch of salt.) 

BitMEX’s ARB futures listing might be slightly more reliable, with the contracts currently trading at around $1.24 at the time of writing. Users can long or short ARB with 20x leverage on the exchange.