Blockchain OSINT : Decentraland

Please note that most of the article was written in April 2022, hence you will find differences in MANA price as compared to the current market situation

You heard about metaverse and have no clue how it actually works behind the scene ? You would like to invest in Decentraland but you don’t know if it makes sense ? And is this place secure to spend your time and do business, after all ? I try to provide an overview in this article

Before reading, it’s best to view an introduction video :

As most of the other existing metaverses, Decentraland is building a decentralized, blockchain-based virtual world for users to create, experience and monetize content and applications

In this virtual world, you can create an avatar, you can interact with other users pretty much like in a social network, and also connect your cryptocurrency wallet to buy NFT and more, using Decentraland currency, MANA

Real world companies can also buy land and build a shop, for advertisement, for selling NFTs, and also proposing other products or services

Artists can also play live concerts, and sell some special products at the same time

There has been a big hype around metaverses when Facebook announced its new strategic vision into the metaverse, and purposedly changed of name to Meta in October 2021 :

This hype was rather shortlived as we can see in the Google trends. The global searches for Decentraland had a big jump right after the Meta announcement, in November 2021

The MANA token was also popular during this time, but soon after the searches collapsed

The MANA token price had a more complex pattern, not directly correlated to this global trend, but also had a spike in November 2021. For the rest, it also followed the huge bull run of crypto markets of 2021, which was followed by a major sell off

Here are a few Tokenomics on CoinMarketCap. We can see that Decentraland has a current market cap of 3,3 billion USD, and due to future MANA token releases, it will mechanically grow to 3,9 billion USD. That means a further dilution of +18%. This is significant but there are many cryptocurrency projects with a much higher planned dilution. The MANA token has most of its ‘money” creation process behind it and is not going to be inflationary, which is a good news

MANA ranks #38 in position among the cryptocurrencies

Legal structure

Let’s have a look how this project is structured from a Legal point of view. We find that there is a Holding company, Metaverse Holdings LTD, which is located in the Cayman Islands :

This holding is said to own the Decentraland (DCL) Trademark :

Cayman Islands is one of the largest offshore banking centre in the world. It is also a captive insurance base and a large trust sector. It is home for many IP holding companies (Intellectual Property), because of tax exemption on royalties :

The operational company is the Decentraland Foundation, holding the Intellectual Property rights over the following components :

  • DCL Client
  • SDK
  • Marketplace
  • Builder
  • Blog
  • DAO
  • Website

The Foundation is located in the USA

It is located near Los Angeles

The Foundation makes available the tools and the site free of charge in order to allow different interactions with the Decentraland platform

The Foundation does not own or control Decentraland, as ownership and governance is decentralized in the community through a DAO :

The DAO provides a full income & expense transparency report :, which is quite remarkable

We can see, in the last 30 days, an overall income of 4,4 Million USD, and an overall expense of 0,7 Million USD

On-chain analysis

The vast majority of cryptocurrencies available on the market today use public blockchains to verify and record data. Because of this, the data is available “on-chain”, for everyone to see

On-chain analysis refers to the method of using information from a blockchain ledger to determine market sentiment. More specifically, it involves looking at transaction data and crypto wallet balances

For this, there are a number of tools available, some being free to use. Here is a comprehensive overview : We will use several of them :

  • IntoTheBlock
  • Messari
  • Etherscan
  • Dune Analytics

Let’s start by an analysis of break even price and addresses. In the data below, we see that, as of the redaction of this article, about 60% of all MANA addresses are at a loss. MANA is quite correlated to Bitcoin, and as the vast majority of cryptocurrencies, is highly volatile, so this can change quickly

Let’s check how the MANA holders are distributed. We see that retail holders play a very minor role, while big whales (large holders) and investors are owners of the majority of the tokens

More in detail, Whales are 16 and holding 54% of the tokens, while Investors are 123 and holding 27% of the tokens. Only a portion of these are high activity addresses with capital inflow/outflow

In the chart below, we see a confirmation that long term hodlers are on the rise, in proportion to speculators (short term traders and cruisers) who are, in comparison, taking profits and moving away

Here below additional details about the distribution of hodlers : there are currently a total of 237 094 addresses invested in MANA, among these, a huge majority has less than 1 k USD

As we will see below, the biggest addresses are CEX – Centralized Exchanges, such as the world leader Binance. The remaining majority of addresses are private wallets with a low holding position in MANA

Now let’s dive deeper and check the top 15 addresses. Here is the ranking list available on Etherscan

Let’s go through each of these addresses. While doing this, we will use additional tools, and take the opportunity to explore further platforms in the Decentraland ecosystem

Rank 1 : 0xefb94ac00f1cee8a89d5c3f49faa799da6f03024 – 332 MUSD

I’m going to use this handy tool : It’s really helpfull to check the links between addresses and help identify, in some cases, who is behind. Let’s run it for this first address. We find that Upbit, a major South Korean cryptocurrency exchange, is behind this address. This is the first CEX holding MANA

Rank 2 : 0xa3a90cacfd83ea4b114d5d7a24b54b42f670af94 – 329 MUSD

With the breadcrumbs tool seen above, we find that it’s a “Decentraland Vesting” address

Vesting is a key part of a crypto project’s tokenomics. It’s also used in traditional Finance

Through vesting, public and private investors can be protected from the price volatility caused by massive sell-offs that often follow Initial Coin Offerings, and make sure that the project creators are not leaving the project immediately after the ICO

Vesting period, also called token lockup period, refers to a period of time in which the tokens sold in the pre-sale of ICO stage are prevented from being sold for a specific period of time

Let’s Google “Decentraland Vesting”. We find the following link, in which we look for our above address :

This leads us to the details of the Vesting Contract :

We see this is a linear vesting contract, running unti 2030. At the current price, the beneficiaries will receive about 400 Million USD. Looking further into the beneficiary address, we find the following

That means the beneficiary is Gnosis Safe, which is a multi signature wallet, used to manage company crypto assets

The Gnosis Safe is much probably used to ensure the security of the funds distribution with a consensus mechanism for the distribution

Rank 3 : 0x7a3abf8897f31b56f09c6f69d074a393a905c1ac – 326 MUSD

This is another Vesting Contract, quite similar to the above one. At the current price, the beneficiaries will receive about 380 Million USD

Let’s check the beneficiary : 0x9A6ebE7E2a7722F8200d0ffB63a1F6406A0d7dce. We find it is the Decentraland DAO – Decentralized Autonomous Organization

Here below the definition of a DAO

So basically, this is the autonomous entity which is managing Decentraland. We see that the DAO has sent some of its available funds into :


Lido is a liquid staking solution for ETH 2.0. Lido lets users stake their ETH – without locking assets or maintaining infrastructure – whilst participating in on-chain activities, e.g. lending

We can see that about 45 Million USD are staked by the DAO into Lido. This is contributing to the overall revenues of the DAO, through payment of interests


Aragon is a secure platform for creating and managing the collection of smart contracts needed to run a DAO

The backend of Decentraland’s DAO is built using Aragon, as we can confirm here :

Rank 4 : 0xf977814e90da44bfa03b6295a0616a897441acec – 256 MUSD

This address is obviously a Binance bridge, holding retail investors MANA tokens purchased through this CEX

Rank 5 : 0xbe0eb53f46cd790cd13851d5eff43d12404d33e8 – 168 MUSD

This address is again a Binance bridge for retail investors

Rank 6 : 0x28c6c06298d514db089934071355e5743bf21d60 – 91 MUSD

This address is again a Binance bridge for retail investors

Rank 7 : 0xe1498a9ef5c6aa51790a642f70c31238326b1724 – 88 MUSD

This address is obviously a Kraken bridge, holding retail investors MANA tokens purchased through this CEX

Rank 8 : 0x9a6ebe7e2a7722f8200d0ffb63a1f6406a0d7dce – 76 MUSD

This is the Decentraland DAO we have seen above

Rank 9 : 0x6262998ced04146fa42253a5c0af90ca02dfd2a3 – 60 MUSD

This address is obviously a bridge, holding retail investors MANA tokens purchased through this CEX

Rank 10 : 0xfd09cf7cfffa9932e33668311c4777cb9db3c9be – 58 MUSD

We see that the address refers to the Decentraland wMANA token. What is this ?

In Decentraland, “wrapping” MANA refers to locking it up in the DAO. When you wrap your MANA, you can no longer spend it or transfer it. It has to be unwrapped 1:1 back to MANA to transfer it

The Smart Contract TokenWrapper is available here : Here below the function deposit code :

Decentraland is not controlled by a centralized entity : Instead, Decentraland is governed by MANA, LAND, and Estate holders through the Decentraland DAO

In the DAO documentation, we see the voting power calculation : the DAO looks at both the wrapped MANA and unwrapped MANA balances

That means wrapping your MANA is not mandatory to vote in the DAO. This is following a major update to the DAO implementation in May 2021 :

Rank 11 : 0xadf023a014462fdced0557c42454989ef102ec86 – 57 MUSD

We find that it is another vesting contract. This one has been launched much later, in August 2021

Rank 12 : 0xa685a61171bb30d4072b338c80cb7b2c865c873e – 54 MUSD

We find that aMANA tokens are stored on this address. What is this ?

It’s Aave interest bearing tokens. Aave is an open-source, decentralized lending protocol built on the Ethereum network : It’s a major platform in the Decentralized Finance (DeFi)

Lenders on this platform receive aTokens (Aave interest bearing tokens). These tokens can be stored and traded. They have a value equivalent to the tokens deposited and can be redeemed on a 1:1 basis

We can check the constructor in the Smart Contract code base

At the time of writing this paragraph, here is the MANA supply into the AAVE platform. As of today, the Annual Percentage Yield (APY) is going to be 0.53% for short term and 3.83% for long term

Rank 13 : 0x2ee555c9006a9dc4674f01e0d4dfc58e013708f0 – 49 MUSD

We find that this is the CEX BTC Turk :

Interesting to note : Coinbase is currently leading talks with BTC Turk, to acquire this company established in Turkey, for about 3.2 billion USD :

This would put Coinbase as a significant CEX holding MANA

Rank 14 : 0xa6ea3b9c04b8a38ff5e224e7c3d6937ca44c0ef9 – 48 MUSD

We find that this is the GemJoin contract address. What is this ? Join belongs to the MakerDAO protocol :

It is a Decentralized Finance (DeFi) project with a crypto-collateralized, stablecoin DAI pegged to the US dollar. Its community manages the coin via a Decentralized Autonomous Organization (DAO). Users generate DAI by locking cryptocurrency in a Maker Vault at a certain Liquidation Ratio

GemJoin allows standard ERC20 tokens to be deposited for use with the system. A lot of things can be done with DAI :

We can confirm that the Decentraland DAO uses the DeFi protocol MakerDAO, as per this tweet

I highly recommend to check the official application of Decentraland DAO here below, as it contains many usefull informations. You find it in the MakerDAO forum

Rank 15 : 0x34ea4138580435b5a521e460035edb19df1938c1 – 43 MUSD

This is another Binance fund, holding retail investors MANA tokens purchased through this CEX

Now, let’s wrap up what we have seen above

Summary top 15 addresses

We have seen that the majority of the MANA tokens are held by Centralized Exchanges (CEX), such as Binance, Upbit, Kraken,, BTC Turk

The Decentraland DAO or Decentralized Autonomous Organization, has several vesting programs in place until year 2030, which will ensure the stability of the early investors in the DAO. The DAO is managed using the Aragon platform

The DAO makes use of Decentralized Finance (DeFi), staking funds in the Lido platform, placing MANA in collateral on Aave and MakerDAO

Million USD AddressDescription
Upbit : it is a South Korean cryptocurrency exchange founded in 2017. It is operated by Dunamu, which is one of the highest-valued startups in South Korea
3290xa3a90cacfd83ea4b114d5d7a24b54b42f670af94Vesting Contract : it is one of the main contract address used to manage the vesting schedule of Decentraland. The funds are sent to a Gnosis Safe multi signature wallet
3260x7a3abf8897f31b56f09c6f69d074a393a905c1acVesting Contract : the beneficiary is Decentraland DAO. The funds are staked in the Lido protocol. The DAO is managed with the help of the Aragon platform
2560xf977814e90da44bfa03b6295a0616a897441acecBinance : this CEX holds retail investors purchases in MANA
1680xbe0eb53f46cd790cd13851d5eff43d12404d33e8Binance : this CEX holds retail investors purchases in MANA
910x28c6c06298d514db089934071355e5743bf21d60Binance : this CEX holds retail investors purchases in MANA
910xe1498a9ef5c6aa51790a642f70c31238326b1724Kraken : this CEX holds retail investors purchases in MANA
880x28c6c06298d514db089934071355e5743bf21d60Binance : this CEX holds retail investors purchases in MANA
760x9a6ebe7e2a7722f8200d0ffb63a1f6406a0d7dceDecentraland DAO : the funds are staked in the Lido protocol. The DAO is managed with the help of the Aragon platform : this CEX holds retail investors purchases in MANA
580xfd09cf7cfffa9932e33668311c4777cb9db3c9beWrapped MANA : this is the contract holding the DAO wrapped MANA
570xadf023a014462fdced0557c42454989ef102ec86Vesting Contract : this is another vesting contract, launched in August 2021
540xa685a61171bb30d4072b338c80cb7b2c865c873eAave : here we have Aave interest bearing tokens
490x2ee555c9006a9dc4674f01e0d4dfc58e013708f0BTC Turk : this CEX holds retail investors purchases in MANA. Coinbase is in talks to acquire this CEX located in Turkey
480xa6ea3b9c04b8a38ff5e224e7c3d6937ca44c0ef9MakerDAO : this is MANA accepted as collateral in multi-collateral DAI
430x34ea4138580435b5a521e460035edb19df1938c1Binance : this CEX holds retail investors purchases in MANA

Let’s review activity indicators

This indicator below, estimates the Twitter sentiment about Decentraland. We can see that there has been a huge increase in positive mood after November 2021 and the hype around metaverse. The overall activity around Decentraland has increased a lot in December 2021, but this was short-lived

Afterwards, the interest has been steady, despite a more recent decline. Overall, the Twitter activity seems to be progressively coming back to the level before the Facebook announcement in November 2021. There is clearly no upswing but rather a very slow long term growth

Regarding the marketplace activity of Decentraland (, it’s very choppy. There has been a huge increase in active wallets in year 2020, immediately followed by a huge drop. The Facebook announcement in November 2021 did not entail a major increase in active wallets. Currently, the marketplace activity is back to a rather low level, but still on a long term growth trend

The sales volume had a spike in December 2021 following an overall NFT speculation phase. This has been followed by a major drop and we see the marketplace sales coming back to a rather low level

Regarding the sales of LAND, despite a significant increase in the wake of the Facebook announcement in November 2021, there is no long term increase, with a current monthly sale of 3,3 Million USD as of April 2022 (therefore back to year 2020 level)


The Decentraland infrastructure is well documented here :

It’s currently based on a Client-Server infrastructure (but there is also a Desktop client in beta version). You get an overview in the chart below :

Server side

Let’s start by checking the back end. We can find a server dashboard here below

We can see that there are currently 1346 users on the servers, which is not much, as compared to a game such as Fortnite, which has around 4 million users per day

Let’s review the typical structure of a Decentraland server. We will see that the backend is written in Typescript :


The content servers store many of the entities used in Decentraland. For example scenes, wearables and profiles

Content servers will automatically sync with each other, as long as they were all whitelisted by the DAO

Here is the snapshot of a content server :


In computer programming, Lambdas are anonymous fonctions :

This service provides a set of utilities required by the clients and servers in order to retrieve or validate data

Some of the validations in the lambdas utilities are ownership related, and for that the code uses The Graph API to query the blockchain

For example, this function checks for name ownership, using a subgraph query :

The lambdas utilities are by default listening and are responding as per the need

You can check this blog for further technical explanations about TheGraph, and its use applied to the Decentraland blockchain :


Decentraland uses P2P connections for communication between players. Decentraland is therefore grouping peers in clusters called “Islands”, so they can communicate more efficiently and keep the game speed

The module in charge is Archipelago :

It calculates the distance between peers and setup the Islands accordingly. Here is one of the mechanisms in use :

This is how the server presents the data :

Let’s try to grab more informations about the backend infrastucture. For this, we can start looking into the server dashboard address :

I use this search engine : The IP address is, which corresponds to an Amazon ASN (Autonomous System Number are networks typically governed by large ISPs that participate in global Internet routing)

Let’s apply a whois on this domain. We can see that it corresponds to Amazon Web Services (AWS)

The overall domain tree is as follows :

By doing a Zenmap scan on the IP, we can confirm the open ports which is quite typical for a web service (80 : HTTP, 443 : HTTPS)

Vercel ( is acting as a web server. The Vercel app includes several security layers

Despite this, Vercel is not free from weaknesses, and was recently at the center of a DeFi hack :

What do we find in the Vercel server ?

First of all, we have the backbone Decentraland productive servers. They are either organized by world regions, or by the names of the founders or key people working for the DAO

Then, we have some key services : GitHub, unpkg, jsDelivr

On GitHub, we have the open source code of Decentraland, which is used to run the catalyst servers : Vercel is taking the code from there

We then have two CDN, or content delivery networks : unpkg and jsDelivr

CDNs are geographically distributed network of proxy servers and their data centers. The goal is to provide high availability and performance by distributing the service spatially relative to end users

CDNs are a layer in the internet ecosystem. Content owners pay CDN operators to deliver their content to their end users. In turn, a CDN pays Internet service providers (ISPs), carriers, and network operators for hosting its servers in their data centers

unpkg is an open source, fast and global content delivery network for everything on npm :

  • npm is the package manager for Node.js. It was created as an open source project to help JavaScript developers easily share packaged modules of code
  • the npm Registry is a public collection of packages of open-source code for Node.js, front-end web apps, mobile apps, robots, routers, and other needs of the JavaScript community
  • npm is the command line client that allows developers to install and publish those packages

jsDelivr is also an open source CDN, it is used here as it provides mirrors to npm and Github, and interacts also with AWS

Let’s dig a bit deeper in the backbone servers (using tools such as, ping, nmap). Here is a summary table of the findings :

Server nameHostIPv4
peer-ec1.decentraland.orgCloudflare USA104.19.217.110
peer-ec2.decentraland.orgCloudflare USA104.19.216.110
peer-wc1.decentraland.orgCloudflare USA104.19.217.110
peer-eu1.decentraland.orgCloudflare USA104.19.217.110
peer-ap1.decentraland.orgCloudflare USA104.19.217.110
interconnected.onlineCloudflare USA188.114.96.6
peer.decentral.ioCloudflare USA188.114.97.6
peer.melonwave.comCloudflare USA188.114.96.6
peer.kyllian.meCloudflare USA62.4.0.100
peer.uadevops.comCloudflare USA104.21.27.22
peer.dclnodes.ioCloudflare USA172.67.159.49

The Decentraland servers are not exposed directly, but only through the Cloudflare platform (, probably for enhanced security, as Cloudflare is hiding the origin IP server address from potential attackers, and stops malicious traffic before it reaches any origin web server (with a WAF, DDoS protection,…)

That means that the servers are private seen by a Decentraland user, we do not have access to them directly, nor their database. For a so called decentralized application, this is important to note

Client side

Let’s continue with the front end. For this, I scan the domain on

The domain is also hosted on Cloudflare, which acts as a proxy server. Here is the domain structure :

We find that there are several SEO analytics trackers : Google, Hotjar, Segment, Facebook

Google tracking solutions are well known. Hotjar may not speak to many, but it’s also a well known analytics solution now belonging to Contentsquare ( Segment is also well known (

Regarding how Facebook implements some analytics, we see that it is based upon Facebook Pixel (

Typically, there is a code snippet installed on each Decentraland page where the Devs want the tracking to occur

A cookie is installed on your computer by Facebook, to enable the tracking

I would not expect to find several SEO analytics tools on a “decentralized” application, but it makes sense to run the business better

Let’s check how the website is built. For this, let’s go in Developper tools (press F12). The first lines are interesting :

We see that Decentraland is built using React and Gatsby, which are Javascript Frameworks


Decentraland has a well maintained GitHub repository, and it’s really the core of the Decentraland ecosystem. All the code driving Decentraland is published here

Decentraland uses the well known Unity 3D engine, for in game graphics rendering. There is also a decentralized web-based application (dApp)

The development activities are on-going at a steady level. There is no acceleration, though, as you could expect for such a hyped project

Blockchain interaction

Here is the list of Decentraland Smart Contracts :

We find the following flowchart in the Decentraland documentation. Basically, MANA is a token on the ERC20 Ethereum blockchain, while land is an ERC721 NFT asset (

On the blockchain, you find the ledger that tracks the ownership of land parcels. Each parcel of LAND has a unique coordinate in the virtual world, an owner and a reference to a description file representing the content within the parcel

Polygon MATIC

One major drawback of Ethereum is the high transaction fees (gas) and the slow transaction speed due to some on-going network congestion

A compatibility with Polygon MATIC has been implemented in Decentraland, as a scalability solution :

Polygon is a growing multi-chain ecosystem, connecting various blockchains together, and also acting as a layer L2 blockchain :

The usage of Polygon on the Decentraland marketplace, seems to be very low, as per the DAO transparency report : Therefore, this technical solution does not bring in a lot of additional value, for the time being at least


The Foundation manages the security risks seriously, I would say. On the GitHub page, all Audit reports are archived, for everyone to see. This is really a great transparency endeavour :

There are still some occasional security loopholes in the Decentraland Smart Contracts, as well documented by this recent Foundation blog post :

In some conditions, a critical vulnerability of the LAND smart contracts could allow anyone to transfer LAND without a LAND owner’s permission

NFT collections

Let’s have a look at the top NFT contributors. There is an updated board within Decentraland

Here below a summary table about the top 10 creators in March 2022

Creator Link
DeadfellazDCL eth#0xb377cfbb9bb1d33016c483ac14147f5e9f6d332a

What are the recent concerns of this community of NFT creators ?

Overall, they challenge the outdated business model of IRL art galleries, which are applying high commissions

They are also concerned by the high congestion of the Ethereum blockchain, and the soaring gas fees. There was a climax recently at the launch of the APE virtual lands metaverse collection launch :

There has been a DAO proposal put to the vote, to make sure only quality content is minted on the platform. A minimum fee of 500 USD would need to be paid by all NFT creators for minting. A strong resistance was seen on social networks

There has been some controversies in some cases, whereby an influencer could help a proposal to be passed to the DAO for approval. Not very ethical 🙁

As a complement, some wonder about the real ownership of NFTs purchased in those metaverse. Are you the only and legitimate owner ? You shall read the article below

NFTs exist on the blockchain. The digital assets such as land, goods and characters in the metaverse, exist on private servers running proprietary code with secured, inaccessible databases

Decentraland could be delinking the digital assets from their original NFT identification codes. The concept of ownership has restrictions in the metaverse


Let’s wrap-up this article. I deemed necessary to prepare a summary table, putting together the main characteristics of this metaverse, together with an assessment of its value proposition

Item Comment Value Proposition
User baseAudience is low and not increasing
TokenomicsToken price much too high vs DAO revenue and user base
LegalThe digital assets (NFT) have little to no value outside Decentraland
User ExperienceDCL is an interesting concept but the interest to “play” can fade away=
NFT CreatorsThe entry fees may be too high vs a volatile token price=
VestingEarly investors are locked in the mid-long term to bring stability+
DeFiDCL uses several DeFi platforms to generate interest (Aave, MakerDAO, Lido,…)+
InfrastructureDCL uses a state of the art infrastructure (AWS, CDN, Vercel, Cloudflare, GitHub, NodeJS, Analytics…) and proposes a side chain (Polygon). There’s a lot of Engineering work !++
DAOWell managed and transparent. Takes security seriously. Takes advantage of Aragon suite++

Overall, I consider that Decentraland, although it has a small user base, sets a new benchmark. Let’s see what happens in the future of this metaverse 🙂