Hey there,

When I started this blog, I wanted to tell the stories of people mainstream media didn't find interesting enough to cover. To a certain extent, I have accomplished this over the years. Last year, we published a piece that explored how African artists view NFTs. We wrote about Axie Infinity when they were much smaller, and Alex from Nansen gave an interview long before they raised $75 million.

Today, I return with a similar story about Auri. I met him through a thread he wrote explaining which projects are good to farm for airdrops.

I contacted him to see if he could share his methods, as I usually collaborate with portfolio companies to design token economics. So I got someone who regularly profited from exploiting some of our work. Given all the excitement around Arbitrum’s airdrop last week, I figured now would be a good time to share the conversation with the rest of the community. And lay a framework for what the future of airdrops looks like.

It is a story of hustle, jealousy and persistence. And it is still being written. In learning more about Auri and the airdrop farms, I saw a glimpse of the greed, aspiration & hustle that powers crypto as an industry.

Before we begin, I’d like to mention that Auri came off astute in our conversations. He’s a resource I intend to contact whenever we design another airdrop. We don’t exactly cover how to exploit protocols in the piece. With all that out of the way, let’s dig into his story & how the industry’s notion of sending people free money may evolve.

Note: I use the term sybil throughout this article. It describes when a user sets up hundreds of wallets to use an on-chain product. Oftentimes, they make it seem as though thousands of users are on the product. In the Web2 world, sybiling often involved click farms and bots. This scene from Silicon Valley Series is a good visual of what a sybil attack looks like in Web2. Anyway, back to Auri..

How It Began

It is the Summer of 2020. A younger version of Auri had just gotten done applying for jobs after finishing his master's. Until someone decided to eat a bat in Wuhan, and the world decided to lock everything down. Covid lockdowns were spreading far and wide. The economy temporarily collapsed, and anyone looking to hire called it off until they figured out what remote working is.

Locked out of immediate prospects for jobs or internships, Auri decided to look at crypto as a sector. He had dabbled in it for a bit in 2017 during the boom. Like everyone else, he also lost money in it.

He reached out to several startups in the industry. Finally, a non-custodial wallet gave him a chance, and Auri had his first job in the industry. This was right when DeFi summer of 2020 was about to take off. Unlike in 2017, you could use tools like Aave or Uniswap. The industry had built use cases instead of peddling white papers and ICOs. Like everyone in crypto, his attention slowly shifted to how people make money in the industry.

This was right about when Coinlist began doing their sales. They allowed retail investors to buy small sums of crypto after doing AML-KYC on their platform. The valuations were at a slight premium from what VCs were paying, and having an allocation almost meant a sure return at the time.

Many people often did not bother with the hassle of setting up a Coinlist account, and much of the asset's price appreciation happened on the listing. This whole process is similar to subscribing to an IPO.

Auri noticed that while there were limits on people buying tokens with a single account, nothing stopped users from onboarding their family members. Think of it this way. If you had invested $200 and received a 500% appreciation on the token being released, that’s $1000 profit.

But what if you could enlist your immediate family and have five accounts deploying $200 each? That comes to ~$5000 in profit. Of course, there is the speculatory risk of the appreciation not being high. But so long as the market was in the frenzy as it was in 2020, the odds are high that users made decent money.

Naturally, at the time, Coinlist noticed what was going on. In fact, at one point, they initiated a queue system. If thousands of users wanted to buy allocations in a token, they would be given a number determining their probability of getting the tokens. It worked until users realised having multiple tabs open could give them a better likelihood of getting a token allocation.

So people began renting large spaces where hundreds of computers were set up to get an allocation. This video from a Twitter user shows the scale of such operations.

The Economics at Play

According to Auri, communities were set up to coordinate setting up fake accounts on Coinlist. Then, the team at coinlist began checking if the browsers used to log in were unique. Multiple accounts logged in from the same machine meant something was off. This was when people started convincing neighbours, friends and family to set up accounts for an allocation.

So long as everyone made a quick buck, the party was on. Things escalated to a whole another level when Uniswap did their airdrop. At the time, Uniswap offered at least 400 UNI tokens to anyone who traded on the product. The dollar value of those tokens was close to ±$2000 for each wallet.

If you owned ten wallets, you would have received a minimum of 4000 UNI tokens. However, here’s where it gets interesting. Since none of those wallets needed AML/KYC or any form of verification, a single person could set up thousands of wallets and claim tokens. This analysis from Dune sheds light on what generally happens after protocols give away tokens.

Some 93% of all wallets that received Uniswap tokens from their airdrop sold them within a year. It seems like the market does not want to govern “decentralised” protocols after all.

See the problem here? Projects were giving tokens in exchange for nothing. Well - not nothing. The prevailing thought then was that there’s a cost to acquiring users. This can be hundreds of dollars for a niche, high transaction value product like an on-chain dex. Paypal gave away $10 in cold-hard cash (well, digitally) back when they took off too.

Instead of spending ad dollars, protocols could give the equivalent of it to users as airdrops. So you save capital during a bear market and make a liquid market for the tokens & a more significant number of wallets now own your token.

Or that’s the logical reasoning behind airdrops. But this does not always work, as we’ll see shortly through Auri’s story. Once Uniswap released its token, it became apparent that more projects would follow the same model. It was a great way to build a community without necessarily selling tokens to retail users. On one end, you reduce legal risks; on the other, you acquire users.

Any token economic distribution with a chunk allocated to the community was a potential airdrop farming target.

The mental heuristic at play goes like this -

• The last time the venture raised was at a valuation of $X (say $100 million)

• 20% of the network is allocated to community members for using the product (So $20 million) 

• On listing, the product may see a 300% rise in valuation (So $60 million)

• Would running bots make economic sense if you can capture 1-2% of that $60 million pool? 

There's one more variable at play here that made doing airdrop farming worth it in late 2021. Buoyed by the bull market, every token saw a substantial uptick in its valuations at the time of listing. It meant that even individual users who had tested an app could see five-figure sums in airdrop rewards. For example, an avid reader of this blog reported making $50,000 for testing Biconomy's bridge when their airdrop happened. 

According to Auri, the industry's challenge is not with a single user making five or ten wallets hoping to make a quick buck. Instead, the challenge emerges from people resourceful enough to take sybiling to an industrial scale. Those ran hundreds of accounts on a network receiving millions of dollars worth of tokens.

While they do the hard work of stress-testing a network, these users also substantially influence an asset's price. If a token does not have sufficient liquidity at the time of listing, a single airdrop farmer can weigh down the price of the asset for months. 

As for Auri himself, the guy did not make much money airdrop farming for the longest period. He was on the sidelines watching others he knew making millions of dollars. Jealousy is good motivation, so he kept at it until he made over $200k on a single protocol’s token launch. Unfortunately, for the guy and many others in the industry, he lost the bulk of it when UST depegged last year.

For a sense of scale, the median income in the region Auri is from is around $6000 a year. That $200k figure is roughly 30 times what he would have made in a traditional job. This difference between what could be earned in a conventional market and what crypto enables - attracts so many to the industry.

The incentives are so strong that some individuals set up large-scale factories for farming airdrops. This usually includes setting up a house in a remote part of the country, hiring low-cost labour and having individuals manually use multiple apps daily from hundreds of wallets.

The chart below expresses airdrop sums as years of income in emerging markets. When you have the probability of hitting a year’s worth of income for a few minutes of work, you spend days doing it from hundreds of wallets. An important caveat here. The figure below assumes $3000 is the median income in an emerging market. The average person making that low an income is likely not deploying thousands of dollars into Ribbon protocol for their airdrop.

Most farmers work for a third party with the capital to deploy to such projects. The guild model we see in gaming is a variation of this disconnect between potential income and start-up capital for those wanting to engage in these markets.

According to Auri, most Web3 native startups with planned airdrops understand the possibility of being sybil attacked. The attacks are a desired feature as heightened traction helps raise at higher valuations in private markets. Much of the volume on LooksRare and Blur came from wash traders looking to earn a quick buck. But that activity drove narratives in the market, which helped solidify their valuations. The chart below summarises how airdrop-driven activity plays out in the long run.

If they took a stance that airdrop farmers should be blocked entirely, there’s the chance the product would see no traction. There’s a saying that the best marketing for crypto startups is to make a lot of people rich in a short period. Airdrops are a mechanism to provide skin in the game for large groups of people who then go on and evangelise the product.

Setting Farms on Fire

At this point in the conversation, I wanted to see if Auri believes protocols can stop sybil attacks. A little randomization, different people with different behavioural patterns managing different wallets (all those wallets still belong to the prime beneficiary), withdrawal from CEXes, ease of buying KYCs - all of this makes any attempt to fully tackle sybils exclusively through on-chain data futile.

He believes airdrops are here to stay; there is simply no choice for initial distribution for top projects from a legal perspective. According to him, for the sake of the industry, we should stop incentivizing this mercenary behaviour. The question remains how.

There are broadly two ways a sybil attack can occur. First is when a single person runs hundreds of wallets programmatically. These are airdrops where only on-chain interactions are used as a metric for passing on airdrops. Protocols can do nothing to stop such an individual from making millions of dollars from a protocol.

A different approach is enforcing AML and KYC procedures on users claiming an airdrop. This is against the ethos of anonymous capital movements in crypto. People can pay people to share their passports or license documents. In regions like India, paying someone as low as $5 can work if you are trying to game an airdrop.

Most farms often collect these documents from individuals and pass them on to someone who manages hundreds of wallets. Some projects check if a wallet owner is active on discord. So people are often hired to post seemingly random questions and engage with content posted by teams to pass off as a legitimate user with AML and KYC done.

The challenge with enforcing KYC as an airdrop protection mechanism is that it sidelines users from authoritarian nations. A well-meaning user from a country with draconian stances against crypto may be unable to engage with the product if required to give state-issued identity documents.

A different challenge with KYC is that it may bring liability to the product. Last year, Gitcoin had to bar an initiative focused on users from Iran due to a sanction from the United States government. Enforcing identity breaks access.

I don't mean to suggest projects do not have mechanisms to stop Sybil farmers. Nansen recently released a breakdown of how they helped Arbitrum design their airdrop. Using on-chain analysis can often be a simple tool to restrict airdrop farmers. A recent report published by independent researcher X-explore on Mirror claim that some ~280k wallets cumulatively received 20.8% of all airdrops.

These were wallets that were controlled by single entities. They concluded by observing that the initial funding source for all these wallets was the same address from a centralised exchange or bridge. Essentially, a single person withdrawing from the same address to hundreds of wallets.

There is very little a project can do once the tokens are in the wild. Quite recently, Hashflow passed a governance proposal to extend the vesting airdrop recipients had for their tokens. Moves like that can fragment communities. One approach teams have taken is incentivising users to detect sybil activity and report it proactively.

Gearbox had a user directly report several large wallets possibly doing airdrop farming on their project early on. For the average project, the choice is between focusing on allowing users to sybil, thereby driving adoption narratives, or making it impossible to Sybil and disincentivise people from being involved early on.

Auri pointed out that people in his network don't think of crypto as the future of anything. If anything, it is seen as a scam. But it is also a meaningful pathway to generating wealth. The reason why a lot of individuals in his network exploit airdrops is due to their inherent lack of trust in any system. For them, what matters is maximising the extraction of value.

Airdrops in crypto are a player vs player game. Every protocol is an MMORPG (Massive multiplayer, online role-playing game). Users try to set up multiple wallets to accumulate as many resources (tokens) as possible. Airdrops, are where Universal Basic Income (UBI) meets capitalism and good old hustle from third-world countries. Simultaneously, a feature and a bug for the ecosystem. I was curious to see what Auri thought the future of airdrops and his own hustle looked like in the coming years.

What The Future Looks Like

According to Auri, the kind of games that occur in crypto today will likely not last much longer. Proprietary models to detect Sybil attacks are being developed by on-chain analysis platforms. An ever-increasing number of protocols probably choose to have meaningful revenue early on instead of optimising spam transactions on their network.

He believes his time is best spent on gaming and opportunities around AI. His experience in understanding how user sybiling occurs could be valuable for games that seek to reward large user bases with on-chain instruments.

At one point in our conversation, I asked if he regretted participating in crypto. He thinks it is best to build hard skills in a different profession and do crypto on the sidelines. Because for all the returns in the industry, the odds of losing it all are just as high. For every good story we hear about someone making it through sheer hustle, there are ample instances of people losing their life savings.

All of this made me think of what the future of airdrops even looks like. It serves well to look at incentives to understand why airdrops happen in the first place. Unlike ICOs, an airdrop does not solicit money directly from retail users. It only asks for participation.

Most of the time, the cost incurred by the user for engaging with a product is covered by the return they make on the tokens they eventually receive. One of the most potent ways you can expect a user to come to your product and spend $3 on a transaction is by selling them the hope of making $10 eventually.

Airdrops are also a mechanism for platforms to pass ownership to users. Substack is raising money from its writers at a $600 million valuation as I write these words. AirBNB once tried to pass equity to hosts on the network. Uber might have been better off if its drivers had a say in how it is governed. As long as platforms exist, stakeholders will need a way to provide inputs on how it is run. Airdrops are effective for solving that challenge. 

If you are venture-backed, there is the expectation that you will create a return at some point in time. For protocols, the mechanism often involves issuing a token that can then be used for governance. Large parts of the business remain privately held, but passing on decisions such as which assets to list to users makes them proactive in helping run the business. So long as founders see airdrops as a meaningful path to decentralisation or exiting to the community, they are here to stay.

But the average person does not care about a random venture exiting to the public. I recently talked to Akshay BD from Solana foundation about the evolution of NFTs when he explained an alternative model that may work. In his view, the opportunity is to go to the retail user who has built loyalty to brands they consume from every week or so. Think about Nightjar Coffee in Dubai or Third Wave Coffee in Bangalore rolling out an NFT-linked cashback programme. You get the gist. We will see “airdrops” play out when apps translate cash-backs or loyalty points to assets.

The flow he suggested works by scanning a QR code at the bottom of the bill. It links to your wallet and auto-credits the loyalty points related to the purchase. Spent $500 with friends on a dinner at Nobu? Here’s $25 to redeem on your next purchase. Ideally, network effects kick into a product when hundreds of brands are linked to the wallet. You may think we have re-invented airline miles, which is true. Airline businesses with a miles programme are essentially fintech businesses. The operational side only facilitates the trade of these points.

When your credit card offers airline miles, airlines set a base cost per mile. Usually, it works in the OTC market. Akshay thinks this opaque market can soon have hundreds of brands, with millions of customers trading against one another. So how it would work is you get an airdrop (or cashback as Indians know it) in proportion to your spending and loyalty to a brand. Then, if you want to try out a new place, you can swap the points for a different brand’s points in the open market. For businesses that partake in such a model, getting a portion of the royalty whenever a user trades their NFT rewards is the upside.

Brands could selectively target users based on their behaviour. Restaurants today already track how often you visit them or what you spend on them. But they generally reach users through social media outlets or text messaging. Customers have increasingly ignored both of these as spam. Akshay suggests that instead of bombarding people with flashy ads, brands can now offer value to users depending on how committed they have been to the brand.

Now don’t get me wrong. Bringing loyalty points online alone won’t mean much. We had the same thesis with game assets, and last I checked, nobody can port over gold bars from Red Dead Redemption 2 to cash in GTA 5. And the same studio owns both games. Often, brands do not want to allow a fluid transfer of assets among themselves. That is why you cannot use your Starbucks gift card at Domino.

The only way a model like this could work is if the network effects are more significant than the silos that exist today. A brand like Nobu will jump on board if they see that they are missing out on thousands of customers by not being on a platform like this. The same happened with traditional print media when the threat of going digital came. But there’s a far more compelling reason for such an approach - and that is the fact that blockchains are essentially large-scale query machines.

Let me explain what I mean by that. When you run an ad on Google or Facebook, you are paying a platform for taking your ad to a user on their platform with specific characteristics. While on-chain data cannot surface information around age, brand preferences or last night’s conversations, it can surface the most high-value signal—transactional data. If users’ transactional data can be queried, verified and tracked publicly without paying a middleman that owns that silo of data (like Google), brands could offer far more value to users.

By some estimates, ±40% of every venture dollar raised goes to an ad company hoping to acquire a user. Akshay’s model argues that the querying can be zero cost, and the value spent on ads can go directly to users. Now you have the challenge of spam hitting a product like this. This already happens on blockchain networks today.

Publicly active wallets on Ethereum routinely see spam tokens being sent to wallets. Two filters can happen here. One is, at the wallet level, a spammy airdrop could be flagged and not shown to users. The second is if users filter the dollar value of the airdropped offers they received, they can quickly see which is worth their time.

Ironically, I had mentioned how such a model would benefit users a year back when I wrote The Future of NFTs. Where I wrote at length about how users can benefit from NFTs, Akshay looked at it from the point of view of the business. As I write these words, Meta - and several large Web2 brands have been scraping off their plans to integrate NFTs into their products.

Given the top-down distribution such a product would require, players like Meta are best suited to enable such a model. They already have millions of businesses on them & consumers that follow them. Moreover, meta’s marketplaces on Instagram and Facebook are essentially Web2 equivalents of OpenSea if they decide to go down this route. But we believe a Web3 native player likely brings this model to market.

As for the future of airdrops themselves, much like ICOs - airdrops will slowly decline in value generated for speculators. There used to be a time when you could put $1000 into every ICO and expect to see six figures by the end of the quarter. Then there came a phase around mid-2018, where six-figure investments turned out to be returns valued in the thousands as many ICOs were over-valued and terrible investments. So what we have seen with airdrops is a transitionary phase where early adopters have benefited tremendously, but it may not sustain. 

One of the things I noticed in the wild is that projects like Worldcoin have begun taking iris scans in exchange for 25 dollars of airdrops. Of course, it is a bit dystopian to think that all protocols in the future would go to such lengths. But I am seeing the blurring of lines regarding what information can be collected from users in exchange for a potential airdrop.

Auri’s story is very much still being written. I hope to see him being a proactive contributor to funds & the networks we collaborate with. In writing this story, all I took away was that crypto (as an industry) is an arbitrage machine. It allows people from all walks of life to have a chance to hustle at a global scale & cut a slice for themselves from the massive pie capitalism is. There is a little bit of Auri in all of us.

As long as the market remains as free & competitive as it is, we will see people trying to optimise for self-interest and gain. It is how all markets work. Just that in crypto, it is more explicit than what we see in more traditional industries.

I’ll see you guys next with some work we are doing on a prominent gaming protocol.

Email me if you are building along what Akshay mentioned or designing airdrop strategies. We may have investment dollars and a ton of research to guide you.

Off for a long walk,
Joel

P.S. - Auri is looking for opportunities at the intersection of gaming, on-chain analysis and token economies. If you are a fund or a startup looking for someone like him, please do reach out. I’d be happy to make an introduction.

There will be some associated content on Meta’s strategy with NFTs for subscribers only, live on the Substack tomorrow. We won’t be sending it out as an e-mail.

Join us at Telegram and join in on the conversation with ±2700+ researchers, investors, founders & overall great human beings.

Join the community