A Brief History of Airdrops and Anti-Witch Strategies: On the Tradition and Future of "Shearing Wool" Culture

Written by: DefiOasis, Geek Web3

Introduction: This is a brief history of airdrops and yield farming that every yield farmer should read, and it is also a rather interesting popular science article on yield farming.

Understanding the history of a field allows for better "knowing oneself and knowing the enemy, and in a hundred battles, one will never be in peril."

Origins of Airdrop Activities

"Get rewards at almost zero cost." "Money isn't earned; it comes from the wind." This has been the voice of airdrop players on social media in recent years. This kind of "free-riding" has been common in the early days of Web2, where burning money to subsidize users through price wars was prevalent. However, compared to that, the "subsidy" model of directly giving money in Web3 is more eye-catching. After the wealth creation myths of airdrops like ENS and DYDX emerged, the entire Web3 community fell into a "gold rush" for airdrops.

The earliest airdrop behavior in Web3 can be traced back to a programmer named Baldur Friggjar Odinsson, who issued AuroraCoin in 2014 and airdropped 31.8 tokens to each of Iceland's 330,000 citizens.

However, the most recognized pioneer of airdrops is Uniswap. To counter the vampire attack from Sushiswap, the Uniswap project team airdropped at least 400 UNI to each address, with a minimum value exceeding $1,000. After witnessing the traffic-driving effect of the Uniswap airdrop, major projects like 1inch and Lon rushed to imitate it, which to some extent catalyzed the DeFi summer of 2020. As terms like Web3 and DAO gradually gained popularity, airdrops became a customary tradition among major projects in the decentralized space, and it wouldn't be an exaggeration to call it a unique culture in the blockchain community.

Interestingly, the projects distributing airdrops can be divided into two categories: "VC projects" and "community projects," with this article focusing on VC projects.

Major Functions of Airdrops

1. Promotion and Marketing

In the past two years, airdrops have become an essential component for the vast majority of project teams. A successful airdrop can instantly expand a project's influence, and for yield farmers, airdrops are a source of goodwill towards the project; yield farmers voluntarily "show off" their achievements on social media, which invisibly creates a "chain reaction," further intensifying public attention towards the project.

Many project teams hope to create a network effect through airdrop activities, attracting a batch of new users and establishing stronger ties with early adopters. In sectors like DeFi and NFTs, airdrop distribution is also one of the paths many projects take to seize market share and launch "vampire attacks" against competitors.

（Daily transaction volume on OP chain remains high after the airdrop）

Although airdrops can attract new users, there is also evidence suggesting that they do not significantly enhance user loyalty. According to a Uniswap dashboard created by Dune user @jhackworth, only 6.2% of airdrop addresses still hold UNI, and among those who received UNI airdrops and have remained active weekly, they account for less than 2% of Uniswap's weekly active addresses, with a trading volume share of only 1%.

While the decline in the aforementioned ratio may be related to the growth of non-airdrop users, the continuous decline in weekly activity of addresses that received airdrops (as shown in the above chart) actually reflects that the UNI airdrop's contribution to user stickiness is not as strong as anticipated.

2. Decentralization of Tokens

Many project teams, after completing early development, often transfer governance rights and responsibilities by creating DAO organizations to achieve decentralization. Most POS public chains tend to have a stronger demand for token decentralization than DeFi projects, so they usually transfer some tokens through airdrops or public offerings.

To reduce the concentration of token shares among early VCs and the project team itself, most projects will distribute some tokens to the community or early users, allowing community members to help redistribute the tokens, further dispersing them into more hands.

The Game Between Yield Farmers and Project Teams

1. Witch Hunt - A Cat and Mouse Game

The concept of a Sybil Attack was first proposed by John R. Douceur of Microsoft Research in 2002, originating from the 1973 science fiction novel "Sybil," in which the protagonist Sybil Dorsett suffers from dissociative identity disorder with 16 distinct personalities. In the online world, a Sybil Attack mainly refers to the act of creating numerous fake identities/accounts to gain power and benefits, pretending to be multiple different entities, while in reality, the controller behind them is a single individual.

The phenomenon of Sybil attacks has existed since the Web1 era. When it comes to token airdrops, due to the blockchain's inherent "permissionless" nature, the lack of KYC measures, and the strong anonymity of on-chain addresses, it is extremely low-cost for Sybil attackers to create numerous addresses with a single "body" to obtain multiple airdrop rewards.

Airdrop project teams often hope to deliver rewards to users, reaching a mutual benefit. While short-term yield farming activities can provide impressive user data for project teams, when Sybil addresses receive rewards and cash out, becoming inactive after a "one-time flow," it clearly contradicts the vision of various project teams.

（Aptos, which did not conduct anti-Sybil checks, saw on-chain transaction numbers briefly peak during the airdrop, followed by a long period of low activity）

Thus, "witch hunts" targeting attackers become imperative, and the methods to counter Sybil attacks are diverse:

On-chain Behavior Review: This method primarily relies on on-chain data analysis, filtering on-chain addresses based on the financial connections between addresses (funds distribution or aggregation, transfer relationships), and the similarity of on-chain behaviors (interactions with smart contracts, transaction intervals, transaction times, active time periods, etc.). This is the most common review method.

Depending on the project's tolerance level, the typical limit for associated addresses is generally set at 10-20. Some project teams also delegate the review authority to the community, rewarding contributors who report Sybil addresses with confiscated airdrop shares, encouraging community members to actively report Sybil addresses. A typical example of this is Hop Protocol and Connext. However, "as the road rises, so does the devil," and airdrop hunters are continuously enhancing their expertise, with advanced players often well-prepared for significant defenses.

（One of the reports provided by the Connext community based on contributors' reports of on-chain Sybil addresses）

Reputation Scoring: Reputation scoring generally examines users' activity records across different chains (such as on-chain activity, trading volume, gas consumption, etc.), identity verification built on well-known applications (ENS, Lens, etc.), participation in on-chain governance (Snapshot, Tally, etc.), and NFT collection footprints, analyzing the creditworthiness of a particular on-chain address through multiple indicators, and whether it is controlled by a bot.

This method primarily uses reputation scores to identify Sybil addresses, significantly raising the cost of malicious behavior for Sybil attackers (similar to the principle of Proof of Work). Projects like Gitcoin Passport, Phi, and Nomis are representatives of reputation scoring platforms. However, some reputation classification platforms may engage in biased practices, granting higher score weights to users of their own products, and even setting high funding requirements or requiring users to upload information from Web2 accounts like Twitter, Google, and Facebook to prove their real-world identity.

Biometric Verification: Personal biometric features are unique and immutable; each person's iris, fingerprint, and facial features are unique and difficult to forge. For projects distributing airdrops, biometric verification can ensure that most of the distributed rewards go to real users. However, this verification is inefficient, and as seen from the controversies surrounding Worldcoin's iris verification and Sei's facial scanning, the collection of users' biometric information by project teams can lead to privacy breaches and legal risks in different countries and regions.

Additionally, KYC verification involving the upload of citizenship information (driver's license, passport, ID card), soul-bound tokens (SBT), and Poap or Proof of Human issued through in-person verification, whether online or offline, are also mainstream anti-Sybil measures.

In fact, taking reasonable witch-hunting actions to clean up Sybil users can ensure the fairness of the reward distribution mechanism. However, overly strict Sybil reviews may inadvertently harm real users, and delegating Sybil review authority to the community may destroy the emotional bonds among community members, exacerbating conflicts between individuals.

Regardless of the anti-Sybil measures taken, it is unrealistic to completely filter out illegal users. When potential benefits outweigh the costs of malicious behavior, Sybil attacks are inevitable (POW and POS cannot stop Sybil nodes; they can only significantly curb such behavior), and this cat-and-mouse game is unlikely to cease.

2. Shared Fate

On the surface, there is a game of strategy between project teams and users. The opposition between the two is not only reflected in Sybil and anti-Sybil measures; sometimes project teams will hint at airdrops or initiate "Odyssey tasks" to "manage airdrop expectations," manipulating users into interactions. Yield farmers, unaware of whether there are airdrops or the specific rules for airdrop distribution, take the risk of investing costs without returns to participate in interactions, pressuring project teams to provide airdrops and whitelist distributions.

Despite the various strategic relationships between project teams and yield farmers, beneath the surface, the two are in a symbiotic, mutually beneficial relationship. On one hand, yield farming activities are an important component of a project's on-chain activity data and can help identify various bugs in the project during the early stages, facilitating product experience optimization, akin to conducting stress tests (both OP and ARB experienced performance issues during airdrop distributions). This also brings business revenue to project teams; in the Web3 space, which traditionally relies on wealth creation effects, many projects can only survive the long bear market by "nurturing yield farmers." Most project teams also need yield farmers to contribute data to enhance their valuations or to get listed on CEX.

On the other hand, yield farmers can also receive token airdrops in the future, jointly building a "false prosperity."

Changes in Airdrop Policies

1. The History of Airdrop Initiators' Competition

The story of the competition among project teams for airdrops can be traced back to Uniswap. In the DeFi sector, where liquidity is king, DeFi projects led by Sushi "sucked" a significant number of users and locked funds (reaching a peak of $1.2 billion) from Uniswap through liquidity mining incentives during the DeFi Summer of 2020. Under this pressure, Uniswap unprecedentedly distributed a large amount of UNI airdrops to users and launched a liquidity mining program, attracting users back to reclaim its position as the leading DEX, which it has maintained to this day.

（In 2020, Sushi launched a vampire attack, capturing market share from Uniswap）

Today, airdrops have become one of the standard weapons for competing with rivals within the same sector. Project teams employ various strategies to retain users; in the fiercely competitive Layer 2 space, OP has conducted multiple rounds of airdrops to pressure competitors. However, in the past two years, "vampire attacks" related to airdrops have been more pronounced in the NFT space. Before the emergence of Blur, which maximized NFT liquidity, multiple NFT trading platforms like LooksRare and X2Y2 attempted to capture users through airdrops, but these products lacked differentiated advantages. As the expected returns gradually dwindled, users naturally lost interest, and the trading volume and activity on these platforms significantly declined, leaving OpenSea's dominance unshaken.

（Blur gradually encroaching on the market share advantage established by OpenSea）

This serves as a good warning for future project teams: the practicality and rigid demand of a project remain key to user retention; an excellent product is the moat, and airdrops are merely an embellishment for the project.

To this day, Uniswap, updated to version V4, remains the benchmark for DEXs, while Blur has alleviated the liquidity issues in the NFT space during the bear market. Optimism, as one of the leading Layer 2 solutions, provides a solid underlying infrastructure for Ethereum users. Although airdrops have brought temporary excitement, projects lacking practicality and rigid demand ultimately get lost in the tide of history.

2. The Competition Among Yield Farmers

From a simple experience of just leaving an email and joining project communities to deeply engaging with project teams to have a chance at rewards, the airdrop sector has undergone significant changes in just a few years. In a context where good projects are scarce and users are abundant (with unlimited addresses), the relationship between project teams and users is no longer in dynamic balance; the initiative has shifted from users to project teams. Project teams manipulate users' expectations regarding airdrops, voluntarily or in collaboration with task platforms like Galxe, Layer3, and Rabbithole to initiate "Odyssey" activities to manipulate users, shifting from "seeking users" to "users seeking airdrops," leading yield farmers to develop their own community "street wisdom."

3. Direction is More Important than Effort

Many yield farmers closely follow projects invested in by well-known investment institutions like A16Z, Paradigm, and Coinbase. On one hand, they believe these institutions have unique insights, leading to higher market caps for tokens issued in the future; on the other hand, projects backed by well-known institutions tend to have a good probability of airdrops.

According to data summarized by airdrop blogger @ardizor, among well-known investment institutions, projects invested in by Binance, Paradigm, and Multicoin have the highest airdrop probabilities, at 15.4%, 11.6%, and 7.2%, respectively.

（Airdrop rates of projects from some well-known VCs, source: @ardizor）

Among projects backed by well-known VCs, yield farmers also prefer projects with high funding amounts, as large funding indicates better cash flow and prospects, leading to more generous airdrops. When a project team is supported by well-known VCs and high funding, the odds of airdrops also increase, prompting yield farmers to vote with their feet, betting on large financing star projects like zkSync, Starknet, Aleo, Aztec, and LayerZero, where zkSync (approximately 4 million active addresses), Starknet (approximately 2 million active addresses), and LayerZero (approximately 3 million active addresses) are currently hotspots for yield farmers.

（After the Arbitrum airdrop, the number of addresses and daily active users for projects LayerZero and Starknet, both of which raised over $100 million, significantly increased, while zkSyncEra has been growing at a rate of at least 5,000 new active addresses daily since its mainnet launch in March）

4. The Harder You Work, The Luckier You Get

Excluding non-fixed share airdrops like Worldcoin, Arbitrum, which conducted an airdrop in February of this year, currently has the largest address scale at nearly 2.3 million. As more yield farmers join and the airdrop shares are fixed, project teams need to reduce the user base eligible for rewards. Rather than intensifying Sybil reviews and gaining a bad reputation in the community, it is better to raise the threshold for obtaining rewards, filtering for quality users, and distributing rewards more accurately to the user base. This has become a common practice for project teams in their airdrop strategies.

Quantitative analysis by venture capital firm W3.Hitchhiker's Tiga discovered the general distribution pattern of project team airdrops:

Starting rewards: rank 0%---80% of users receive about 50% of the total tokens.

Intermediate rewards: rank 80%---90% of users receive about 10% of the total tokens.

Highest rewards: TOP 10% of users receive about 40% of the total tokens.

（Airdrops also follow the 82 rule, source: Tiga, W3.Hitchhiker）

This tiered airdrop better segments users, distributing the majority of token shares to those who meet the threshold, satisfying the desires of yield farmers while also considering the large contributors to the project, thereby maximizing rewards for deep participants, allowing "each to take what they need," and enabling both groups to gain a good reputation within their respective communities.

Currently, a typical method for tiered airdrops is the "airdrop points system," which can be divided into explicit and implicit points systems.

Explicit Points System: Represented by mintfun, Blur, Arkham, etc., where projects clearly state airdrops but the value of the airdrop is uncertain (some can be estimated through valuation), essentially serving as trading mining or interaction mining with airdrops as a gimmick, also a form of tacitly accepted "Sybil attack," using airdrop expectations to maintain user loyalty.

Implicit Points System: Represented by Connext, Arbitrum, etc., where users do not know whether there will be an airdrop before interacting with the project. The implicit points system adds points for relatively obscure participation interactions or provides multipliers for interactions that meet specific conditions, while deducting points for suspected bot behaviors.

As tiered airdrops become more widespread, the gap between the minimum and maximum airdrop shares can sometimes exceed tenfold. To obtain the maximum share of airdrops, users not only need to choose the right direction but also double their efforts. Thus, the term "premium accounts" for striving for maximum share airdrops has emerged in the airdrop community. These accounts typically mimic real users by meeting the airdrop conditions of similar projects in the same sector and engaging in various random interactions across multiple chains. Yield farmers study the projects to predict airdrop conditions and time their interactions and expenditures to perfectly meet the "full allocation" criteria.

However, whether raising the threshold for obtaining rewards or implementing stricter Sybil reviews ultimately harms the potential earnings of real users.

（The harder you work, the luckier you get: The gap in rewards between light participants and significant contributors in Arbitrum）

Is the Airdrop Sector a Red Ocean?

Airdrops have garnered attention from Web3 users in economically average third-world countries. Driven by the purchasing power of the dollar, low-cost high-yield returns, and the benefits of multiple addresses, most airdrop studios have emerged in these underdeveloped countries. After experiencing several major airdrop events, yield farming studios not only have better cash flow to expand interaction scales but are also gradually becoming professionalized, with random interaction scripts, decentralized and independent IP addresses, and stricter measures to avoid wallet associations against anti-Sybil checks.

（According to Google Trends, searches for airdrop keywords are concentrated in low to middle-income developing countries）

While some studios have closed due to cash flow and airdrop cycle issues, most mature studios have transferred risks through proxy farming and tool sales, maintaining thousands of interacting addresses. The sheer volume of addresses puts considerable pressure on project teams; some project teams have directly set entry thresholds to cope with the overwhelming number of yield farmers, such as Lens Protocol, while most projects have chosen to raise airdrop thresholds in retaliation, leading to a situation of "active witches and zombie users" in the airdrop sector.

In addition, following the Arbitrum airdrop, the phenomenon of single users having multiple addresses has become commonplace, and the airdrop community is giving rise to a complete industry chain, including KOLs writing airdrop tutorials, identity verification providers for Sybil attackers, IP isolation and automation script tool suppliers, anti-Sybil organizations, and even hackers targeting yield farmers, all reflecting the maturity of the airdrop sector.

（The diminishing marginal benefits of airdrops, source: @0xNingNing）

In summary, the airdrop sector was a favorable "gamble" for risk-averse users seeking high returns in its early stages. As the competition for airdrops intensifies, a decline in expected returns is inevitable. If users view airdrops, which sacrifice liquidity and have uncertain return cycles, as investments, then under the risks of anti-yield farming, Sybil attacks, and sharply reduced returns, the final yield may be less than that of dollar-cost averaging during a bear market. The history of airdrops is also a summary of the evolution of the cryptocurrency primary market, transitioning from low-cost high-yield pursuits to requiring certain costs for "arbitrage."

Historically in cryptocurrency, models like Coinlist that birthed hundredfold coins and the Gamefi X to Earn gold mining model have gradually cooled down with the influx of numerous yield farmers, but astute observers know that high-return models do not last long, and yield farmers merely accelerate their lifecycle.