Sybil-Resistance Economics
The problem
Any system that rewards participants must defend against Sybil attacks: an adversary creates many fake identities to multiply their share of rewards. In a game where the prize-pool is fixed, Sybil farming directly transfers value from honest users to the attacker.
The naive failure modes
| Mechanism | Failure |
|---|---|
| One-account-per-IP | Trivially defeated by VPNs and mobile carriers' rotating NAT |
| Captcha at signup | Solved at $0.0001–0.001 per solve by services like 2Captcha |
| Hard KYC for all users | Drives away 95%+ of users; kills network effects |
| Stake required to play | Excludes the poor; turns a free-to-play game into pay-to-play |
CashPop instead uses a continuous credibility ladder with monotone-increasing marginal Sybil cost.
The economic property
Let α_T denote the reward multiplier for tier T. Let C_T denote the marginal cost to create one new account at tier T. We require:
In words: each tier upgrade increases rewards by less than it increases the Sybil cost. A rational Sybil farmer cannot profit by climbing the ladder; the only economically rational strategy at scale is to accept whichever tier maximizes per-account ROI for an honest user.
The Trust Ladder, priced
| Tier | Multiplier α | Marginal Sybil cost C | α/C ratio |
|---|---|---|---|
| L0 | 0.5x | ~$0 | undefined (cannot redeem) |
| L1 | 1.0x | ~$1.50 (6h opportunity cost) | 0.67 / $ |
| L2 | 1.2x | ~$0.50 hard + L1 cost | 0.60 / $ |
| L3 | 1.4x | ~$1 + L2 cost | 0.45 / $ |
| L4 | 1.6x | ~$5/month subscription + L3 | 0.16 / $/mo |
| L5 | 1.8x | ~$0.50–5 SIM + L4 | 0.18 / $ |
| L6 | 2.5x | $20 KYC + L5 | 0.10 / $ |
| L7 | 3.0x | $40 liveness + L6 | 0.05 / $ |
The α/C ratio strictly decreases as tier rises. A Sybil farmer maximizing reward-per-dollar-spent will rationally not climb the ladder — staying at L1 gives the best ROI per Sybil.
Empirical bot-cost data
We measured grey-market identity costs in early 2026:
- Vietnamese SIM card (low-tier carriers, prepaid): $0.30 per number
- Indonesian SIM card: $0.40
- Filipino SIM card: $0.45
- US SIM card (grey market): $4.20
- UK SIM card: $5.10
- Telegram Premium (resold accounts): $3.50/month
- KYC documents (grey market): $15–30 per identity
- Liveness/selfie spoof: $30+ per attempt, success rate ~40%
These price floors are used to set tier multipliers. As grey markets evolve, tier multipliers are adjusted via DAO governance.
The per-Round Sybil arithmetic
A single L1 account earns approximately:
- 5 POP/day (login) + 10 POP × N_rounds (entries) + 20 POP × M_survived
- Median session: ~10 Rounds/day → ~250 POP/day base
- After Tier1 region multiplier: ~250 POP/day = ~$0.10/day USD equivalent
For Sybil farming to be profitable at L1:
- Marginal cost per L1 account: ~$1.50 (mostly opportunity cost of 6h activity)
- Break-even time: 15 days
A patient farmer who has free labor (i.e., uses bots indistinguishable from human L1) breaks even in two weeks. Reputation Score and anomaly detection extend this to >30 days for most automated farms. At that level, the operational overhead of farm management eats the margin.
Defenses beyond the ladder
The Trust Ladder is supplemented by:
- Reputation Score decay: inactive Sybils gradually lose multiplier (
δ = 0.01/day). - Anomaly detection: ML model trained on commit-reveal patterns flags coordinated bot behavior; flagged accounts face reputation penalty.
- Reveal-rate monitoring: accounts with implausibly perfect reveal rates trigger investigation.
- Geographic distribution checks: a Vietnamese SIM batch logging from Russian IPs triggers a flag.
- Per-device limits: maximum 2 accounts per device fingerprint.
When the model breaks
The model breaks if grey-market identity costs collapse below the protocol's tier prices. We monitor this continuously and adjust multipliers quarterly via DAO vote. The system is anti-fragile in the sense that even a complete failure of the identity ladder degrades to "ad revenue paid to opaque participants" — which is not catastrophic, only inefficient.
References
- Douceur, J. (2002). The Sybil Attack. IPTPS.
- Buterin, V. (2014). Proof of Stake: How I Learned to Love Weak Subjectivity.
- Buterin, V. & Weyl, E.G. (2021). Decentralized Society: Finding Web3's Soul.
- Verbeek, F. & Walfish, M. (2018). Proof-of-Personhood via Pseudonym Parties.