On-chain reputation signals airdrop teams actually check in 2026

the airdrop meta shifted hard sometime in 2024. eligibility snapshots that used to reward raw interaction counts started getting replaced with scoring models that try to answer a harder question: is this wallet operated by a real person who actually cares about this protocol, or is it one of ten thousand farmed identities running on a script?

if you’ve been disqualified from a distribution you thought you’d earned, or you’ve watched a farming cohort get slashed at the last minute, you’ve already felt the downstream effects of this shift. the problem is that most public writing about sybil detection stays vague, “we use multiple signals,” “we prioritize organic users,” without saying what those signals actually are. this piece is an attempt to fix that, drawing on public post-mortems, researcher writeups, and what i’ve seen running wallets across multiple cycles.

the stakes are higher than they’ve ever been. a meaningful TGE now often involves tens of millions of dollars in initial distribution, and teams know that sybil farmers can extract a disproportionate share if the eligibility model is weak. at the same time, legitimate multi-wallet operators, people with genuinely separate on-chain identities for different strategies, are the collateral damage when those models overcorrect. understanding exactly what gets checked is not just useful for farmers. it’s essential for anyone who wants to operate cleanly and still get credited for work they’ve done.

background and prior art

the concept of on-chain reputation predates airdrops by several years. the early version was simple: wallet age and ETH balance as a rough proxy for skin in the game. Gitcoin used this logic when building out its grants matching system, eventually formalizing it into Gitcoin Passport, a composable identity layer that aggregates stamps from both on-chain and off-chain sources, each stamp representing a verified credential like a Coinbase KYC, an ENS name, or a transaction history threshold. the Passport score became one of the first quantified reputation primitives the ecosystem standardized around.

in parallel, protocols like Proof of Humanity and Worldcoin were working on biometric or social verification as a harder identity anchor, while projects like Talent Protocol started building builder scores that weight on-chain contributions toward open-source work. by the time we hit 2025 and 2026, most serious airdrop teams weren’t building their own sybil detection from scratch. they were composing from a menu of existing reputation primitives, adding protocol-specific signals on top, and then applying clustering algorithms to catch coordinated behavior that individual wallet scores would miss.

the core mechanism

the way a modern airdrop eligibility system works is roughly layered. at the base layer, each wallet gets scored independently against a set of binary and continuous signals. at the second layer, wallets get clustered by behavioral and funding fingerprints to catch sybil rings that individually pass the base filters. at the third layer, some teams apply human review or an appeals process for edge cases. here’s what lives at each layer in practice.

base layer: individual wallet signals

wallet age is still checked, but the threshold has moved. a wallet created in the week before a snapshot announcement is almost universally flagged. teams that published post-mortems after their distributions, including several that used Nansen or Dune dashboards to show their methodology, have referenced 90-day and 180-day minimum ages as common hard floors. age alone doesn’t get you far though.

transaction diversity across protocols matters more than raw count. a wallet with 500 transactions, all of them within a single farming contract, scores lower than a wallet with 80 transactions spread across lending, DEX trading, bridging, NFT activity, and governance voting. the intuition is that a real user leaves a messy, opportunistic trail across the ecosystem. a sybil leaves a clean, repeatable pattern optimized for the target protocol.

gas spend is a continuous signal that’s harder to fake at scale. the actual dollar value spent on gas across the wallet’s history functions as a proxy for economic investment in the chain. teams sometimes use it as a normalization factor: total protocol interactions divided by total gas spent gives you something like an interaction efficiency score, with unusually high efficiency suggesting scripted behavior.

ENS names, Lens handles, Farcaster accounts, and other on-chain social identifiers each add reputation mass. the Ethereum Name Service registration requires payment and wallet activity, which creates a meaningful barrier. a five-year-old ENS pointing to your wallet, with a history of receiving transfers from named counterparties, is a strong signal in your favor. Farcaster and Lens are similar: accounts with followers, posts, and social engagement are expensive to fake at scale.

Gitcoin Passport score thresholds appear explicitly in some published eligibility criteria and implicitly in others. a score above 20 is a common soft requirement. stamps that require KYC, biometrics, or social graph verification, specifically Coinbase KYC, Holonym, and Worldcoin are the heavyweight ones, add more than stamps that just require a linked GitHub or Twitter.

on-chain governance participation, actual voting, not just delegation, is tracked by teams building on top of Tally, Snapshot, or their own governance contracts. a wallet with a multi-year history of voting in governance across multiple DAOs is almost impossible to simulate cheaply at scale, which is exactly why it carries weight.

NFT ownership is nuanced. floor NFTs bought for farming purposes are identified by purchase timing relative to airdrop announcement. the signal that actually helps is older NFTs bought at market price and held, particularly from collections where price and floor aren’t correlated with airdrop potential at purchase time.

cluster layer: behavioral fingerprinting

this is where individual scores stop being sufficient. clustering approaches look for wallets that share funding source, that execute the same sequence of transactions within hours of each other, that use the same contract interaction patterns with minimal gas variance, or that have on-chain graph proximity in a way that implies they’re controlled by the same entity.

the funding source check is the one i see most often cause problems for legitimate multi-wallet operators. if twenty wallets all funded from the same CEX withdrawal address, or all received initial funding from the same OTC counterparty, that cluster gets flagged for review regardless of individual scores. the countermeasure is using genuinely separate funding paths for wallets you want treated as independent identities, which requires planning well in advance of any snapshot. the multi-account operations research over at multiaccountops.com/blog goes deep on funding path hygiene if you want the operational side of this.

transaction timing correlation is the other major clustering vector. if wallet A and wallet B both bridge from Arbitrum to Base, then interact with the same liquidity pool, then vote on the same governance proposal, all within a 15-minute window, that timing pattern is near-impossible to explain as coincidence. sophisticated teams run this correlation check across wallet pairs and graph it to find clusters. the fix is behavioral desynchronization: real randomization in timing, not just a fixed sleep interval in a script.

third layer: appeals and human review

this exists but is inconsistently applied. teams with small distribution budgets don’t have the bandwidth to do meaningful case-by-case review. larger teams sometimes offer a merkle proof or on-chain appeals mechanism. having an ENS, a Farcaster account, and a verifiable history of genuine protocol engagement makes an appeal plausible. farming wallets with no off-chain identity anchor essentially have nothing to appeal with.

worked examples

Arbitrum’s STIP and LTIPP recipient behavior

Arbitrum ran its short-term and long-term incentive programs in 2023 and 2024, and the on-chain data from those programs became a de facto reputation signal for subsequent distributions. wallets that participated in protocols that received STIP or LTIPP grants, particularly those that stuck around after incentives dried up, were treated as higher-quality users in later snapshots. the logic is clear: anyone farming short-term incentives leaves as soon as rewards stop. anyone still present six months later is probably using the protocol for actual reasons. this is a documented pattern in the Arbitrum governance forums and in researcher writeups from Blockworks and The Block.

EigenLayer’s restaking cohorts

EigenLayer published a multi-stage snapshot that explicitly weighted wallet age, restaking duration, and LST diversity. a wallet that restaked ETH via a single LST for the minimum period got a baseline allocation. wallets with multiple LST positions, longer restaking history, and interaction with multiple AVSes got multipliers. the practical difference in allocation between the bottom and top cohorts was substantial. teams have since cited EigenLayer’s approach as a reference model because it rewarded demonstrated commitment over time rather than interaction count at a snapshot moment.

the wallets that got flagged in EigenLayer’s review process, based on post-distribution community discussion on their Discord and the Dune dashboards that researchers published, were predominantly ones with the same LST deposit amount across hundreds of wallets in the same block range, funded from the same CEX withdrawal batch. the dollar amounts were identical, the timing was identical, and the LST choice was identical. that’s a clustering event no individual wallet score would catch.

Uniswap Foundation grants and LP reputation

Uniswap’s grant and incentive programs have increasingly incorporated LP quality signals rather than LP volume. a wallet that provided liquidity in a tight range around the market price, rebalanced in response to price movement, and maintained positions for multiple months reads as a real market maker or yield farmer. a wallet that dropped liquidity at an extreme out-of-range price point, collected minimal fees, and withdrew immediately after an airdrop snapshot reads as a checkmark operation. the difference shows up in realized fee income, position rebalance frequency, and time-in-range metrics, all of which are derivable from Uniswap v3’s on-chain tick data.

edge cases and failure modes

the clean wallet paradox

a wallet that’s been meticulously managed for farming, no dust, no failed transactions, perfect interaction sequences, no exploratory behavior, can actually score worse than a messy wallet with a long organic history. real users make mistakes. they swap into the wrong token and swap back. they try a protocol once and never return. they have failed transactions from gas estimation errors. the absence of any friction in a wallet’s history is itself a signal. this is something i’ve noticed across multiple cohorts: wallets built specifically to look clean often look too clean.

CEX funding fingerprinting at scale

if you’re operating multiple wallets and funding them all from Binance, OKX, or any CEX where the withdrawal address is the same or traceable to the same account, you’ve created a funding graph that clustering tools read immediately. the fix is not just to use different CEX accounts. it’s to ensure that the withdrawal addresses are genuinely uncorrelated on-chain. some teams go further and use OTC or P2P channels specifically to break the CEX funding chain. this is logistically complex, which is exactly why it’s an effective differentiation.

timing synchronization from automation

any script that adds a randomized sleep between transactions is not random enough if the underlying distribution is uniform. production clustering tools can detect uniform random distributions and distinguish them from human behavioral patterns, which tend to cluster around certain hours of the day and show autocorrelation based on the user’s timezone and habits. if you’re running automation, the behavioral pattern needs to mimic a real person’s schedule over weeks and months, not just randomize within a fixed window.

delegation without participation

several teams have started distinguishing between wallets that delegated governance tokens and wallets that actually voted. delegation requires one transaction. voting requires ongoing engagement with proposals, reading documentation, and making directional choices. a wallet with three years of delegation and zero votes is a weaker signal than a wallet with one year of delegation and twenty votes on contested proposals. if you’re building a wallet’s governance reputation, you need to actually vote, not just delegate.

the stamp grinding problem

Gitcoin Passport stamps that can be earned cheaply, like a linked GitHub with minimal activity or a Twitter account with few followers, add noise rather than signal at this point. teams using Passport as an input are increasingly weighting stamps by their verification cost and social anchor strength. a Holonym or Worldcoin stamp representing biometric uniqueness verification weighs more than five social stamps combined. investing in the heavier stamps is higher ROI than grinding stamp count.

what we learned in production

running wallets across multiple cycles in 2025 and into 2026 has made a few things clear. first, the gap between base-layer scores has compressed. most wallets that have been active for six or more months across multiple protocols clear the individual signal thresholds. the differentiation happens almost entirely at the cluster layer now. what this means practically is that operational security around funding paths and behavioral timing matters more than adding one more governance vote or one more bridge interaction.

second, the reputation primitives that actually move the needle are the ones that are hard to fake at scale: biometric verification through Worldcoin or Holonym, on-chain social graphs with genuine followers and interactions, and long-dated liquidity positions with real fee revenue. these take time and sometimes real money to establish. the gap between a well-built wallet identity and a freshly farmed wallet has never been larger, which is both a challenge and an opportunity depending on how early you started building. wallets i built seriously in 2023 with genuine diversity of activity consistently clear eligibility filters that wallets optimized specifically for the farming pattern do not. if you want to understand how to structure the anti-detection and proxy side of operating multiple genuine identities without triggering fingerprinting, the writeups at antidetectreview.org/blog cover the tooling side in detail.

one more observation: the teams doing this well are not just using static snapshots anymore. they’re looking at behavioral time series, how a wallet’s activity pattern evolved over months, which tells a different story than a point-in-time snapshot of holdings and interactions. a wallet that went from zero to heavy protocol engagement in the sixty days before a snapshot announcement is much more suspicious than one where that same level of engagement has been consistent for a year. building reputation is a long game now, and the window for retroactive cramming before a snapshot has closed.

references and further reading

Gitcoin Passport documentation - official docs on the Passport scoring system, stamp categories, and integration guide for protocol teams building on top of it.
Ethereum.org: accounts and transactions - foundational documentation on how wallet addresses, nonces, and transaction history work at the protocol level.
Talent Protocol - the builder score and on-chain reputation layer that several grant programs and protocols have integrated as an eligibility input.
Chainalysis blog on sybil detection methodology - Chainalysis publishes periodic research on address clustering, behavioral analysis, and on-chain identity. the blog is one of the best public sources for how professional-grade address analytics work.
ENS documentation - official documentation on ENS name registration, reverse resolution, and how ENS integrates with wallet identity.

Written by Xavier Fok

disclosure: this article may contain affiliate links. if you buy through them we may earn a commission at no extra cost to you. verdicts are independent of payouts. last reviewed by Xavier Fok on 2026-05-19.