How Human Passport Protected Story Protocol’s Airdrop from Sybil Attacks

May 1, 2025

TL;DR:

  • Story Protocol integrated identity verification during testnet, using Human Passport’s Stamps product to filter Sybils early and set a clear precedent against farming.

  • For the TGE, they deployed a multi-layered defense combining Passport’s data services, including machine learning and behavioral clustering, as well as a secondary verification option, Passport Stamps, for borderline cases. This maximized unique human inclusion while blocking clear Sybils.

  • The result: a cleaner, fairer distribution with strong community alignment, minimal friction, and reduced screening costs.

Most incentivization campaigns begin in uncharted territory — where rewards are broadcast wide and filters come later. Story Protocol reversed that norm. Their stance was clear from day one: incentives only work when you know who you're incentivizing.

Instead of waiting for Sybil exploits to emerge, Story integrated identity verification from the start. Partnering with Human Passport, a modular and privacy-first Sybil resistance protocol – they launched a proactive defense strategy, beginning with faucet protection during testnet and scaling into a three-tier Sybil classification framework for their Token Generation Event (TGE). As the protocol scaled, Story took a calibrated approach — expanding what worked, refining what didn’t, and with a key design insight: Sybil resistance isn’t about user resistance.

This case study breaks down how Story used modular identity infrastructure, not just to defend against bots, but to protect long-term trust and community equity. If you're designing an incentivization campaign or preparing for a token launch, Story’s approach offers a clear blueprint for integrating Sybil resistance at the moments it matters most.

About Story Protocol

Story Protocol is a purpose-built Layer 1 (L1) blockchain designed to manage and protect digital assets, specifically intellectual property (IP). It allows users to tokenize IP assets, transforming them into programmable entities that can be seamlessly traded and monetized on-chain. The network is EVM-equivalent, enabling developers to deploy decentralized applications (dApps) directly on its L1 infrastructure.

Why Identity Can’t Wait for Mainnet

Incentive mechanisms solve cold start problems for protocols, but they’re also a double-edged sword where sophisticated Sybil farmers dominate early-stage participation, optimizing for short-term extraction over long-term value. It’s a zero-sum dynamic, the more that farmers exploit the system, the more real contributors are pushed aside. Sybil actors adapt relentlessly, working around filters and turning defense into an infinite loop. Getting ahead of that cycle requires robust identity verification from day one.

Story faced this challenge head-on. During testnet, they needed to protect their faucet from bots and ensure that real users, not Sybil networks, were receiving tokens. As they moved toward mainnet and TGE, the stakes increased. They had to analyze hundreds of thousands of wallets in a privacy-preserving way, segment users accurately, and prevent manipulation of their reward system all without adding unnecessary friction for real participants.

The technical challenge extended beyond wallet behaviour patterns. Story had to account for coordinated behavior across multiple chains, synchronized funding activity, and offchain indicators.

Sybil Resistance by Design

To defend its token launch from exploitation, Story worked closely with Human Passport across multiple phases—starting with the testnet faucet and scaling all the way through to the Token Generation Event. What emerged wasn’t a static filter, but a modular, adaptive approach to Sybil resistance, built on live data, clear thresholds, and continuous feedback between teams.

Securing the Testnet Gauges Early Trust Signals

Story first integrated Human Passport’s Stamp-based identity system to protect its testnet faucet. The requirement was straightforward, a minimum Passport score of 20, ensuring only verified human users could access testnet tokens.

This setup offered early signal on user behavior and helped Story:

  • Immediately filter obvious bots and spam wallets

  • Establish a cleaner, more intentional testing environment

  • Set a clear precedent that Sybil farming would only get harder over time

Scaling Defenses for Mainnet and TGE

With the move toward mainnet and the TGE, both the stakes and complexity increased. Instead of relying on static wallet patterns or basic filters, Story opted for a multi-layered, data-informed defense strategy, provided by Human Passport.

This system categorized wallets into three key groups:

Definite Participants: Wallets that clearly passed human verification, granted immediate access with no extra friction.

Borderline Cases: Wallets that showed ambiguous patterns, neither clearly Sybil nor clearly human. These users were directed to a Custom Passport dashboard to complete additional verification and earn participation rights.

High-Risk Addresses: Wallets identified through clustering, behavioral modeling, and coordination analysis as most likely Sybil actors were excluded from the TGE and ineligible to claim rewards.

To arrive at these classifications, Human Passport supported Story with:

  • Machine learning Sybil classification models trained on onchain behavior across networks.

  • Sybil clustering techniques, surfacing coordination rings based on funding and deposit activities.

  • Actionable raw data + advisory support, including weeks of direct coordination leading up to the TGE.

Rather than enforcing a single rulebook, Story was able to apply audience-specific decision-making, as illustrated below.

Custom Passport: A Humanistic Approach Through Ambiguity

For borderline cases, users whose legitimacy couldn’t be definitively confirmed; Story deployed Custom Passport – a branded and customizable Stamps dashboard. This gave Story the ability to customize the entire secondary verification experience, from adjusting which Stamps were required, to how they were weighted, to how instructions were framed through campaign-specific messaging and calls to action.

Borderline cases-participants interacted with a familiar, Story-branded interface where they could complete additional verifications and progressively build their score to qualify for participation. This wasn’t just a technical filter, it was an effective strategy for false negative mitigation, accounting for the social dynamics that emerge when a community is involved. It offered an accessible path to real humans, while making it meaningfully harder for Sybils to pass through.

A System That Evolved in Real-Time

This wasn’t a one-and-done implementation, rather a feedback loop.

Story continuously evaluated data, refined risk models, and adapted criteria, all in coordination with Human Passport’s team. Even during the TGE window, Story chose inclusion when ambiguity existed, guiding users through lightweight verification steps rather than default exclusion.

Incentives Redistributed

All rewards saved from Sybil filtering were reallocated to real users through Story’s Initial Incentives program. These unclaimed rewards were staked to validators, increasing the incentive pool for future campaigns.

Key Takeaways for Future Airdrop Campaigns

★ Start early. Deploy Passport during testnet to validate identity tooling before scaling.

★ Tailor the experience. Use Custom Passport dashboards to align identity verification with your protocol’s brand and UX.

★ Go beyond surface-level filtering. Leverage onchain data and clustering analysis to detect Sybil networks at scale.

★ Design in layers. Combine machine learning and rules-based detection, while providing alternate verification methods for borderline users to maximize inclusion.

★ Reduce cost. By setting expectations early and deterring Sybil behavior from the start, Story reached the TGE with a cleaner user set, lowering the need for aggressive final-stage filtering and reducing the cost of screening.

Closing Thought

The incentive mechanisms of open blockchain networks are what make them sustainable and what ultimately build ecosystems. But ensuring that rewards reach the right participants requires more than just code. Defining who deserves to be rewarded, and who qualifies as a Sybil, demands a technically sound strategy that also adapts to the social layer: the community itself. Story Protocol’s approach offers a clear template for protocols preparing future airdrops or early incentive campaigns.

Discounting the overall market fall, Story has maintained consistent token prices, where dumping is the most followed suit post token launches.

As more assets are tokenized across blockchain networks, onchain capital allocation will become a defining layer of protocol design. Identity will be the mechanism that makes distribution both efficient and equitable. Human Passport, part of human.tech, is building toward that future to secure these natural digital rights.

Protect your Airdrop

Interested in protecting your own blockchain ecosystem with Human Passport? Contact us to get started!

About Human Passport (formerly Gitcoin Passport)

Human Passport is an identity verification application and Sybil resistance protocol with more than 2M users. It enables users to collect verifiable credentials, or Stamps, that prove their identity and trustworthiness without exposing personally identifying information. To date, Human Passport has protected over $430M in airdrop and grant funds.

https://passport.human.tech

About human.tech

human.tech is a suite of technologies designed to enhance personal freedom, privacy, and financial autonomy. human.tech provides innovative solutions for secure identity, data ownership, and private transactions, ensuring that technology remains a tool for human empowerment.

https://human.tech

Join the identity revolution

These community engagement platforms have integrated Gitcoin Passport so protecting rewards for your community from bots and Sybils can be done in just a few clicks

Proof of Personhood

© 2025 Human Passport part of human.tech.
All rights reserved.

Proof of Personhood

© 2025 Human Passport part of human.tech.
All rights reserved.

Proof of Personhood

© 2025 Human Passport part of human.tech.
All rights reserved.

Proof of Personhood

© 2025 Human Passport part of human.tech.
All rights reserved.