POAP Mobile App Update - More Sybil-Resistant Minting with Secrets Game

The secret is out!

POAP Secrets allow collectors to mint a POAP by inputting a “Secret” word or phrase directly into the POAP app. When the correct word is entered, the POAP is magically minted!

With so many people (and bots) scouring the internet for POAPs, it can be difficult to ensure your POAPs are only collected by those that were actually present and eligible. Our latest app update combats this issue and makes it easier to properly distribute your POAPs when using the Secret distribution method.

Wen Secrets?

As we’ve blogged about, Secrets can be the best distribution method for audio events such as Twitter Spaces and Discord calls. Also check out our previous Discourse post that lays out some best practices and guidelines for using Secrets.

What’s changing (and why)?

The minting process for POAP Secrets has been “gamified.” Now, after someone enters the correct Secret into their mobile app, they will have to play a short numbers game in order to receive their POAP.

There is a two-minute window to complete the game. After perhaps a little trial and error, real humans should have no problem completing the game in time. Bots (or humans trying to use multiple devices), on the other hand, will find themselves wrecked.

POAPs are precious digital collectibles. You should have to put in some work to get one. Now with Secrets, you have to work a little harder. And with that work, you are contributing to the overall health of the Proof of Attendance Protocol by making it more sybil-resistant, and thus a more reliable record of our collective memories.

What about those that can’t complete the game?

POAP is a firm believer in being inclusive to all humans. If you have community members who will have a notably difficult time completing the game due to extenuating circumstances, be sure to request a few additional mint links to give to them personally!

What are your thoughts? Tell us below!

  1. What do you think of the new changes from the perspective of a collector? Of an issuer?
  2. Do you have other ideas for how POAP Secrets could be made more sybil-resistant?
  3. What about general ideas for how to distribute POAPs in a more secure or efficient manner?
  4. Leave any other thoughts you have below; all feedback is greatly appreciated.

It’s very challenging for a disabled person or someone with dyslexia to solve that game .

what do you think of this kind of captchas ?

Also how about instead of solving captcha for each poap claim , solving some specific number of game and captchas like the one above during a week to stay verified to claim poap . what yall think about it ?

you can mix it with gitcoin passport, so the weaker is your gitcoin passport , the more challenges you need to pass weekly .

so by solving games/challenges , user maintain their point above the verification point and if they fall down that point they need to solve that hard game to claim and there will be a lower limit that if they go lower they are not able to mint event with that challenging game

//// EDIT
To give you my detailed idea

1.first step is choosing gitcoin passport or similar products to calculate the base point of user , this is mine
lets say my base point is 50 according to my stamps , and Verification point is 75 . so I need 25 points . the min base point possible is 25

  1. I have to pass some test/games/captchas whenever i had time , to increase my points to 75 .

  2. shortly after I finish a game my points will start decrease until it reaches my base point . The base point will act as a support . my point stays on my base points for some days but If I dont play the game after couple days it will decreases from that too .

I will need to pass extra challenges if I lose my base points .

How will be the user experience :

  1. If points >75 ; I will be able to mint poaps with ease like before
  2. If base point< my points < 75 : I will need to pass the tough game you made to mint poap
  3. If my points < 25 ; I wont be able to mint any poap . no matter what .

Difficulty of games :

  1. Medium to hard ,for points form 75 to 100
  2. Easy to hard, from Base point to 75
  3. medium, from 25 to base point
  4. hard ,from lower than 25 to 25

Rate of decreasing point

  1. from 100 to 75 : non-linear
  2. from 75 to base point : linear, small rate
  3. from base point to 25 : linear , med rate
  4. from 25 to 0 : linear , high rate
  • the user will be able to freeze points for X days in a row in any bracket in case of travelling or any other reason . X will be determined by number of days user maintained the score over 75 historically . user need to pass bunch of games to unfreeze . user will be unable to mint poaps while freezed .

Also if user maintain the points >90 the poaps they mint will be visually difference . like having a colorful ring or being square or having a blue tick !

NOTE All of this should be made in a fun engaging game form not a game that causes headache and stress . So what I mean poap should verify users by their consistency not their quickness in solving a single puzzle .


Hey, I’ll leave my feedback after having tried the new game mechanics.

I played the minigame twice while listening to Twitter Spaces. I like gamification and generally think it’s a good idea to add a minigame to reduce bots or abuse. Few thoughts about the game:

– It’s nice to have more interactivity in the app
– Should reduce bots/multi-account
– Can be used to gather data on suspicious behaviour

– It’s simple but gets boring as it lasts quite long
– It reduces the attention of everyone attending the event
– I once played the whole game and got a “mint limit reached” error which was quite frustrating

The minigame could be more creative or fun:
– Drawing something simple with your finger
– Bubble shooter
– A swiping game with illustrations of bots and human, swipe right to let human in, left to refuse bots

Would be cool if the game has a score system that you can see somewhere in the app. It could even unlock a secret POAP if you got many highscores.


Here is my feedback about the counting game, some observations to bear in mind while designing this next iteration solution:

IMHO is a good tool to combat automated bot farming, and it is also fun.

I heard some people complaining about it taking too much, but I think it does not take more than 20-30 seconds to complete.

Other people complained about the game getting them stressed because ADHD, maybe a good solution could be decrease the amount of digits to make it more simple and maybe the time to complete, but I don’t know, I would like that decision to be based on some metrics with a significant sample.

I also liked how one person instructed other to solve the game:

  • Don’t mind about failed attempts because those don’t penalise your time, just focus in following the numbers in order with a constant rhythm, even if you fail, eventually you will win the game.

Finally, I observed a common issue with people with small phone screens not being able to see all the bubble in the screen thus making it impossible to complete the game, I hope that is a minor technical issue that can be solved soon.

That’s my feedback for now, I may come with more later :slight_smile:


One of our clients said

Checking my messages. Two asking me who from POAP got brain diarrhea and put in the little numbers. Crypto is down. Please remove that. From everything, also from secret. That’s for 4 youngsters and no more. I love POAPs but because of my committment now people are shooting at me.

1 Like

It’s been a long time since I got poap via secret word, and I haven’t played the game, but through the feedback from the community, I probably know what the game looks like, it’s very interesting, thanks to the team for the changes.

1.The App functions are more diverse and interesting
2.It can further reduce the chance of poaps being farmed

Btw I don’t think it’s good to cut the game time very short. 10 seconds seems very reasonable.

It is still can’t completely avoid the possibility of poap being farmed, and the essence of the verification game is not much different from Google’s reCAPTCHA.

I always feel that it is impossible to completely rely on on-chain behaviors for complete identity authentication, and it still needs to be combined with some personal information in real life, but we are a blockchain product, so we cannot ask users to provide too much privacy. I once suggested that poap App add real face verification when claiming, but I don’t support that anymore, because it does violate some crypto spirit.

But this is an idea, how to allow users to provide more verification information without violating personal privacy?

How about using 3D virtual avatars for claim verification in the future?


              Mark Zuckerberg selfie in Horizon Worlds

Is it possible to add a tool to take a 3D virtual avatar for the user in the poap App? Just like zackberg above, it is very similar to him, but not exactly the same. The avatar can be a little more cartoonish, keeping the personal facial features while ensuring the user’s privacy as much as possible.

Each claiming address can only pass the avatar shooting and verification once, and then every time the user claims in the app, the real person and the virtual 3D avatar need to be compared, and if they do not match, the claiming will fail.

This is just my idea, it may not be practical, and it has nothing to do with the game, but we are an open community, any idea can be shared, isn’t it? I hope that more people can participate in the relevant discussions. If I have more ideas, I will share them here.

Wish you all the best in the new year :revolving_hearts:


Hello. Thanks for this question; very useful. The moment you enter the secret word, you are in for getting the POAP. Every further interaction is just a distraction and distances the user from her objective. Every single further click for whatever the goal, small game or captcha or you name it, only frustrates and a certain percentage of users will abandon her quest to get the product, a POAP in this case. The validation should be at the POAP app level, not at the individual POAPs level. And oc the API behind should only accept requests coming from the POAP app. We have in my company specialists for these things bcs we have hundreds of apps and websites and get massively attacked every single day. I could connect you with my people so we help, no money needed at all. To the game in itself: It was definitely poorly tested. I have read that in some mobile screens the numbers are not properly displayed. Besides, it is not inclusive. The motoric speed eyes-brain-fingers gets affected with age and for people > 40 yo many things become a challenge that may be easy for a 20 something. I was onboarding a lady, all was good until it came to that game. I saw her face on screen how she was struggling, she told me later, “It made me feel old and dumb”. Well, we don’t really want this. I also had multiple complaints from unrelated people, even outside my company, and NOT with a drop I made or so, that know I am always propagating POAPs and told me things along the lines, “Your (Mine???) POAPs give me anxiety, what are you doing”. Essentially they are blaming me. I guess this is happening rn to other POAP believers like me. Please remove that game completely and think of something at the app level, again, people at my company may be able to help you on this. We don’t want money, IT services is not our business at all.


In my opinion, the addition of new facilities for POAP distribution is appropriate, and a new method such as email can be added. Of course, a multi-identity control can be performed. A combination of email and Twitter account verification and Google Authenticator can be useful to prevent POAP Hunters.

Of course, control during a meeting is also effective. For example, if a meeting is held on Twitter, the POAP distributor can request to like a specific tweet within a certain deadline, or if a meeting is held on Discord, it can be requested to be done under a react message. Like a simple presence and absence.

Training about these methods should be provided to the POAP distributor in the form of articles and training videos so that the real and unique member of POAP can receive it.

1 Like

I like the concept of ensuring humans are minting POAPS. I have made a few with the game, however, can we adjust the setting so that it is shorter? Is that on the creator at this point with the new in-app game?

I can see how some may feel 2 min is a little long. Some of us mint on the move. When we can’t engage in looking at a screen for 2 minutes. Could you have it pup with an additional word to verify you are human or a quick captcha - face id?

something that makes it stay quick ;

This is so well written and considered! This would significantly remove frustration and damage bot’s ability to farm.

1 Like
  1. What do you think of the new changes from the perspective of a collector?

It seems to be a good method for justice and can largely stop farmers and bots .

Of an issuer?

As a distributor, it will be happy for me because I will be able to distribute the POAP with ease and with more certainty I will separate the loyal and persistent community and also later on with the possible reward distribution based on the POAP do.

  1. Do you have other ideas for how POAP Secrets could be made more sybil-resistant?

Yes, in my opinion, one or two questions from the current meeting can be asked in addition to the secret game , so that by combining them, the possibility of any abuse can be eliminated.

  1. What about general ideas for how to distribute POAPs in a more secure or efficient manner?

It may be possible to play a modulated sound during the audio session, and by recording with POAP and processing it, the POAP app will extract the POAP code and by combining it with the POAP secret, it will achieve good accuracy (from the point of view of sound engineering, it is possible to modulate a code in the sound will exist and can be easily used ) may be Implementation by Morse code .

This is a great way to continuously eliminate farmers, which takes up game time and is a huge hindrance to group mints. if it is possible to confirm the presence of the audience in addition to using the POAP code, that is, without the presence of one person in the meeting, it will not be possible to have a meeting with the app. . In this case, by combining this method with the game, the possibility of minting by farmers is almost zero. In short, we need a profile in the POAP ecosystem to connect wallet’s address, Twitter account, Discord account, etc., and there it is determined which account is related to which wallet, and in this way carefully Upper proof of attendance will be done. The only problem with this method is the presence proof bots, for example, for Twitter, only up to 1000 users can be registered, but this problem can be solved by a special comment at a special time or a special role in a special channel in Discord.
If we manage to implement these 2 things (, game stage and the proof of presence stage) simultaneously, we can completely and with high accuracy remove all fakes


I have a doubt whether someone can still write a bot to break the current captcha.
I assume it is not too difficult for computer vision to read the numbers

1 Like

Hi there!
I suggest you to devise some kind of equational-mathematical questions like “Answer the math question: 2+9= ?” or some verificational questions like “What is the name of your Discord ID in our server”
Thanks for the opportunity!

For the development, more coordination should be done with the projects and the applications of Poap should be explained to the public accordingly

Hey @farzinfara

Thanks for your feedback! Could you be more specific? Do you have any examples to share?

1 Like

Hey @marzbal!

Thanks for your comments and ideas! They’re much appreciated :pray:

1 Like

Hey @lucas

Thanks for your feedback.
Update coming soon to make things a bit easier for collectors :]

Thank you for all the comments @ttix!
We’ll be updating the app soon :slight_smile:

the New Method is Good and i like many farmers and multi wallet cant get this and also you can add something like passport Gitcoin for Poap app to people can verify in web3 .
I guess you can Increase time but have a channelge to dont click incorrect more than 5 for example to someone dont click anywhere to can pass in fast make sure an see what select in Number …
and also like discord can sync with twitter before use secret word they verify in space or discord like degen to know they also in events
another thinks something like Set Devices or Macaddress or something like this to know anyone can connect only 1 wallet to their device and when they want change its take for example 1days or 2 days to they cant change immidiatly !!!