In briefPOAP has seen a massive increase in users, but also bad actors who collect POAPs from events they didn’t attend. The app has decided to scale back its operation to reorganize for better security.
In a case of popularity outpacing scale, the blockchain event badge app POAP announced major changes to its business on Thursday night.
The rapid growth in the number of POAP users, combined with the behavior of “a few bad actors,” has led POAP to take a step back.
ok here is the quote about bad actors: “As many of you have likely seen in the Discord and the Telegram, the explosive growth POAP has seen over the last few weeks and months – combined with the behavior of a few bad actors – have left our dev and ops teams fighting a hard battle on two fronts.”
“This is a sad decision for us,” POAP COO Isabel Gonzalez wrote on the POAP Discord server on Thursday, “but in truth, we need to take a step back and reassess how we approach the various issues that come with scale, including security, assuring responsible issuance, quality, content moderation.”
Launched in 2019, POAP (Proof of Attendance Protocol) is an Ethereum-based app that helps event organizers give out attendance badges in the form of NFTs (non-fungible tokens), minted using the ERC-721 token standard. It says it has seen more than 2 million POAPs minted to date, and over 400,000 wallets hold POAPs.
But now POAP is seeing a rise in so-called “POAP farmers,” accounts trying to game the system by collecting POAPs from events they didn’t attend.
In recent weeks, POAP has even seen “DDoS-style attacks on POAP websites and secrets, which claim all the POAPs using automated systems before true collectors have a chance to,” POAP founder Patricio Worthalter wrote in an email to users.
“While we understand that everyone is excited to get POAPs and be involved in the POAP ecosystem,” Worthalter continued on Discord, “spamming requests for codes, secret words, or direct links to claim POAPs for events you did not attend will no longer be tolerated.”
Until now, POAP had been approving the vast majority of requests, but “effective immediately,” wrote COO Gonzalez on Discord, “POAP will no longer be approving events by default.”
POAP will take a two-week hiatus, during which no new first-time users will be approved, with a tentative reopening date for some time in November. Even after the hiatus end, until December 1, only early adopters (POAP calls them “Early Issuers”) who have been approved to create POAPs for past events will be able to request approval through the POAP Discord channel. New users will need to submit their requests through a form on the poap.xyz website.
“After thinking about this for a long time,” wrote Gonzalez in a detailed email sent to event organizers, “we’ve come to the conclusion that we will need to seriously pare back our mass-market offering until we’re able to offer a more secure, user friendly, and reliable product. There will be a cap on the number of codes issuers can request, as well as the delivery methods available, to issuers who aren’t already familiar with the platform.”
Gonzalez did clarify that service for Early Issuers will see as little disruption as possible, and the changes are not forever. To manage the situation, Gonzalez says POAP will be using a verification program for POAP issuers, including Collab.land for access.
Those who received Thursday’s email from POAP also received a code for an “Early Issuer” POAP that will grant them access to a private Discord channel to get updates on how POAP will move forward.
“Thank you for standing with us through this,” Gonzalez concluded the email, “and I’ll see you all on the other side.”