Skip to main content

Anti-fraud and sybil resistance

If we don't solve sybil, the platform turns into a farm. Streamer pools get drained by bot networks, real viewers earn nothing and quit, and the streamer's spend produces zero engagement signal. The whole loop fails.

This page is the layered defense as a framework. We deliberately do not publish specific thresholds, weights, IP-truncation widths, or detection signal lists — every published number is a target an attacker can engineer to sit just under. Streamers and auditors can request the detailed framework under NDA.

The threat model

ActorGoalResources
Solo cheaterRun a small number of alt accounts on their home networkCheap, opportunistic
Click-farm operatorRun thousands of accounts via a small VPS fleetModerate budget, repeat-offender
Industrial sybil networkHundreds of thousands of accounts, rotating IPs, captcha solversFunded; would only hit BitView if rewards > cost
Compromised real accountReal Twitch account whose credentials were stolen and used to claim against a stranger's walletSingle-incident

Our job is to make the cost of farming exceed the rewards available. We don't need perfection — we need economic disincentive.

The defenses, layered

We run eight layers in production. The layer concept is publishable; the exact parameters are not.

Layer 1 — Account age + activity

Linked Twitch accounts must demonstrate organic history: a minimum age, a minimum activity floor in the prior period, and Twitch-side email verification. Brand-new dormant accounts don't qualify.

This kills the trivial "create account, link, farm" attack.

Layer 2 — BTV stake requirement

Linked wallets must hold a minimum BTV balance for accruals to credit. New viewers receive a one-time onboarding bonus (sourced from the 30% viewer-reward emission) that covers the floor on first link.

Sybil networks that want to bypass this acquire BTV at market price × account count, or run distinct Twitch accounts with prior organic history (which Layer 1 already gated). Both are expensive.

Layer 3 — Activity weighting in the accrual loop

Per-tick share is weighted by engagement-quality signals (chat-message recency, badge presence, channel-history bonuses, account age). A pure lurker farming many channels in parallel earns at a fraction of a real engaged viewer's rate.

Streamers can tune this within bounds for their distribution.

Layer 4 — Per-IP / per-fingerprint limits

The frontend and backend share an anti-sybil session token that limits the number of distinct wallets per network range + device fingerprint per period, the number of simultaneous active accruals per fingerprint, and the linkage ratio between Twitch and wallet.

Limits are deliberately not advertised. Real users almost never hit them.

Layer 5 — Slashing for detected fraud

When the fraud-detection pipeline flags a wallet:

  1. Soft flag. Accruals stop crediting; existing balance frozen. No public action. Manual review queue.
  2. Confirmed flag. Wallet's BTV stake is slashed to the protocol treasury. Existing accruals across all distributions are zeroed out. Twitch user-id marked ineligible for re-link for a cooling-off window.
  3. Severe (industrial network). Public on-chain blocklist; all linked wallets and Twitch ids marked permanently ineligible.

The slashable BTV stake is the economic incentive that makes the framework work. Sybil networks now lose their stake instead of just losing access.

Layer 6 — Detection pipeline

We score a wallet against a small ensemble of behavioral and graph signals in real time. High-confidence hits go to soft-flag automatically; medium-confidence hits go to manual review. The exact signals are not published.

Layer 7 — Streamer-side controls

A streamer can configure per-distribution:

  • Minimum BTV stake (raise the floor for extra-strict cohorts).
  • Channel-specific badge requirements (subs / mods / Discord-linked roles).
  • Geographic blocks (for sponsor-specific reasons).
  • Per-viewer cap (prevents any one account from accidentally winning the pool).

Streamers don't need to think about anti-fraud in detail because the platform defaults are sensible. Power users can dial it tighter.

Layer 8 — Compromised-real-account protection

If a user's Twitch account is compromised, the attacker would normally link a wallet they own and farm the legitimate account's accruals.

Mitigations:

  • Wallet signature on every link or relink.
  • Cooling-off period before a linked wallet can be replaced.
  • Public link history visible per Twitch user-id, so the legitimate user notices the unauthorized change.
  • Revocation flow on the frontend that pauses accruals pending review.

What we don't do

  • Require government ID for normal viewer onboarding. KYC only kicks in for Plus-tier streamers and brand sponsors (who are paying funds in).
  • Run real-time face-recognition / proof-of-personhood. Worldcoin- style approaches are an option for later phases if sybil pressure increases, but we don't ship them by default.
  • CAPTCHA every claim. Adds friction with marginal anti-fraud value.
  • Whitelist trusted viewers. The system has to scale to millions of unknown viewers; we can't curate that.

Measuring success

The KPI for anti-fraud is earned-by-real-users / total-earned.

We measure this two ways:

  1. Streamer feedback. They tell us if their pool seems to be going to bots. Streamers see their distribution leaderboard; if it looks weird, they ping us.
  2. Auditable cohorts. We publish (in the quarterly transparency report) the percentage of total earned that went to wallets above a "engaged real user" heuristic. Target: ≥ 95%.

If the ratio drops, we tighten Layers 4–7. The framework is designed to be tunable without breaking onboarding for honest viewers.

Disclosure to auditors and serious streamers

The full anti-fraud framework — thresholds, weights, detection signals, slashing economics, and incident playbook — is available under NDA to:

  • Audit firms reviewing our smart contracts and ops
  • Tier-A streamers and Plus-tier subscribers (so they understand what their pools are protected against)
  • Brand sponsors as part of marketplace onboarding
  • Regulators on request

If you need access, email security@bitview.club.