Update: Based on feedback on this post and the WorkLock mechanism, we will be tweaking the model so that the NU tokens distributed are also initially locked. In order to recoup the escrowed ETH and unlock the NU tokens, participants must first stake the locked NU tokens and run a node.

We’ve spent a lot of time examining token distribution mechanisms for NuCypher’s rapidly approaching mainnet launch. In this post, we propose a new model that we're considering called the WorkLock.

To provide context, we’ll first review the limitations of traditional ICO/IEOs as well as two other notable distribution mechanisms (airdrops and Merkle mines). We'll conclude by describing the WorkLock protocol and how we believe it improves upon these options.

The trouble with ICOs

After the ICO bubble in 2017 and the subsequent 2018 burnout, it’s clear that token sales have myriad problems, including:

Speculative intent and network instability

ICOs attract hordes of retail investors expecting immediate returns. In many cases, these are not the ideal token holders. For projects that require a healthy staking ecosystem, it's vital to be deliberate and intentional about getting tokens into the hands of node operators who will ensure the proper functioning of the network. ICOs have no built-in filtering mechanism to achieve this optimal distribution.

Market irrationality and misaligned incentives

ICOs are highly dependent on market conditions. At market peaks, ICOs are dramatically overfunded, raking in 10s or 100s of millions of dollars from retail speculators at network valuations they will never re-achieve. Providing projects an opportunity to cash out before any real work has been done — pre-product, pre-traction, pre-anything — disregards established best practices around staged venture financing. Even projects that don’t exit scam have dramatically misaligned incentives  and can easily become  zombies with perpetually delayed roadmaps, paying rich salaries, but failing to ship anything of note.

Regulatory uncertainty

ICOs risk being viewed as unregistered securities offerings by regulators, most notably the SEC in the United States. The Howey Test states that an instrument is an investment contract if:

“the scheme involves an investment of money in a common enterprise with profits to come solely from the efforts of others.”

Many ICO projects satisfy multiple, if not all, conditions:

  1. ICOs are an investment of money;
  2. The network or token economy is the common enterprise;
  3. And, for projects without a functioning network at the time of the sale, ICOs are intended to fund the efforts of others in building and launching said network.

If regulators determine an ICO was an unregistered securities offering, potential repercussions include fines, rescission, or shutdown.

But even with a fully implemented mainnet (as would be the case with NuCypher and several other upcoming projects), without additional guidance from the SEC, the risk of a sale is not tenable.

KYC deanonymizes network participants

ICOs are strictly regulated by money transmission laws and must implement KYC procedures to prevent money laundering. But this also means that KYC providers have the ability to fully deanonymize ICO participants. For token holders and network participants living in restrictive, authoritarian regimes, this presents a very real physical risk. For example, in Venezuela, Bitcoin miners have been raided, extorted, and beaten by police. It’s unacceptable to place network participants under this sort of risk.

Alternative models

We consider two pre-existing alternative models to be of particular interest: airdrops and Merkle mines.


Airdrops are distribution mechanisms in which tokens are given away for free. While this may seem interesting at first glance — with some people arguing that airdrops are a regulatory compliant way to distribute tokens or to raise awareness and gain adoption for a new token — in practice, they have many disadvantages.

We’ve all likely experienced airdrop spam — the phenomenon of finding random erc20 tokens in our wallet. At best, these tokens are dumped. More likely, they’re just ignored entirely. Moreover, airdrops do not magically make token distributions compliant — many of the regulatory risks still remain (especially so when the airdrops are transparent marketing schemes).

For staking tokens, it’s important that holders have “skin in the game.” There is evidence that, in certain situations, humans place less value on things they receive for free or at a reduced price. If this is the case, airdrop recipients might be less motivated to avoid capital loss via slashing (i.e. the forfeiture of staked tokens in the event of misbehavior), which weakens the game-theoretic protections that discourage misbehavior in adversarial networks.

The Merkle mine

Livepeer pioneered the Merkle mine as a distribution method for their LPT token. LPT is a “work token” (commonly analogized to a taxi medallion) which you are required to stake in order to perform work (in their case transcoding, in NuCypher’s case re-encryption). The Merkle mine requires participants to generate a cryptographic proof and to send that proof to a smart contract in exchange for LPT.

The Merkle mine is a sufficiently difficult technical process that it self-selects for participants capable of staking and supporting the network. Additionally, the Merkle mine is completely permissionless and decentralized: anyone who can submit a proof can participate, but it does require them to opt-in. Finally, because they have to spend gas to submit their Merkle proof, participants have skin in the game.

On the flip side, because of its permissionless nature, it lacks anti-Sybil mechanisms. This can result in distributions that are not uniform and that are biased towards a small set of large participants. Finally, Merkle mines cause congestion on the Ethereum network, consume a significant amount of storage space, are susceptible to front-running, and arbitrarily subsidize Ethereum miners. 

Design goals for an ideal model

For NuCypher, an ideal distribution method would solve for speculative intent, regulatory implications, network deanonymization, market irrationality, and stakeholder alignment while improving upon the Merkle mine to achieve the following goals:

  • Maximize the likelihood of regulatory compliance;
  • Filter for participants most likely to use the token for its intended purpose;
  • Disincentive price manipulation, short-term speculation, and dumping;
  • Be permissionless and decentralized;
  • Provide a viable way to achieve a broad distribution regardless of market conditions.

Introducing the WorkLock

We’ve developed the following proposal, which we’ll call WorkLock. The WorkLock protocol consists of the following steps:

  • Participants in the token distribution escrow ETH into a smart contract where it is locked;
  • In return, they receive tokens;
  • Participants are free to use those tokens however they like;
  • HOWEVER, if participants use the tokens for their intended purpose (e.g. running staking nodes) they will recoup their escrowed ETH after producing some amount for work (this is separate and distinct from any in-network compensation from fees or inflation);
  • If participants choose not to use the token for its intended purpose, they forfeit their escrowed ETH, which is effectively burned;
  • Participants may choose to do more work (after acquiring additional tokens to stake) to recoup their escrowed ETH more quickly.

Benefits of the WorkLock

The WorkLock strongly incentivizes participants to use the token for its intended purpose and gives them skin in the game through their locked ETH. 

The WorkLock maximizes the likelihood of regulatory compliance. Since participants don’t purchase tokens and no entity receives funding, there is no investment of money. Participants are discouraged from speculating and instead incentivized to use the tokens as intended, else they forfeit their escrowed ETH. And if the WorkLock is used in conjunction with the launch of a fully-implemented mainnet (like with NuCypher and several other upcoming projects) there is no reliance on the efforts of others.

The WorkLock is decentralized and permissionless: anyone capable of performing the work can participate. And since participants only give up the time value of their locked ETH, the distribution is likely to work reasonably well in any market condition.

Let us know what you think (+ a disclaimer)

The WorkLock is a new idea and very much a work-in-progress. It hasn’t been approved by any law firm or regulator and may not have the legal/regulatory properties described. Some questions remain. How can we prevent whales from getting a disproportionate stake? Will regulators agree that the WorkLock compares favorably to ICOs? How do we mitigate a rich-get-richer phenomenon, given a whale's cost of capital for their locked ETH is lower than that of smaller participants?

We’re keen to iterate on this proposal with the community, so please let us know your thoughts on Discord, Twitter, or Telegram.

Thanks to the CoinFund team, Yannick Roux (who recently published another notable proposal called  liquid airdrops) and Stefano Bernardi from Semantic Ventures, Ben Perszyk from Polychain Capital, Ryan Zurrer from Web3, Ian from P2P Capital, Nick Chirls from Notation Capital, Amy Sun from Sequoia Capital, Doug Petkanics from Livepeer, Viktor Bunin, and the many others who provided early feedback on this idea.