Some of the people earning your referral rewards don’t exist.
They’re fake accounts referring each other. Or one person with ten logins, referring themselves. Or a script that dropped a referral cookie on a shopper who was going to buy anyway, then collected a bounty on a customer it never sent you. That last trick is called cookie stuffing, and in the biggest case two affiliates used it to skim millions out of eBay’s program before it turned into federal fraud charges.
The techniques are old. What keeps them working is the plumbing.
Your points ledger is a row in a database you own and nobody outside can see. The customer can’t read their own balance. Your finance team can’t audit the payouts without asking someone for an export. Fraud lives in that blind spot, because the trust only runs one way: everyone takes your word for the numbers, and you take the software’s.
A referral program’s whole job is rewarding trust. So it’s a little strange that the payout itself runs on trust nobody can check.
Put the ledger on a public chain and that stops being true. The balance goes from your private claim to a fact anyone can read. That one move, private to public, is where most of the benefits below come from.
“Show me the incentive and I will show you the outcome.” — Charlie Munger
Trust becomes a query
When points live on a public ledger, the customer can check their own balance against the chain. So can your finance team. So can a regulator, if it comes to that. Nobody has to ask you for an export.
This sounds small. It isn’t. It flips the burden of proof. In a normal program, you assert the balance and the customer believes you. On-chain, the balance is there whether you assert it or not. You stop being the source of truth and start being one more reader of it.
Two nice side effects fall out of this for free:
Your liability is auditable. Outstanding points are a real liability on your books. On a public ledger, the total is a query, not a quarterly reconciliation.
The points outlive the vendor. If the SaaS you built on shuts down, a database of points dies with it. An open ledger doesn’t. The balances are still there, still readable, still yours.
Fraud stops paying
Those tricks from the top of the page all exploit the same weakness, and it’s fixable. Traditional attribution decides who gets paid at payment time, reading whatever link or cookie happens to be present. Payment time is the moment to attack, so that’s where the attacks land.
The fix is to decide it once, up front. Bind the referrer to the referred customer at signup, and read that binding when the payment clears. A referral link waved around at checkout is simply never consulted. We tested this in production: a spoofed link at payment time earned exactly nothing.
The same discipline kills double-claims. Replay the same payment through a normal system and it pays out twice unless someone remembered to write the dedup. A contract doesn’t forget. One payment, one payout, deduplicated by the payment’s own digest.
And over-payout gets refused by the code, not by your support team. Try to redeem more points than someone holds and the contract aborts and returns a 409, straight from the ledger. Not a policy your staff has to defend on a phone call. Physics, not paperwork.
You can finally pay an agent, not just a person
Here’s the benefit nobody was asking for a year ago and everybody will want soon.
Affiliate networks assume a human. They want a bank account, a tax form, a mailing address. An AI agent that refers a customer, and they are starting to, has none of those. It has a wallet.
A wallet-native payout doesn’t care whether a human or a program holds the keys. The referral pays out through the same call either way. As agents start doing real commercial work (comparing products, making purchases, sending customers your way), the ability to reward one becomes the difference between a channel you can use and one you can’t.
You don’t have to believe agents will run the economy to see the point. You only have to notice that your current referral stack physically cannot pay one, and that this is a choice baked into its plumbing, not a law of nature.
What it costs, and what it isn’t
The cost is small enough to ignore. Each payout is a single transaction, fractions of a cent in gas. The rules that decide payouts are plain conditions, the shape of “this event pays these points.” No model sits in the loop, so nothing bills you per decision. The same event always pays the same amount, for every customer, every time.
Now the honest part, because a post that only lists upsides is an advert.
This is not a token to speculate on. A good rewards program is closed-loop: points earn and redeem inside your program and nowhere else. That keeps them in the regulatory shape loyalty points already have, which is the shape you want. Transferability between wallets is a dial you can build. We built it and left it shut.
And a blockchain doesn’t make a bad program good. If the reward isn’t worth earning, a public ledger just proves, transparently, that nobody wants it. Munger’s line cuts both ways.
We run this on ourselves
None of the above is hypothetical. ONE’s own rewards program is a public ledger on Sui. It mints in one call, measured at about seven seconds. It pays points on real transactions. Every issue and redeem is a public event you can open and read without our permission.
That’s the tell worth looking for in anyone selling you an on-chain rewards program: not the pitch, the receipts. Ask to read the ledger. If you can, the trust is real. If you can’t, it’s just a database with a blockchain sticker on it.
A referral program works better when the payout is something your customer can check, the fraud can’t forge, and the recipient can be a person or a program. Put the ledger where everyone can see it, and most of the hard problems quietly go away.