This article is part of daGama's weekly blog series exploring the intersection of physical-world experience, on-chain infrastructure, and the future of how people discover and interact with the places around them.

Somewhere on a DePIN coverage map right now, a hotspot is earning rewards for service it has never provided. Its owner asserted a location it isn't at, surrounded it with a handful of other devices they also own, and arranged for those devices to vouch for each other. On-chain, it looks identical to a real piece of infrastructure doing real work. It produces valid proofs. It collects its share of the reward pool every day. And every token it earns is a token taken from someone who actually deployed hardware, climbed a roof, and provided coverage to a place that needed it.

This is the failure mode that haunts decentralized physical infrastructure. The entire premise of DePIN is that you can replace a corporation's balance sheet with a crowd's hardware, coordinated by tokens instead of contracts. The premise is right. But it rests on a single load-bearing assumption: that the network can tell the difference between work that happened and work that was merely claimed. When it can't, the incentive doesn't build infrastructure. It builds a fraud machine.

What a Trust Layer Has to Do

Before getting into what goes wrong, it helps to be precise about what a trust layer actually needs to accomplish, because the term gets used loosely.

A real trust layer does three things. It verifies that the claimed physical work genuinely happened — that the coverage was provided, the data was collected, the storage was maintained — rather than taking the contributor's word for it. It attributes that work to a real, distinct participant, so that one actor can't masquerade as a thousand. And it ties the reward to the genuine value of the contribution, not just to its raw quantity, so that useful work earns more than busywork.

Most DePIN reward systems satisfy at most one of these, and many satisfy none of them cleanly. The whole question of what a trust layer looks like in practice is a question about which of these three a given network has actually solved versus merely gestured at. Whose claims is the protocol believing, and what forces those claims to be true?

The Honor-System Trap

DePIN is no longer a fringe experiment. The sector's tracked token market capitalization has spent the past year roughly in the high-teens of billions of dollars — CoinGecko put it near $19 billion at its September 2025 peak, and CoinMarketCap had it around the same level in 2026 — across more than 250 tracked projects spanning wireless, storage, compute, mapping, energy, and sensor data. Industry trackers have counted well over ten million devices contributing to these networks. Real hardware, real deployment, real revenue from real customers in a growing number of cases.

But a large share of that infrastructure runs on the honor system, and the honor system has a structural flaw that no amount of growth fixes. In most DePIN designs, the reward pool for a given period is fixed. It gets divided among participants according to how much each one appears to contribute. The word doing all the work in that sentence is appears. When the appearance of contribution can be manufactured more cheaply than the contribution itself, rational actors manufacture the appearance.

Helium is the cautionary tale the whole sector learned from. Operators discovered they could override their devices' real GPS coordinates and assert a fake location, cluster their own hardware in a remote spot where it only ever talked to itself, and harvest Proof-of-Coverage rewards while providing zero real-world coverage. Investigators who physically drove through these "high-coverage" areas with wireless scanners couldn't pick up a single signal. A later variant used cheap data-only hotspots to push maximum-size packets through the network purely to farm rewards, with no genuine sensor traffic behind them at all. Because the reward pie was fixed, none of this was victimless. The honest operator providing real coverage to a real neighborhood — the "lone wolf" on the map — watched their slice shrink so that a spoofing farm could take a bigger one.

This is the honor-system trap. The reward looks like it's paying for infrastructure. It's actually paying for the most convincing claim of infrastructure, and claims are cheaper to produce than the real thing.

What Proof-of-Physical-Work Got Right — And Wrong

The answer DePIN converged on was Proof of Physical Work: instead of trusting a contributor's report, make the protocol cryptographically verify that the off-chain work occurred. Helium's Proof of Coverage has hotspots beacon on a schedule and asks roughly a dozen nearby devices to witness each beacon, so the geometry of who-heard-whom either confirms a device's location or exposes it as fake. Filecoin's Proof-of-Replication and Proof-of-Spacetime force storage providers to continuously prove they still hold the data they pledged. The insight was exactly right: trust should be earned through proof, not extended on faith.

The implementation ran into two structural problems.

The first is the spoofability gap. A proof is only as good as the cost of faking it, and clever attackers kept finding ways to satisfy the proof without doing the work. Witnesses could be other devices the same owner controlled. Signal readings that looked suspiciously perfect betrayed simulated rather than real radio conditions. The defensive response became a permanent arms race — community denylists, trust-score heuristics that flag clustered ownership and shared payout wallets, and rule changes like Helium's requirement that high-value hotspots correlate with actual subscriber call records before earning. Every countermeasure provoked a counter-countermeasure. Verification that can be gamed isn't verification yet; it's a moving target.

The second problem is subtler and more damaging in the long run: proving that work happened is not the same as proving the work was useful. A hotspot can provide genuine, verified coverage in an empty field where no one will ever connect. A mapping network can record the same well-traveled road for the thousandth time while the streets that actually need mapping stay blank. A storage provider can faithfully hold data nobody requests. All of this is real work, honestly proven, and economically worthless. When rewards track verified quantity instead of verified value, the network fills up with effort that satisfies every proof and serves no customer.

Both problems share a root cause. The verification proved the act but not its worth, and it proved the wallet but not the person behind it. A trust layer that stops at "did something happen on-chain" will always be one clever exploit away from subsidizing the wrong thing.

What a Real Trust Layer Looks Like

The trust layers that actually hold up share a set of properties that distinguish them from naive proof-of-work schemes.

They verify presence, not assertion. The difference between a device whose location is cryptographically confirmed by independent, disinterested observation and a device whose location was typed into an app is the difference between a fact and a claim. A real trust layer is built so that the cheapest way to look present is to actually be present. Everything short of that is an attack surface.

They bind contribution to a costly, persistent identity. Sybil resistance is not an afterthought; it is the foundation. If creating a thousand fake participants is cheap, every other guarantee collapses. The durable designs anchor each contributor to something that is expensive to forge and to multiply — staked value at risk, hardware attestation, a reputation that took real time to build — so that pretending to be a crowd costs more than it earns.

They measure usefulness, not just activity. Rewards weighted by genuine demand — coverage where people actually connect, data that customers actually buy, storage that is actually retrieved — align the network's growth with the value it creates. The protocol has to be able to tell a contribution someone needs from a contribution that merely passes the proof, and to pay accordingly.

They build reputation that compounds. A contributor who has provided verified, useful service consistently over years has built something a fresh wallet cannot fake: a track record. The strongest trust layers let that history travel and accrue, so the most honest long-term operators become the most credible and the most rewarded participants in the system. A one-time farmer has a transaction log. A genuine operator has a reputation — and reputation is the asset that gaming can't shortcut.

The Physical World Difference

Physical-world contribution is unusually well-suited to this kind of trust layer — arguably better-suited than almost any digital-native domain.

The behavior being verified is inherently resistant to automation. You cannot bot your way into actually being somewhere. You cannot generate authentic local presence without local presence. The verification layer that purely digital systems have to construct from scratch is, in the physical world, partly supplied by physics itself — radio geometry, the friction of moving real hardware to real places, the simple fact that a place can only be occupied by who is actually there.

The value of physical contribution also compounds in a way that synthetic activity never does. A network of verified presence built up over years — operators who have genuinely covered, mapped, sensed, or served the same real places consistently — is categorically more valuable than a swarm of fresh wallets, and it is far harder to counterfeit. The accumulated, verified history is itself the moat.

And the demand is continuous and universal. People rely on physical-world infrastructure and physical-world information constantly, every day, in every place they go. The market for trustworthy, current, locally-grounded coverage of the real world is not a niche. It is one of the most basic and recurring needs there is — which means a trust layer that actually works has no shortage of genuine value to reward.

A trust layer in practice, then, looks like this: presence that is proven rather than asserted, identity that is costly to fake, contribution measured by what it's worth rather than how much of it there is, and reputation that compounds for the people who keep showing up honestly. DePIN's first wave proved that token incentives can mobilize real hardware at real scale. Its next wave will be defined by whether those incentives can be pointed reliably at real work. That is the entire job of the trust layer — and it is why DePIN can't be built without one.

daGama is building the verified discovery layer for the physical world — where real presence is rewarded, genuine contribution compounds over time, and the incentive system is designed for the people who actually show up. Learn more at dagama.world

‍