This reminds me of the time that Ripple launched a marketing promotion, giving developers some amount of Ripple to encourage micropayments. They defined "developer" as "someone who has had a GitHub account for 1 year prior to this announcement" to stop folks from creating hundreds of new accounts to claim credits. This essentially created a bounty on existing GitHub accounts and led to thousands of account compromises due to poor password hygiene. GitHub account security is much better now than it was back then (Nov 2013), but this solution similarly puts a bounty on highly-vouched accounts.