Airdrop Phishing Scams

Airdrop scams are phishing attacks using fake websites, emails, and social media accounts to trick users into claiming a fake airdrop. This usually entails convincing users into connecting their wallets to malicious smart contracts or sharing their private keys in order to claim the ‘airdrop’, after which the wallet is drained of all its holdings.

Key Takeaways

• In crypto, airdrops are marketing programs that incentivize cryptocurrency enthusiasts to support a project or reward them for their past contributions to the project or related projects.

• Foul players exploit the excitement of cryptocurrency investors to benefit from airdrops in order to trick them into granting wallet access through airdrop scams.

• As airdrops get more lucrative, airdrop scams also get more rampant and sophisticated, from fake profiles to fake websites and phishing emails.

Airdrops appeal to cryptocurrency investors and enthusiasts with the promise of a free reward, where all they have to do is interact with the protocol for the promise of free tokens once the token launches. The promise of airdrops draws new investors to pursue airdrop hunting, but it also gives rise to airdrop scams that trick investors into connecting their wallets to malicious applications and sites that then drain their wallets of all assets. 

What Are Airdrop Scams?

Airdrop scams are built around fake airdrops that don’t exist and are not endorsed by the protocol’s team. But they are more than just this. Airdrop scams are also attempts by scammers to exploit the willingness of investors to participate in incentivization programs, exposing them to security threats that usually result in their wallets being drained.  

In this case, it’s usually a scammer posing as a legitimate protocol or influencer, promoting a fake airdrop portal that requests users to connect their wallets for the airdrop. Usually, these websites look authentic at a glance, matching the real site’s visuals. It may even request for a user’s private key or seed phrase. However, once users connect their wallets to claim the ‘airdrop’, they get an error message, and the contents of their wallets are now transferred to the scammer.

How Do Airdrop Scams Work?

As mentioned above, airdrop scams rely on disguising themselves as a legitimate site to trick investors into dropping their guard and approving wallet permissions (or even sharing their seed phrase). 

Besides promoting a fake site on social media, investors may also encounter airdrop scams when they discover that they have received new tokens (which they didn’t buy), and when they go to a block explorer like BscScan to find out how they got their tokens, they see an error message that attempts to direct them to another site to ‘claim’ those tokens before they can access them. 

Source: https://bscscan.com/tx/0x88e89231b292d4eaae45f84f2f1118841b64a0fc6e71fc5d7a8d55fc8eb0940d

Upon visiting the fake site, users might get phished into entering their seed phrases, which gives scammers control over their entire wallet. Alternatively, users may approve the transaction request that pops up on their wallet once they enter the site without reviewing the full details, giving the page access to unlimited token approvals. Token approvals are usually used by dApps to access and move tokens on your behalf, and even legitimate DeFi protocols may request access to unlimited number of tokens to minimize the need for users to re-approve access to the token every time it’s used. However, once you’ve granted a malicious site access to unlimited token approval, you’re actually giving the site permission to take your tokens, instead of giving you tokens. 

Examples of Airdrop Scams

Let us explore some common airdrop scam strategies and what they entail.

Fake Profile Marketing Airdrop

Celestia just ran an earndrop program, and the launch of TIA has also sparked off a flurry of fake profiles that promise users a final shot at the TIA airdrop. In the screenshot below, a scammer has created a fake profile that looks similar to the real one (although the handles are different: calestiatoken vs. CelestiaOrg).

In this case, potential investors are lured to promote an account or project using fake promises. 

To promote the account, they announced a 10 million TIA token airdrop to 1,200 users who  retweet the post and share their ETH wallet address. By this, the account gains viewership and an overall growth in relevance. It is also potentially the first step in an airdrop token claim scam, where the 1,200 accounts will receive a certain amount of tokens, but in order to retrieve them, they’ll have to connect their wallet to a site. 

This is an outright scam as Celestia isn’t even an Ethereum-based token. Users are unlikely to get the promised rewards and even if they do, the worth is likely below their expectations. 

Impersonation Of Popular Accounts

Another example is one where the scammer copies the appearance of a popular account and attempts to scam unsuspecting investors by promoting fake airdrops. 

The screenshot above shows two accounts, a fake one and the original account. The difference between the appearance can only be detected on close examination of the handle (OilimqioCrypto vs. OlimpioCrypto), and if you look carefully, the fake’s profile picture is framed with a circle while the real account’s profile picture is framed with a hexagon.

The fake account also puts out a tweet with a link similar to the website controlled by the original account. Note the difference between earndrop.io which is the website and eansrdrop.io, the fake website. However, unlike the original website, where registered users have to paste their wallet addresses to find unclaimed airdrops, the fake website immediately prompts a wallet connection. And according to Olimpio, once the wallet is connected, the website scans all chains and detects tokens.

Always check the website address before you connect your wallet and never automatically connect your wallet to any site. 

This scam utilizes the reputation built by Earndrop and Olimpio around airdrops, featuring scam websites and malicious emails that look identical to the original at a glance. According to reports by the genuine account, this has been used to hack into investors’ wallets and steal their crypto assets, and even experienced investors have fallen prey to this phishing scam.

Highly sophisticated actors have been exploiting & attacking Earndrop and Olimpio for months.

Meanwhile, hundreds of users were (unfortunately) drained. Punks, ETH, USDC.

Here I share what we’ve been doing, what they do in retaliation, and how as a user you can protect yourself pic.twitter.com/MfeIpx6RCx

— olimpio (@OlimpioCrypto) October 31, 2023

Fake Airdrop Claim Websites

Many airdrops require investors to verify their eligibility through their wallets to claim their share of the airdrop. Meanwhile, fake airdrops also create fake claim websites, where the names look similar to the real site. 

For instance, the picture above shows two claim websites for the Celestia airdrop. While the website addresses are significantly different, investors who have no knowledge of the original website could fall prey to the fake website that leads to a phishing website, which will then either prompt them to connect their wallet or request for their seed phrase. 

Fake Token and NFT Airdrops

Apart from fake NFT claim sites that scammers use to hack into NFT investors’ wallets, another example is one where the fake airdrop operator sends a fake airdrop to users’ wallets with details on an airdrop and how to claim them.

In the above screenshot, you can see that the names are very similar to the tokens they are supposedly airdropping, although they all feature typos or similar names.. As in the case of fake token airdrops, you could also find some of these NFTs in your wallet. The NFTs have zero value and are only a vehicle to pass on the message of the fake win and claiming process.

How To Avoid Airdrop Scams

With the growth in airdrop scam strategies, there is a need to always be on the lookout for these programs and avoid them. Here’s how you can protect yourself from these scams. 

Do Your Own Research On The Airdrop

Airdrops aren’t secrets; after all, the protocol’s goal is to drive adoption and attract users. Therefore, for every airdrop, there is plenty of information available on the internet, from legitimate websites to social media platforms. 

So before jumping on the airdrop offer, consider taking some time to research on the airdrop requirements, the project, and other investors who are participating in it or talking about it. Always use official sources as much as possible, and only interact with the protocol after confirming the site address (look out for typos). 

Airdrop programs that require you to send any kind of crypto asset before being able to claim airdropped tokens are highly suspicious. This does not include common airdrop tasks like depositing assets with the protocol, or engaging in swaps. 

Your findings will also decide if you simply need to apply risk management strategies while participating in the airdrop program, or if you need to stay away from it.

Verify The Information Source

As we discussed earlier, foul players can create accounts and websites similar to those of genuine projects and use them to spread misinformation on malicious airdrops. Airdrop scams like these are meant to lure investors who don’t verify sources of information before taking the plunge. 

On close examination, you can detect the difference between the genuine profile and the fake one, as the fake profiles and sites usually feature typos. Also, research on the individuals promoting the airdrop, and confirm that they are who they claim to be. While it’s recommended to use these influencers as a source of information, it is not enough to label an airdrop ‘legit’, and the onus is still on you to do your own research.

Never Enter Your Private Keys Or Recovery Phrases

Any airdrop, giveaway program or any program at all that requires you to enter your private keys and seed phrases is an outright scam. Your private key and recovery phrase should be known to you only, and stored offline on crypto steel. Never enter this information on any website, as no legitimate app will ask you for your private keys; this isn’t limited to airdrops but includes every other crypto interaction.

Only Connect Your Wallet On Real Sites

Some airdrops require you to connect your wallet, sign messages, or claim your rewards directly to your wallet. Some others require you to simply enter your wallet address. While the latter might appear less risky, it still calls for you to verify that it is real. And if the token appears in your wallet but is accompanied by an error message that prompts you to visit a site in order to claim it, it’s likely to be a scam.

In all cases, examine the platform carefully to ensure that you are interacting with the correct platform. Note that the fake website usually has the exact appearance of the original website, and the giveaway is usually a typo in the website’s URL.

Final Thoughts

While airdrops are real, airdrop scams are equally real. Sometimes it is hard to differentiate between legitimate and fake airdrops, with even experienced investors falling prey to these. However, in many cases, fake airdrops have telltale signs, where the giveaway is usually in the domain name. We have shared some known cases but also admit that airdrop scams take many more forms and this list is not exhaustive of the forms these scams could take. 

In any case, the simple act of thorough verification could save one from most of these scams. Also, employing risk management strategies in any case could ameliorate the losses should you fall prey. The recommended safety strategies only lessen the chances of falling prey to airdrop scams but don’t ensure 100% safety; therefore risk management should be applied at all times. Having said this, note that this article is only for educational purposes and not financial advice.