Despite the abundance of scams, airdrops do not lose their relevance and are widely practiced by various DeFi platforms. Eat quite a few protocols yet without a native token, which indicates the likelihood of many future distributions of “coins out of thin air”.
In pursuit of easy money, scammers are using increasingly sophisticated tactics. As a result, not only inexperienced beginners, but sometimes even experienced market participants, become victims of airdrop scams.
- Airdrops are free distributions of tokens among certain users of cryptocurrency platforms. This is a common tactic in the blockchain industry aimed at attracting attention to projects.
- Unscrupulous market participants are using the hype around the recovering cryptocurrency market for personal gain. By organizing pseudo-distributions of tokens, they create fake websites and accounts of famous personalities, almost indistinguishable from the original ones.
- In the hope of getting “coins out of thin air,” some market participants connect to fraudulent sites and even reveal the seed phrase without thinking about the consequences.
What are airdrop scams?
The rapid development of new protocols and the DeFi segment in general has naturally given rise to a huge number of fake airdrops. Pseudo-token giveaways organized by scammers are aimed at FOMO inexperienced crypto investors and the contents of their Web3 wallets.
Fake sites can look almost indistinguishable from the original ones, and projects can be promoted by, at first glance, real influencers. Therefore, many market participants do not hesitate to approve all wallet interactions required of them, and some even reveal the seed phrase. The result is usually the same: the user completely loses his digital assets by transferring them to the scammer.
“Approvals are commonly used by decentralized applications to access and move tokens on your behalf. Even legitimate DeFi protocols can request access to an unlimited number of coins in order to minimize the need for re-approval […]. But, as soon as you give the attacker’s site access to unlimited permissions, you, in fact, give the right to accept your tokens,” noted CoinGecko analyst Joel Agbo.
In addition to fake sites promoted on social networks, investors may suddenly discover new tokens of unknown origin in their wallets.
To find out where the coins came from, market participants arm themselves with blockchain explorers. But they display an error message with the address of a third-party site, which you supposedly need to go to in order to receive the cryptoassets that “fell from the sky.”
“The user can be tricked by phishing into entering a secret phrase on a website, after which the scammers gain control of the entire wallet,” described one of the scenarios by MetaMask experts.
According to them, another scenario may be more “refined.”
“You go to brand your tokens, a confirmation message pops up in MetaMask. You are approving the transaction without realizing that you are giving the page permission to receive coins,” the researchers explained.
Examples of airdrop scams
Recently, the Celestia platform conducted an airdrop of TIA tokens. Against the backdrop of the distribution, many fake accounts appeared, spreading information about the “last chance” to receive the coveted coins.
The screenshot below shows an example of a skillfully copied Celestia profile on social network X. Only the descriptors are different: calestiatoken (fake) vs CelestiaOrg (original).
In this case, potential investors are lured with false promises. Users “only have 24 hours” to publish an Ethereum address in the comments and then promote the scam resource through reposts.
Thanks to the viral distribution of content, the account reaches the target audience, thus taking the first step towards the successful implementation of the plan. The 1,200 addresses listed in the message may receive a certain amount of TIA tokens, but they will need to connect to the scam site to do so.
Scammers can also imitate popular social media users. For example, copying information from their profiles into X.
The screenshot below shows two accounts – fake and real. The difference can only be detected by carefully examining the descriptors (OilimqioCrypto vs OlimpioCrypto).
If you look closely, there is another difference: the fake profile image is framed by a circle, while the real one is framed by a hexagon.
The fake account also posted a tweet with a link similar to the site controlled by the original profile – eansrdrop.io, which is difficult to distinguish from the real one (earndrop.io).
Unlike the original site, where registered users must enter their addresses to receive distributions, the fake resource immediately requests a connection to the wallet. And, according to Olimpio, after this the scam platform scans the networks and identifies the tokens.
The expert emphasized that even experienced investors suffer from such phishing scams.
Highly sophisticated actors have been exploiting & attacking Earndrop and Olimpio for months.
Meanwhile, hundreds of users were (unfortunately) drained. Punks, ETH, USDC.
Here I share what we've been doing, what they do in retaliation, and how as a user you can protect yourself pic.twitter.com/MfeIpx6RCx
— olimpio (@OlimpioCrypto) October 31, 2023
Many projects offer investors to check their rights to receive an airdrop by connecting their wallet on a special page. In turn, scammers create fake websites with similar names:
For example, in the screenshot above there are two links to go to the “stamp” of the Celestia project coins. Newbies who tend to make hasty decisions may turn to a fake site, which will then offer to connect a wallet or ask for a seed phrase.
Airdrop fraud is also flourishing in the segment of non-fungible tokens.
“If you notice suspicious objects in the NFT tab [Web3-кошелька], that you didn't buy and that look more like advertising than digital art, telling you that you can get a giveaway by clicking on their website link – don't do it. It’s better not to interact with such tokens at all, hide them or add them to the “Suspicious NFTs” list of your portfolio,” shared advice MetaMask experts.
How to avoid running into an airdrop scam?
Cryptocurrency projects usually do not keep information about the future airdrop secret. After all, their goal is mass adoption of the solution being developed, attracting users and developing the community. Each significant distribution, as a rule, is accompanied by a large amount of information about it on the official website and on social networks.
Therefore, before taking advantage of the next opportunity to receive coins out of thin air, spend a little time studying the distribution criteria. It is also advisable to look for reviews from other users who have interacted with the protocol.
Always try to rely primarily on official sources. Use platforms only after carefully checking the links.
New projects usually distribute coins to early adopters of the protocols – those who performed exchange operations, used cross-chain bridges and brought liquidity to the pools of still very “raw platforms”. But be extremely skeptical of campaigns that require you to transfer crypto assets immediately before token hallmarking.
Study projects carefully. The work done will help you choose an appropriate risk management strategy and make it clear whether it is worth interacting with the protocol at all.
Double-check links by checking with official sources of information. The target audience of airdrop scammers is beginners who make hasty decisions. Links to fake sites contain typos that are very easy to miss. You should also double-check the individuals promoting the giveaway to see if they are who they say they are.
Any “airdrop” that requires the user to enter private keys or a seed phrase is an outright scam. Such information should be known only to you and stored offline.
If the branding of a token accidentally discovered in a wallet is accompanied by an error message and a suggestion to visit a third-party site, it is most likely a scam.
In a conversation with Cryplogger, the head of the analytics and research department at HAPI Labs, Mark Letsyuk, talked about how to avoid becoming a victim of scammers. Here are a few of his quotes:
- Always double check the links on CoinGecko and CoinMarketCap. Phishing sites do not get through there in 99.9% of cases. If some kind of scam came across, say, CoinGecko, then this is rather an exception to the rule;
- If some well-known, popular project like Linea or LayerZero distributes an airdrop expected by many, all the big media – The Block, Decrypt, Cointelegraph, CoinDesk, Cryplogger and Incrypted – will write about it within 8 minutes;
- If they wrote to you about the giveaway in private messages or by email, then why would they be chasing you to pour in coins. Such times are long gone – five years ago one would have expected that tokens would be distributed to everyone. Now these are usually retrodrops, and coins are distributed for activity – for the fact that you used some application and/or network. If you don’t know the platform, haven’t used it and are seeing it for the first time, and you are offered to brand an airdrop, think ten times. Projects are not chasing anyone to give away coins;
- Even if the airdrop does not seem fake to you, but they ask you to make some kind of contribution, this is most likely also a scam;
- If you need to connect your wallet somewhere and brand tokens there, you should definitely look at the website. This must be the official website of the project or the resource to which it links. Otherwise, the probability of a scam is close to 100%;
- If you are offered an airdrop in some dubious community – a Telegram group or a Discord channel that you no longer remember how you got into – of course, there is a possibility that the airdrop is not fake. But this probability is quite small. You need to go and check, again, through the official website of the project, whether there is a link to such a community;
- If you already have to brand on some site, then before signing transactions to grant any rights to a smart contract to interact with your wallet, stop, don’t do it right away. Look at the address of the smart contract you are giving approval to. Copy and paste into Etherscan. If some well-known project distributes an airdrop, then the blockchain browser will most likely already have a tag that this address is the official smart contract for marking user airdrops.
Sometimes even experienced crypto investors become victims of airdrop scams, since it is sometimes difficult to distinguish between a real and a fraudulent project – the sites can be as similar as two peas in a pod, as well as the links.
Before participating in any given hand, market participants should carefully review the relevant information, relying primarily on official sources.
Sometimes the cost of the tokens received is so small that it hardly covers the cost of gas spent interacting with the smart contract. If the project is little-known or, moreover, suspicious, the investor should think about whether the risk is justified at all.
Found an error in the text? Select it and press CTRL+ENTER
Cryplogger newsletters: keep your finger on the pulse of the Bitcoin industry!