Crypto scammers are always looking for new ways to relieve you of your hard-earned cash and fake airdrops are one of the many ways they use to do this.
Genuine airdrops are a large part of the cryptosphere and are used by companies to distribute free coins to their communities mainly to market new projects and stimulate trading activity.
However, fraudsters have capitalised on the popularity of airdrops and employ several different scams which trick people into thinking they’re getting free coins while actually getting them to connect to malicious DApps (Decentralised Application) or reveal their private crypto keys.
The two most common airdrop scams currently are:
- Airdrop fishing scams via email and social media messages.
- Scam airdrops in self-custody crypto hardware and software wallets.
Airdrop phishing scams
Phishing is a long-established route for fraudsters and scammers to trick people into parting with sensitive information and its not different with airdrops.
This often takes the form of a malicious link embedded in an email or social media message which, when clicked, takes the user to a fake website which claims to offer an airdrop.
Once the user is on the website a couple of things may happen: Either they’ll be prompted to connect their cryptocurrency wallet to a malicious DApp or reveal their mnemonic seed phrase or private keys in order to claim the non-existent tokens.
If they connect to the DApp a malicious smart contract will open up access to the user’s wallet meaning the scammers can drain all the funds it contains.
Scammers also use newly created, worthless cryptos deposited in the user’s wallet to give the impression that funds are still present.
The scammers can continue to drain any funds that go into the victim’s wallet until the malicious DApp’s permissions are cancelled.
Some fake airdrop websites claim that the user needs to enter the private key or seed phrase to their wallet in order to make their claim.
However, anyone with this information can potentially gain access to any crypto held on the wallet they relate to. It’s a golden rule in crypto to never reveal your private keys to anyone.
Other DApps trick users into allowing unlimited token approvals which allow the scammers to move your crypto at will and transfer it to wallets they control.
Scam wallet airdrops
Another method of tricking people into connecting to malicious DApps is by sending fake airdrops directly to self-custody crypto wallets, either software or hardware, even though the user has never invested in the coins before.
When the user opens their wallet they’ll see what appears to be a new crypto balance relating to a token they don’t recognise.
If they click on it, they’ll be given details of how to claim the ‘coins’ which will either involve visiting a fake site or connecting to a malicious DApp.
Either way, the aim of the scammers is to gain control over a user’s wallet before draining it of all the crypto it contains.
If you find an airdrop in your wallet relating to a token you’ve never owned and have no knowledge of, do not click on it or interact with it in any way, however tempting it might seem.
Trezor, one of the largest manufacturers of crypto hardware wallets in the world has a page dedicated to wallet airdrop scams.
Fake airdrop security
A golden rule with crypto is to never give anyone access to your private keys or seed phrase no matter what the circumstances.
Anyone who asks you for this will be a scammer intent on stealing your coins so never, ever reveal this information no matter how tempting an offer may be.
Also, it’s vital that you do your own research relating to any airdrop you see.
Genuine developers want as many people as possible to know about their project so there should be a plethora of information floating about online which proves it’s genuine.
Never connect your wallet to a DApp or website that you’re not 100% sure about even though it’s sometimes difficult to spot the scam platforms.
If you can’t verify the origins of a platform do not grant it any permissions or enter any information relating to your cryptoassets.
