Lost money to a crypto or trading scam? Read this first: UK BASED - If your losses exceed £10,000 then Wealth Recovery Solicitors might be able to help. WRS is partnered with the National Crime Agency and has helped dozens of clients retrieve substantial sums. >> VISIT WRS USA/AUSTRALIA/CANADA - If your losses exceed $10,500 then contact Cybertrace. Cybertrace are a team of investigators specialising in cryptocurrency scams and tracing using custom AI tools. >> VISIT CYBERTRACE
Cryptocurrency scammers are always looking for new ways to bail you out of your hard-earned cash, and fake airdrops are one of the many methods they use to do just that.
Genuine airdrops are a big part of cryptocurrency and are mainly used by companies to distribute free coins to the community to promote new projects and boost trading activity.
However, scammers have taken advantage of the popularity of airdrops and used a number of scam methods to trick people into thinking they are receiving free coins when in reality they are connecting to malicious decentralized applications (DApps) or revealing their private encryption keys.
The two most common airdrop scams currently are:
- Airdrop fishing scams via email and social media messages.
- Fraudulent airdrops occur on self-storage cryptocurrency hardware and software wallets.
Airdrop phishing scam
Phishing is a long-established route for scammers and fraudsters to trick people into giving them sensitive information, and it’s no different from airdrops.
This often takes the form of a malicious link included in an email or social media message, which, when clicked, takes the user to a fake website claiming to offer an airdrop.
When a user accesses your website, several things can happen. You will be prompted to connect your cryptocurrency wallet to a malicious DApp or be prompted to reveal your mnemonic seed phrase or private key to claim non-existent tokens.
Connecting to a DApp gives a malicious smart contract access to the user’s wallet, allowing fraudsters to drain all funds contained in the wallet.
Scammers also use newly created worthless cryptocurrencies deposited in users’ wallets to give the impression that the funds still exist.
Fraudsters can continue to drain funds from victims’ wallets until the malicious DApp’s permissions are revoked.
Some fake airdrop websites claim that users must enter a private key or seed phrase into their wallet to make a claim.
However, anyone with this information can access the cryptocurrency held in the wallet associated with them. The golden rule of cryptocurrency is to never reveal your private keys to anyone.
Other DApps trick users into allowing unlimited token approvals, allowing fraudsters to move cryptocurrencies at will and transfer them to wallets they control.
Scam Wallet Airdrop
Another way to trick people into connecting to a malicious DApp is to send fake airdrops directly to self-custodial cryptocurrency wallets (software or hardware), even if the user has never invested in the coins before.
When a user opens their wallet, they see what appears to be a new cryptocurrency balance associated with tokens they do not recognize.
Clicking on it will give you details on how to claim the ‘coins’, such as visiting fake sites or connecting to malicious DApps.
Either way, the scammer’s goal is to gain control of the user’s wallet before stealing all the cryptocurrency it contains.
If you come across an airdrop in your wallet that involves a token you have never owned and have no knowledge of, do not click on it or interact with it in any way, no matter how tempting it may seem.
Trezor, one of the world’s largest cryptocurrency hardware wallet manufacturers, has a page dedicated to wallet airdrop scams.
Fake airdrop security
The golden rule in cryptocurrency is to never give anyone access to your private keys or seed phrases, regardless of the situation.
Anyone who asks you for this is probably a scammer trying to steal your coins, so never reveal this information, no matter how tempting the offer is.
Additionally, it is important to do your own research regarding any airdrops you see.
A true developer wants as many people as possible to know about their project, so there should be a ton of information floating around online proving it’s real.
Although scam platforms can sometimes be difficult to spot, never connect your wallet to a DApp or website that you are not 100% sure about.
If you cannot verify the origin of the platform, do not grant permission and do not enter any information related to cryptocurrency.