Crypto airdrops might sound too good to be true, but they are a legitimate tactic used by companies to amass a fan following. Let’s start with airdrops to learn how this type of fraud works.
Although you may have heard of phishing websites and fake social media accounts that are set up to steal your crypto, you may not be familiar with crypto airdrop phishing scams. They might not be the most common tactic employed by fraudsters to fool you into giving them your digital assets, but that is exactly why you must be wary of these kinds of thefts. Let’s start with airdrops to learn how this type of fraud works.
Airdrops are a promotional or marketing tactic used by relatively newer web3, DeFi, or crypto projects, wherein early adopters are given a certain number of tokens for free.
Each airdrop has varied rules and criteria for users to claim free cryptocurrency. Interacting with the project, tweeting about the new cryptocurrency, or posting on a respectable crypto community are examples of these criteria. Active users, and those who have a particular amount of cryptocurrency in their wallet, are more likely to be chosen for free airdrop tokens.
Many startups offering airdrops send new tokens (their platform’s native tokens) to Bitcoin or Ether holders since they are the largest communities in the market. However, in July 2022, a scammer managed to swindle $8 million in Bitcoin and Ether by targeting Uniswap users through a phishing scheme. The scammer promised a fake airdrop of 400 Uniswap tokens, supposedly worth $2000 at the time. Such types of attacks are referred to as airdrop phishing scams.
Common crypto airdrop phishing tactics
Crypto airdrops might sound too good to be true, but they are a legitimate tactic used by companies to amass a fan following. For example, in March 2023, Arbitrum, one of Ethereum’s largest layer-2 scaling solutions, launched its native ARB governance token and airdropped 11.62 percent (1.162 billion) of the token’s circulating supply to its early supporters.
However, some malicious entities sought to take advantage of this airdrop. These entities attempted to deceive the over-eager community by offering a backdoor for those who were not eligible for the airdrop, and many newcomers fell victim to such tactics.
For instance, on March 19, 2023, auditing firm CertiK pointed out a bogus Arbitrum Twitter account, named “arbitrum_launch”, that was offering fake token airdrops. On the same day, blockchain security firm Redefine discovered a fake Arbitrum website that requested users to connect their wallets for the airdrop.
A scam detection tool later found that over 273 phishing sites were targeting the Arbitrum airdrop to defraud users.
The scam is conducted when one creates a fake website, which appears authentic at first glance. The fake website may even feature a wide range of crypto wallets and trading services. The website then prompts users to manually connect their crypto wallet to claim an airdrop. Users are even requested to submit their seed phrases or private keys. Upon doing so, the website redirects them to a 404 “page not found”, with “sent” in the URL. Although you might think the error prevented your digital assets from being transferred, it has most likely already landed in the scammers’ wallets.
Taking lessons from such incidents, the Metamask crypto wallet service warned users that they should never provide secret recovery phrases to anyone, or enter them on any site. This applies to all crypto wallet users.
In another incident, the NFT project, Bored Ape Yacht Club (BAYC), airdropped its ApeCoin in April 2022. Each BAYC holder received 10,094 tokens, valued between $80,000 and $200,000 at the time.
Around the same period, a scam website emerged, asking visitors to claim up to 10 Bull & Ape NFTs by submitting their seed phrases. Using the same tactic mentioned earlier, users ended up on 404 pages, and their wallet funds were wiped out.
A similar scam occurred when a fake website impersonating Moonbird’s NFT airdrop appeared on the internet around April 2022. When people pointed out the bogus website in the comments, its Twitter account disabled the comment section, stating that it was concerned about user safety. It is unknown as to how many fell victim to this fake website.
Conclusion
Airdrops are primarily introduced by relatively new projects that aim to promote themselves and build a loyal community by giving free tokens to active users. Although it can be tricky to find official social media handles, it is advisable to do your own research and follow “actual” official Twitter accounts, Discord servers, and crypto websites, to find authentic information on airdrops.
Even when the project is authentic, it is essential to research its team, founders, and roadmap, to verify the project’s credibility. This is essential as rug pulls are also common in the crypto space. Some platforms to check for authentic airdrops include CoinMarketCap, Airdrop Inspector, and Airdrops.io.
Credit: Source link
