Cryptocurrencies are becoming more widely adopted owing to the rapid gains achieved by most crypto investors. It has also increased the desire for cryptocurrencies by even more individuals. With the ever-growing number of new coins, it can be difficult for crypto investors and traders to keep track of these new projects. As such most crypto projects offer airdrops to stand out and increase awareness. However, while everyone loves free crypto, airdrops are not always legit. 

What is an Airdrop

Generally, a crypto airdrop is a marketing strategy employed by cryptocurrency startups or projects to increase adoption and awareness of their project.

It sometimes involves distributing their native cryptocurrency token directly to the active users' wallets for free. Most times, however,  users have to complete simple promotional activities before they can qualify and claim an airdrop. Examples of these activities include following the project's social media accounts and sharing their posts.

Airdrops are free coins, and because of the attraction of free money, many investors would often sign up for airdrops. However, this has also attracted fraudulent minds who use tactics like airdrop phishing to scam people of their crypto assets. 

What is an Airdrop Phishing 

Phishing is a type of cyber attack where a malicious actor poses as a reputable entity or business to deceive people and collect sensitive information - such as credit card details, usernames, passwords, etc. In this case, these scammers use scam airdrops to lure unsuspecting crypto investors and collect sensitive information such as their  wallet seed phrases and private keys. 


How Does Airdrop Phishing Work? 

Airdrop phishing is quite a popular tactic presently as it has emerged alongside the explosion of Web3/NFT popularity.  Scammers use several methods to conduct airdrop phishing scams, including: 

Bait and Switch

This type of airdrop campaign works by airdropping fake tokens that have no real value into victim wallets and enticing them to visit specially-crafted malicious websites. When users attempt to interact with the airdropped tokens by transferring them to a Decentralized Exchange (DEX), they are presented with an error message encouraging them to visit another malicious phishing website. 

The website presents users with a Decentralized Application (DApp) interface supposedly meant to connect their wallets and approve trading of the airdrop tokens. However, when users approve any transactions on the phishing website,  they are unknowingly approving a transfer of their personal cryptocurrencies to the scammer.

Private Key Scam

These airdrop scammers lure people to their websites by showing users huge USD exchange rates for their fake tokens.  They then provide a website showing people lucrative offers to take advantage of but when the user tries to claim these offers, they are redirected to a page where a series of notable wallets are displayed for them to click on and connect wallet. 

 When they click on their wallet of choice, an error 404 is displayed.  They’re then asked to connect their wallet manually which leads them to a page with a series of prompts asking them to connect their wallet by providing their seed phrases or private keys. 


How to Avoid Airdrop Phishing Attempts 

When it comes to airdrop phishing, the name of the token may change but the tactics remain the same. Thus, it is important for crypto investors to protect their holdings with the following measures:  

  • Be wary of airdrop tokens received from an unknown source. These unsolicited tokens are likely part of a phishing campaign.
  • Do not visit or connect self-custody wallets to any websites advertised by airdropped tokens through error messages, token names, or other methods.
  • Do not interact with airdropped tokens (e.g. approving, transferring, swapping, etc.). As annoying as it sounds, it’s best to just leave them sitting in your wallet.
  • Do not hold high-value assets in the same wallet used to regularly interact with DApps. 


Be careful out there when  hunting airdrops. Each time a phishing technique is exposed, scammers come up with new techniques.