In the crypto world an Airdrop is an offer to send or drop NFTs or other tokens either freely, as a reward or in exchange for some service. They have commonly been used to promote a collection. The recipient needs a wallet compatible with any NFT and cryptocurrency involved. In return they may receive something as an enticement to invest further. Any ‘gift’ could be a reward for publicising the project through social media such as Facebook shares, re-Tweets, Discord or Telegram activity. As an advertising medium airdrops can be considerably cheaper than websites, whitepapers and videos although all of these will serve to increase visibility and take up of the airdrop. Dozens of current (January 2024) airdrops are listed on Airdrops.io; an aggregate site with the disclaimer ‘we try to list only legit projects we cannot be responsible for any issues or loss due to scam’.
It is not hard to see the potential for scams, offer something for nothing but these are only going to be any use if the recipient can be enticed to hand over some information in return. Ideally this will be access to their wallet including any funds or NFTs inside it. Sending someone crypto coin or tokens should only require that a wallet address (linked to a compatible Blockchain) be provided. It will be easier for the promoter if they can automate the process and leverage smart contracts to distribute rewards; hence any airdrop will almost certainly require connecting a wallet to a remote portal.
The scams work by either dropping a NFT with no warning and including some malicious code linked to that NFT or by engineering the drop through connecting the wallet to a compromised dApp or website which itself will harvest security details for that wallet.
As an example Inferno Drainer can be purchased as an off-the-shelf service providing a boilerplate airdrop scam engine. In June 2023 it was reported to have spawned 1,531 malicious NFTs, targeted 606,414 wallets and stole $1.29 million on the Polygon network. Unlike Ethereum and Solarium; Polygon NFTs can be minted for free and sales costs are based on a % of the sale price. The comparative low cost of Polygon NFTs makes them an attractive choice for scammers and implies that consumers should be particularly aware of airdrops through that medium.
Many wallets including MetaMask have built-in protection against airdrop scams. The MetaMask protection will inspect the metadata within NFTs and flag potential risks but cannot identify all potential risks or protect against phishing attacks linked to the drop.
Airdrop users need to be aware that scammers are out there. These may involve new campaigns or a careful clone of an existing promotion. Sophisticated scams may involve well-designed websites, references and supporting information such as whitepapers all designed to fool the investor. Any NFT that unexpectedly appears in a wallet should be regarded as suspicious. Requests on social media to participate in airdrops should also be carefully considered before signing up. These steps will reduce the risk from connecting a wallet to an airdrop portal.
- Connect a wallet with zero or minimal on-line (hot) crypto currency.
- Do not send crypto currency to the airdrop.
- Do not enter any personal information (especially your private key).