Can you believe what went down in 2023?
We’re talking about over $1.2M in losses washed away in the NFT airdrop phishing scam that shook the Polygon network.
How do you think the attacker was able to pull off this audacious stunt?
Well, here’s the finding: During the investigation by Scam Sniffer, they uncovered a whopping 1,354 fake NFTs lurking on the Polygon network that were pretending to be part of airdrops from projects like ApeCoin, Polygon, and Uniswap.
Now, here’s the trickiest part. Those who received these seemingly legit airdropped NFTs were led to websites tied to Inferno Drainer.
Inferno Drainer is one of those “Scam As a Service” operations responsible for swindling a jaw-dropping $13M in recent times.
It’s absolutely shocking when you realize the scale of this scam and the numbers involved.
Airdrops might sound like easy money, but in reality, getting your hands on those tokens takes dedication, sharp wits, and the ability to spot shady schemes.
Stay tuned as we’re about to shed some light on the ins and outs of crypto airdrops, the scams that might be lurking, and the risks involved. Let’s dive in right inside!
So, what’s the deal with airdrops?
Airdrops are like surprise giveaways in the crypto world. They involve the distribution of small amounts of digital coins or tokens directly to the wallets of individuals. Imagine airdrops as little presents raining down on you, but instead of gifts, they’re tiny bits of cryptocurrency.
These crypto giveaways happen when companies want to tell the world about their new cryptocurrency or DeFi project. It’s like a new shop in town giving out free samples.
To get these free cryptos, you might be asked to do a favor to promote their project or services in the crypto world – think of it like a store asking you to share a cool product on your social media.
Why do companies do airdrops?
Companies use airdrops to attract new users and get people interested in what they’re doing. Second, they use airdrops to thank their loyal customers and keep them around.
But here’s the catch: Some not-so-nice folks use airdrops for scams. They’re like those sneaky tricksters who try to steal your wallet when you’re not looking.
So, airdrops are more than just a chance to score some free tokens; they’re part of the crypto marketing game. Sometimes, they are for marketing, and sometimes, they are part of scams. Let’s uncover more in-depth, including the scam you need to watch out for.
What is the probability that the Airdrop token is a scam?
So, you’ve heard about airdrops – free tokens dropping into your crypto wallet, no strings attached. It sounds like a sweet deal, right?
But before you start counting on airdrop tokens, you need to know that not all airdrops are created equal.
Most genuine airdrops offer relatively small amounts of tokens. The crypto market isn’t a fairy tale, and financial gains without effort are hard to come by. If someone’s offering a fortune for free, it’s time to raise an eyebrow. Let’s talk about the dark side of airdrops.
Remember the Uniswap incident last year? Scammers targeted fake airdrops on Uniswap users, promising a giveaway of 400 Uniswap tokens worth around $2000 each. All the users had to do was connect their wallet to a dodgy website. The result? Two unfortunate victims lost a whopping $6.5M and $1.7M, respectively.
Here’s the attacker’s plot for deceiving users into this scam:
1. Most airdrop scams involve phishing schemes, often targeting users to reveal their seed phrases. It might start with newfound tokens in your wallet, a tempting offer to exchange vague assets for real money (like Bitcoin), and a swap that never happens.
You’ll be redirected to a third-party site to claim your tokens, but the catch is they’ll ask for your secret recovery seed phrase. And if you hand it over, you can guess what comes next – your assets vanish into thin air.
Twitter Source: (4) Uniswap Labs 🦄 on X: “1/ Yesterday, some Uniswap LPs unfortunately fell for a phishing scam, a problem far too common in crypto today. To be clear: there was no exploit. The Protocol always was — and remains — secure. Here’s what happened.👇” / X (twitter.com)
2. But that’s not the only trick up their sleeves. There’s something called a “token approval scam.” It plays on the familiarity with permission prompts, usually seen in decentralized exchanges. If you frequently use decentralized exchanges (DEXs), you’ve likely encountered these prompts to set a spending cap for your holdings or approve transactions.
Here, the users will be asked to confirm a transaction. But the main thing to note here is that while accepting the token permission prompt, the users unknowingly give the page permission to transfer the tokens out, not in.
Even being security-conscious and guarding your seed phrase, by giving the token permission to the dapp (i.e.crypto wallet) to have access to or transfer a particular asset, the users right away end up falling into the trap.
3. There’s another sneaky scam where the scammers kept showering users with tiny amounts of tokens, like 0.01 USDT or 0.001 USDT, and these users were chosen because they were often involved in big transactions.
Now, what made this scam extra tricky was that scammers designed their fake addresses to look almost identical to the users’ real addresses. It was to make users accidentally copy the wrong address from their transaction history when sending funds.
And guess what happened next? Users ended up losing their hard-earned crypto.
So, when it comes to airdrops, free isn’t always free, and being cautious is your best defence.
Seven proven strategies you can put to use for staying Secure
Protecting yourself from airdrop scams is all about staying one step ahead of the tricksters. Here are some savvy moves to help you dodge those schemes:
1. Do your research: Always Google the name, check social media, and look for opinions. If the project is shrouded in mystery, it might be a red flag.
2. Check History: If you’re dealing with a social media account, check its history. A credible history can be a green light.
3. Mind the language: Pay attention to the language used. Legit companies use proper English for marketing. English with grammar and spelling mistakes is a telltale sign of potential scammers.
4. No Donations: If the airdrop promoter asks for a donation before giving you tokens, it’s a big no. Just walk away.
5. Guard Your Wallet Address: Your public wallet address is, well, public. But only share it with trusted sources to avoid exploitation.
6. Use an Empty Wallet: When accepting tokens, use an empty wallet if possible. That way, there’s nothing to steal if it turns out to be a scam.
7. Direct Messages Are Sketchy: If the airdrop provider slid into your DMs claiming they “found” you, it’s likely a scam. Don’t take the bait.
While the promise of free tokens can be alluring, the risks associated with scams are very real. Staying vigilant and well-informed is the key to navigating the crypto space smartly.
We at QuillAudits take Web3 security seriously to ensure the safety and integrity of your digital assets.