Airdrop Phishing is the New Black. Here is How to Stay Safe
In the world of cryptocurrencies, airdrops are a great way to garner attention and launch new projects. Especially since Dapps and Web3 are on the rise, bringing new crypto users into the space at lightning speed.
Time and again, companies and organizations announce that a certain number of coins will be given away for free in return for a small favor. Such as spreading the word on social media.
Last year alone, Instadapp, one of DeFi’s most popular portfolio management tools, airdropped 11,000,000 INST tokens to Maker DAO, Compound, and Aave users on Ethereum and Polygon, making all of them just the tiniest bit richer and happier.
Sounds good, right?
And it makes sense why.
Free money is always attractive, -- and scammers are well aware of that, which is why airdrop phishing is gradually becoming the new black. In practical terms, it means only one thing: your money is at risk of being stolen at any time as receiving airdrops requires having a wallet that often has some crypto in it.
Accordingly, if you want to participate in an airdrop, you will have to connect your wallet to Dapps, which could spell trouble for you. Here is what MetaMask, which describes itself as a crypto wallet and gateway to blockchain apps, has to say on the issue: “Be careful about which Dapps you connect to, and what permissions you give them. Certain types of transactions require granting a Dapp permission to access your funds–infinite amounts of your funds. In fact, there have been cases of Dapps being created specifically with the intent to defraud users and steal all of their funds once they’ve granted this kind of access.”
To help you stay clear of any possible danger, here is a wrap-up of some signs that you should be on the lookout for if you are planning to participate in an airdrop anywhere soon.
First off, legitimate airdrop projects never ask you to chip in, invest or donate. The entire idea behind an airdrop is for you to receive a certain proportion of coins for free, not to pay to receive it, even if the sum in question is a minor one.
If you see a request like that, just report it and tell your friends and the community not to fall for it. It is almost certain that you will lose all your hard-earned cash in these airdrop-based ‘pump and dump’ schemes.
Another huge red flag you should be aware of are the attempts to elicit your login/recovery phrases. Whenever you spot a project that wants you to share with them the equivalent of your credit card pin, you need to give it some bad publicity immediately. Remember: Under no circumstances is it acceptable to share such sensitive data with third parties because you are guaranteed to go crypto bust in a split second.
Likewise, do not easily fall for projects that want you to connect your wallet to them. The site below, for instance, offers you to “Claim reward bonus/Airdrop”. The problem with it is that it is just too good to be true as it features a galore of crypto, meaning that it is highly likely that you will find the one you are looking for. And that is exactly what the scammers want: to engage as many users as possible.
Things start to get hot the moment you click on one of the cryptos, with the site telling you that since an error has occurred, you are now required to fill out information manually, including your phrase, private key, or keystore. You will then be taken to a 404 Page not found containing “sent” in the URL.
If you give them that information, then we have very-very bad news for you.
However, not all sites are as creative in their ways. Some focus exclusively on one wallet only, like the one targeting MetaMask users, asking for your “secret phrase.”
If you are a big fan of the Ape Coin or the Bored Ape NFT, then you will be “exhilarated” to find out that the scammers have already penetrated that niche as well. Just recently, they managed to steal close to $3 million worth of Ape NFTs via an Instagram compromise.
But there are other attempts as well. Such as the one below, which asks all hopefuls to claim up to 10 Bull & Ape NFTs before enquiring about a variety of password/recovery phrases.
Airdrop phishing may take place anywhere around the web, not just some dedicated sites that pop out of the blue. Many ads are posted on popular social media like Twitter, so it always makes sense to scrutinize the handles behind them and make sure they are verified. If not, then it is better to stay away from them.
However, not all is doom and gloom when it comes to receiving crypto for free. Many airdrops are legitimate and genuinely want you to get involved and receive some coins on them. For instance, in March, Yuga Labs, the company behind the Bored Ape NFT and the Ape Coin airdropped 150 million ApeCoin tokens via MetaMask.
So, to wrap it all up, the most important part when it comes to airdropping is to double-check the sites, ignore all the dodgy requests, especially login and recovery keys, and always keep in mind that the scammers are not that bright. Most of the time they are just good at capitalizing on your inattentiveness, naivety, and greed.
Happy airdropping.
Source: blog.malwarebytes.com
Source: blog.malwarebytes.com
Source: blog.malwarebytes.com