What are Giveaway and Airdrop Scams?
A crypto giveaway scam is where the bad actor will offer you some free cryptoassets or promise a multiplied return for some cryptoassets you send them — but then will swipe anything you send them or give them access to. Similarly, airdrop scams will offer to send you some free cryptoassets but will then direct you to a malicious website which will steal from any connected crypto wallets or send you a malicious token which, if interacted with, can result in other assets you own being stolen.
Giveaway scams used to be a popular scam typology for criminals because they appeal to the human desire for free stuff. They reached worldwide media attention during the Twitter Hack of 2020 where various celebrities and internationally renown personalities had their accounts compromised to tweet out a giveaway scam whereby if users sent some BTC to an address, they were promised 2xback. Spoiler: no one got any bitcoin back and the attackers managed to dupe users from across the world into sending over $100,000 worth of bitcoin to them.
Airdrops are becoming a popular scam typology because they also appeal to our desire for free stuff and since there’s been a number of legitimate airdrops from well known projects it makes it an even more confusing picture for crypto newbies who are trying to navigate between the legitimate and the nefarious.
Let’s look into some examples to understand the red flags and how to differentiate between a legitimate giveaway or airdrop:
Example 1 — Near Giveaways
I was added to a Telegram channel called “NEAR Protocol Announcement Official” where the same message was posted every few days, offering $500 worth of free NEAR tokens to the first people who claimed it.
I was also added to another Near related group which had exactly the same name “NEAR Protocol Announcement Official” and whilst this one had a range of messages, the pinned post highlighted an airdrop of NEAR tokens to anyone with a “decentralised wallet”.
Red flags
🚩 I was added to the groups by people I didn’t know and who weren’t official people from the real Near channels I’m part of.
🚩 Comments in the channels were disabled. This is often switched off by projects so users can’t warn others about the scam.
🚩 The websites users were being directed to were not the official Near Foundation website or any Near associated website. The second scam had made more of an effort to dupe users but a quick check of the URL showed that it was tried to direct people to a misspelling of “protocol” — with two “L’s”.
Props to the second scammers who very brazenly included the following message on one of their pinned posts:
“Don’t open the links that are sent to you in PM by various telegram accounts, these are scammers!”
Wow!
Example 2 — XRP Birthday Giveaway
Another day, another scammy Telegram channel that I’m added to. The “Ripple — XRP” channel announced a 2,000,000 XRP giveaway to celebrate XRP’s 10th Birthday. At the current price that’s worth about $1m.
To participate in the ‘birthday celebration’ users were directed to a not-so-official looking website and told to send between 1,000 XRP and 100,000 XRP in order to receive 10x the amount back.
The telegram channel message also included a note to say that participation was open to anyone, “… including those in the United States”. This certainly gave me a chuckle considering the years long legal battle that Ripple Labs has underway with the US Securities and Exchange Commission (SEC) over whether XRP is a security or not.
Luckily the website has already been taken down so no new users will fall for this scam and instead you hit a block screen in Russian, possibly indicating who may have been behind the scam.
Red flags
🚩 I was added to the channel by someone I didn’t know and who wasn’t an official person from the real XRP channels I’m part of.
🚩 Comments in the channel were disabled. This is often switched off by projects so users can’t warn others about the scam.
🚩 The website users were being directed to was not an official XRP website, nor did it even have XRP or Ripple in the domain
🚩 I’m yet to come across any legitimate project which runs a competition where you get back some multiple of what you send them. In 100% of cases I have seen, this has been a scam. DO NOT send funds to an address if they’re promising they will send you back even more, you’re 99.999999% likely to never see that money back again!
Example 3 — Sushi and Doodle Airdrops
Twitter mentions can be a hotbed for people trying to run fake airdrops. They will promise you some free tokens, sometimes linked to requirements like having a minimum token balance, using a certain wallet, or being ‘active’ in the community, but if you follow the links to the claim website you’ll either have your metamask swiped clean, a virus installed on your device or both!
Red flags
🚩 Tweets originate from account which are not the official accounts of the projects they claim to be associated with
🚩 The website users were being directed to include non-standard characters or subtle spelling errors to try to impersonate the real website
🚩 Users tag long lists of unconnected accounts which they don’t follow. Often these lists are in alphabetical order which shows a systematic approach to trying to spread the scam as wide as possible
Example 4 — Twitter Lists
Another common way of executing a giveaway scam is through Twitter lists where a random user will tag you in on a list with a description sending you to a website which will direct you to find funds in exchange for receiving some multiple back. As above for the XRP Birthday scam …. You won’t receive anything back if you send funds across.
Red flags
🚩 I was added to the list by someone I didn’t know and who wasn’t verified or with any notable posting or Twitter history
🚩 The user will often be made to look like someone notable e.g Vitalik but will not be the official account or linked with any official projects
🚩 The websites often include fake transaction ‘proofs’ with tables purporting to show users sending and receiving funds successfully. These transactions are usually either completely fake or randomly picked from blocks that aren’t related to the scam.
In conclusion, crypto giveaway and airdrop scams exploit people’s desire for free assets and whilst these scams might promise free crypto, or to return a multiple of what’s sent to them, instead, they’ll just steal your assets away! So be sure to keep your eyes peeled for the red flags noted in this piece and remember, if it sounds to good to be true (even in crypto) … it probably is!
Originally published at https://www.linkedin.com.
