What is sleepdropping?

Tara Annison
3 min readOct 27, 2023
Created with Midjourney

This is the term being used to describe the situation where you’re airdropped a token that appears to be from a legitimate source when in fact it’s fraudulent and intended to direct you to a phishing website.

The term is inspired by “sleep minting” a technique used by scammers to fool people into thinking an NFT was legitimately minted by a celeb and then sent to their address. Only it wasn’t. Instead the scammers mints the NFT directly into the celeb account and includes in the token contract the ability to reclaim it back. This creates the onchain illusion that the celeb minted it and sent it onwards to the scammer’s account, who can then try to sell it for a high price to any unwitting NFT purchaser who thinks the activity is legitimate.

Breaking down the sleepdropping scam …

First the scammer will create an ERC20 token, most often with a name mimicking a well known project or linked to a recent industry event. To make the token look legitimate the scammer will first allocate all the tokens to a reputable address (e.g a crypto celebrity or a smart contract for a project) and then execute a function that triggers the movement of the tokens from this account to their own account. This gives the illusion that the tokens came _from_ the smart contract address/celebrity, when in fact they’ve gone _via_ this contract but originate from the scammer.

It’s important to note here that unlike many other crypto scams this doesn’t result in the direct loss of crypto assets for a user. Instead what’s often accompanied with this transfer, in the token metadata, is a URL directing users to ‘claim the airdrop’ or ‘register the tokens’ or ‘swap the token for [X]’. The URL will be a phishing website with the aim of persuading the user to connect their metamask, sign a malicious transaction and see all their cryptoassets disappear! The illusion of legitimacy via the fake connection to a project or celebrity is intended to help increase the likelihood that the victim will follow this phishing link.

Forta, a detection network, alerted the community to this scam typology back in June of this year when they observed what looked like the official Chainlink smart contract sending scam tokens, but upon further investigations was a sleepdropping attack with the scam tokens going _via_ the Chainlink smart contract.

How to protect yourself from sleepdropping…

  • Always check the contract for tokens you receive unexpectedly and that it’s the legitimate one — cross checking with the project’s official social media channels where possible
  • Be wary of URLs in metadata and always cross check with the project’s social media channels to validate if they have a promotion on, are aidropping and what their official website is
  • When in doubt, and if it feels too good to be true (e.g free money) don’t interact with the tokens!

#crypto #cryptocrime #blockchain #scams #sleepdropping