Fake airdrop scam

The fake airdrop combines social-media hype with a "drainer" smart contract. A fake account impersonates a real project (Arbitrum, Optimism, Uniswap, LayerZero, etc.) and posts a "claim now" link to an airdrop you might believe is legitimate. The site asks you to connect your wallet and sign a transaction.

The transaction isn't claiming tokens. It's granting unlimited approval to a drainer contract that immediately moves your tokens, NFTs, and sometimes stablecoins to the attacker's wallet. Some sophisticated drainers also signal an "operator" approval on staked positions, slowly draining yield as well.

Drainer kits are commercial — sold on Telegram as a service for ~20% revenue share. Inferno Drainer alone reportedly drained over $80M across thousands of victims before retirement.

• Airdrop announcement comes from a brand-new Twitter / X account, sometimes with paid promotion to seem legitimate.
• The URL is a lookalike (e.g., "arbitrum-foundation.app" instead of arbitrum.io).
• You "qualify" without having ever interacted with the protocol.
• The wallet-connect popup asks you to sign a "Permit," "SetApprovalForAll," or "Approve" message — not a normal Transfer.
• The signature dialog looks unusual or shows a contract address you don't recognize.
• The site refuses to work on hardware wallets, or pushes you toward exporting your seed phrase.
• The "claim" window is closing in minutes.

1. Real airdrops are announced on the project's official channels — typed-in domain, verified Twitter, official Discord. Cross-reference at least two channels.
2. Read every signature request carefully. Wallets like Rabby and Trezor Suite warn about high-risk approvals. Pause on any "SetApprovalForAll" or unlimited Permit.
3. Use a burner wallet for airdrop claims. Send only the minimum required ETH/funds. Your main wallet should never touch a fresh claim site.
4. Check tools like Rabby's signature simulator or wallet-blockaid extensions. They flag known drainer contracts.
5. If the airdrop is real, the project will tell you the official claim URL on multiple verified channels. They will not DM you about it.

• Immediately move remaining assets to a fresh wallet generated on a clean device. The compromised wallet is permanently at risk.
• Revoke all approvals at revoke.cash, Etherscan's Token Approval Checker, or your wallet's built-in tool.
• Capture the transaction hash, the malicious contract, and the site URL.
• Report the drainer contract to chain-analytics services (Chainabuse, ScamSniffer).
• Report to IC3 for larger losses.
• Do not trust recovery DMs. They're the same operators.

• Do not sign approvals on sites you found through Twitter ads or Telegram links.
• Do not approve "unlimited" allowances when a finite amount would suffice.
• Do not connect your main wallet to claim sites — use a burner.
• Do not continue using a compromised wallet "until you can move things."

• FTC: reportfraud.ftc.gov — the broadest US fraud intake; reports flow to thousands of law-enforcement agencies.
• FBI IC3: ic3.gov — the right destination when the scam is internet-enabled (phishing, BEC, romance, crypto).
• CFPB: consumerfinance.gov/complaint — for complaints about banks, money transmitters, payment apps, credit cards, debt collection.
• IdentityTheft.gov — if any identity information (SSN, driver's license, account credentials) was shared.
• Your bank or payment platform. Call the number on the back of your card or use the app's in-product help. Time matters — wires can sometimes be recalled within hours; ACH and Zelle are harder but worth trying.