What is Airdrop Phishing? (And how to stay clear of it)
Web 3.0 offers a world in which clever consensus mechanisms could build trust between two anonymous individuals who have never met. However, Until we reach that level of safety and trust, as things stand today, the crypto field is suffering from a dubious reputation and is considered fertile ground for money laundering. For instance, OpenSea, the leading NFT marketplace by far, admitted that 80% of the transactions committed on the website are essentially some sort of scam (And therefore, it is essential to select the projects we invest in carefully with caution).
Some scams are less obvious, such as rug pulls of a crypto or an NFT project. Sometimes it is so quick that you can’t even see it coming: If you have never heard of a scam called “AirDrop Phishing,” it is about time to get acquainted with it, so you won’t find yourselves losing a bunch of money and even your entire NFT collection.
What is an Airdrop?
If you are not an iPhone person, there is a chance that you are not familiar with this term. Airdrop entered our lives over ten years ago with IOS7: Airdrop is the name of a file transfer protocol that uses Wifi and Bluetooth. Suppose you want to “Airdrop” something. In that case, you bring two apple devices close to each other and then transfer any file by selecting Airdrop transfer: Without using email or WhatsApp and without using any cloud or storage services.
When the crypto field grew in popularity, the term was borrowed and used as a name for the practice of token giveaways to those who have some affinity with a certain project. For instance, the project could declare that those who enrolled early will be entitled to receive certain Airdrops. For example, in the Bored Apes project, those who held their ape received an airdrop with land in the Other Side, the BAYC metaverse (Land costs thousands of dollars). Airdrop could also be a reward for sharing the project with your friend. Bottom line, Airdrop is a common practice of sending giveaways to a selected group of people.
Airdrop Phishing is a scam designed to cipher crypto tokens that are stored in the victims’ wallets. It could be done in a variety of ways, but the principle is the same: Deceive someone by promising an Airdrop freebie, get access to his or her wallet, and then steal all of the crypto stored there.
You might think: “Well, Crypto wallets are very safe. No one will access my wallet!”. However, as any criminal knows, the biggest security breach everywhere is usually the human tendency to be complacent. For instance, a common Airdrop phishing scam is sending a bogus link (with the promise of an Airdrop, of course) to certain crypto holders: They click on the link and are asked to select their type of wallet and then enter their password. After a confusing loading time, you’ll see some error, like 404 or something, and assume there was an internet problem or something since it’s a freebie. You won’t even think much of it until, of course, you will try to reach your crypto wallet and see that it’s locked.
Another way of Airdrop phishing will suggest you to link your crypto wallet to receive your Airdrop. Many legitimate projects ask holders and others to connect their wallets to receive an Airdrop, so why would they suspect? This kind of scam happened recently on the BAYC project: Someone hacked the BAYC official Instagram account and announced an AirDrop. Ape holders who didn’t suspect a thing clicked on the link, gave their wallet password, and lost their precious ape. The BAYC tried to warn people on Twitter, but some still fell for it. Even actor and comedian Seth Green (You know, from Austin Powers and Chris from Family guy) lost his ape to this kind of scam. The sad part is that he even produced an animated show based on his ape, and since it was stolen from him, he probably won’t be able to air it.
That is why the best way to avoid Airdrop phishing is to simply keep your wallet stored on a “Cold Wallet,” meaning hardware storage that is not connected to the Internet. That way, even if some thief gets access to your wallet, he won’t have anything to steal.