How to Avoid Airdrop Scams and Spot Fake Airdrops
Most airdrop losses come from fake claim sites and seed-phrase phishing, not real airdrops. The rules and checklist that keep your wallet safe.
Most people who lose money to "airdrops" never lose it to a real airdrop. They lose it to a fake claim page, a malicious token, or a seed-phrase phishing site dressed up to look official. The airdrops themselves are usually fine. The trap is everything built around them to steal from excited people moving fast. Here is how to not be one of them.
No legitimate airdrop will ever ask for your seed phrase or private key. None. Ever. If anything, anywhere, asks you to enter your 12 or 24 word recovery phrase to "claim," "verify," or "unlock" tokens, it is a theft attempt. Close the tab. Your seed phrase controls your entire wallet, and giving it away is handing over the keys.
Internalize that and you have already dodged the most common drain.
Fake claim sites. A real project announces a drop. Within minutes, scammers register look-alike domains (airdrop-sea dot net instead of the real one, extra letters, different endings) and buy ads so the fake ranks above the real site. You connect, sign a malicious transaction, and your assets leave. Always reach claim pages through the project's official, verified links, never through an ad or a DM.
Malicious token approvals. Instead of asking for your seed phrase, the site asks you to "approve" a token or sign a message. That signature can grant a contract permission to move your funds. Read what you are signing. If a simple claim demands broad approval over your assets, stop.
Dust airdrops as bait. A random token appears in your wallet. Its name links to a website. You go to "swap" or "claim" it, and the real drain happens there. Unsolicited tokens are often bait. Do not interact with tokens you did not expect, and never visit the URL embedded in one.
Impersonation DMs. "Congratulations, you qualified" from a support account, a fake mod, or a cloned founder profile. Real teams do not DM you first to hand out money. Treat every unsolicited claim message as hostile.
Pay-to-claim. "Send 0.1 ETH to receive your 5 ETH airdrop." This is the oldest trick in crypto. Real airdrops never require you to send funds first to receive them.
Before you connect a wallet to any airdrop or claim page, run this:
Scams work on urgency. "Claim closes in 1 hour" exists to stop you from checking. The drop being real does not make the link in your DMs real. Pause, verify through official channels, and if a deal feels engineered to rush you, that is the tell.
Can a token appearing in my wallet steal my funds?
Not by sitting there. The danger is interacting with it or visiting the site it points to. Ignore unsolicited tokens.
Is connecting my wallet to a site dangerous?
Connecting alone is low risk. The risk is what you sign afterward. Malicious approvals and transactions are where funds are lost, so read every prompt.
How do I know if an airdrop is legit?
Cross-check the project's official site, docs, and verified X. Confirm the claim domain matches exactly. If a project is unknown or the link arrived in a DM, assume it is fake until proven otherwise. See what is a crypto airdrop .
What do I do if I already connected to a scam?
Move assets to a fresh wallet immediately, and revoke any token approvals you granted. Assume the compromised wallet is no longer safe.
Related: What is a crypto airdrop , How to qualify for airdrops , and the curated airdrops list .
The safest hunters are not the most paranoid, they are the most patient, and they do not hunt alone. Join airdropSEA, where links get checked and nobody walks into a fake claim site by themselves.
Research, not financial advice. Web3 carries risk, do your own diligence.
Join airdropSEA, the social, caring home for airdrop hunters becoming founders.
New to web3, or want the bigger picture beyond airdrops? Explore web3wikis - how it works, why it matters, and what you can do with it.
Research, not financial advice. Some links are referral links.