The Rise of the Airdrop Scams
If you have spent any amount of time trading tokens, such as on Pancakeswap or any AMM or swap, or even participated in any giveaways, your wallet address will be visible to all. Anyone can check the block explorer to see which wallet transacted on the blockchain. While it is not an issue in itself, bad actors can benefit from that and use it in potentially nefarious ways. In order to be extra SAFU while trading any sort of tokens, you should be aware of the following;
You may have noticed in your wallet new tokens that have appeared seemingly out of nowhere. Some may even have similar names to the ones you already own. It is recommended that you check the explorer and the token itself to assess whether or not this airdrop is legit, as some can be part of a scam, a fake marketing campaign or even an exploit and might not even be worth anything anyway. Generally speaking, you should always be the one requesting an airdrop, for security and confidential reasons, in some way or another.
Never Provide Your Details
If someone airdrops you a token and then requires some information or referral, take it as a red flag and stop all communications.
Similarly, if someone you don’t know gets in touch with you and requests your wallet address, personal info or even your private key, do refuse that as well. This is a well known scam that has been going on for some time.
Token Approve Function Exploit
Recently some fake token airdrops have been part of this exploit which uses the “approve” function to authorise all withdrawals from within a given wallet. The way it works is that one person is airdropped some tokens, and then wants to swap them for something else, they then need to visit an AMM or swap, and approve the dApp to access the tokens, which triggers the exploit.
Please be mindful of that and always do your own research beforehand. Use only audited apps like Pancakeswap if you have to absolutely swap coins of unknown origins. Research the contract itself on the explorer and look to see if there’s a Telegram group or a Twitter account on that project which seems legit, for example.
Do not click approve if you are not sure how legitimate the team behind the actual token is, as it will call the approve function.
How To Revoke Access
Regardless of if you have previously ‘approved’ on any sketchy websites in the past, it is always recommended to periodically run a scan that checks to see which websites or dApps your wallet as granted access to. One of my favorite websites to do this is Unrekt.net. When you visit Unrekt, you’ll be presented with all the available “approvals” to revoke. Revoke the approve function when in doubt, it’s easy to always re-approve in the future, if need be.
As always, please do your own due diligence before any kind of operation involving an asset you’re not familiar and DYOR.