AirDrops and giveaways: what can be the true cost of these gifts?

5 min readApr 6, 2022

If you’ve ever been an active member of a crypto community and wanted to participate in a project in its early stages, you’ve certainly received an airdrop at some point. Projects that are busy getting off the ground will send out free tokens to members of their communities, usually as part of a marketing initiative to spread their tokens and awareness of the project.

New projects will generally host airdrops and giveaways to increase the participation of those that are interested in it. This method ensures that tokens are dropped straight into the wallets of thousands of participants so that the users can utilize them for whatever purpose the platform has intended.

Tokens can be dropped into wallets for various reasons:

  • Participants complete tasks — like following a social media page or resharing an event etc. — to qualify for the airdrop at a specified date.
  • Users that meet certain requirements — like holding an NFT, having a certain balance in their wallet, or holding a specific coin — can receive their airdrop.
  • Participants can claim their tokens from a smart contract based on a snapshot of the blockchain at a previous date.

There are some risks associated with airdrops and the chance of a fake airdrop is always a reality. Sometimes fake airdrops are promoted to gain a user base for a totally different project. It’s important to make sure that when registering that it is an official page and that the project isn’t a front to steal personally identifiable information.

Malicious airdrops usually have some tell-tale signs that can be used to avoid them. For example, a participant will never be asked to pay to participate in an airdrop or share their private key and identity information. Not every project airdropping tokens in your wallet address is a trustworthy entity. A few of these projects are likely to be a scam or front and may fail in actually performing an advertised service. These are usually hosted by crypto scammers who are just standing in line to make a profit.

Are the random drops into my wallet dangerous?

Airdrops are generally quite safe and users need to register in some shape or form to participate. However, unwarranted airdrops might end up posing as a trojan horse for malicious scammers to access a wallet and steal the crypto contained within.

When users find randomly dropped coins in a wallet they did not sign up for they should be cautious. Recently there has been an increase in fake airdrops, and as a rule, users should not interact or swap coins they did not sign up for. In some cases, scammers will airdrop tokens and contact the receiver in order to obtain some personal information before tokens can be swapped. This is most likely a scam and is far outside the bounds of standard practice.

It’s also advisable to never visit the website of a possible scam coin, these websites can be filled with malware and viruses that can target a crypto wallet. Make sure to do your own research (DYOR) before going to private sites that could compromise the safety of a wallet. Recently, many fans of the leading NFT collection — Bored Ape Yacht Club (BAYC) — were scammed by fake airdrops.

Can fake dropped tokens be used to steal from me?

The most dangerous situation with an unknown drop is the opportunity an attacker gets when using the token approve function exploit. This can happen when a dropped coin arrives in a user’s wallet and they rush to an automated market maker (AMM) to sell it. To do it, approval is required for the dApp (decentralized application) to access the token to sell it. By clicking approve, authorisation is given to the dApp and can allow scammers to withdraw funds from the wallet if they gain full access.

Similarly, dusting attacks have gained in popularity as well. This is where scammers send tiny amounts of coins to several wallets. The hackers then wait for users to interact with the tokens by either selling or swapping them. Once that is done hackers can conduct an analysis of all the addresses that interacted with the tokens and attempt to identify the owners of those addresses to extort them.

Can these tokens be removed from my wallet?

Users who have received unwanted or ‘random’ coins in their wallets should not interact with them in any way. This means no swapping, spending, or transferring them, just leaving them there will be the safest option, as a user’s token balance is just a number associated with an address at a contract it’s not possible to remove it; since it’s never really ‘in’ your wallet.

Seeing these coins on a constant basis could become irritating, luckily most wallets have a function to hide them. Most conventional wallets like MetaMask or Trustwallet have an option to delist tokens. Another possible solution, especially if an account is plagued with a scam coin — is to create a new wallet and send the safe coins to that one to ensure their safety and that of your wallet.

Airdrops have become a very popular method for new projects to disseminate their coins and get new users to participate in their ecosystems. Unfortunately, this has become a method for scammers to con users that are unaware of the risks. In the nascent crypto space being aware of risks and DYOR is essential to keep your crypto safe.

This article has been provided by Hacken as part of the security campaign for the PAID Network community.

About Hacken

Hacken is a fully-fledged cybersecurity ecosystem founded in August 2017 by cybersecurity experts, Big Four professionals, and white hat hackers. Hacken provides B2C, B2B, and B2G cybersecurity services to clients belonging to the blockchain, DeFi, and NFT ecosystems from Europe, Asia, and North America.

Hacken in figures:

>800 clients, including THORSTARTER, ConstitutionDAO, XTblock, Paribus, to name a few

>80 partners including Avalanche, Polkastarter, CoinMarketCap, Weld Money, CoinGecko, Solana Foundation, Simplex, to name a few

23/50 top crypto exchanges are Hacken clients

>$10B in users’ assets saved from being stolen by hackers

Strategic goal: get a 20% share in the Web 3.0 cybersecurity market by 2024.

Discord: Hacken

Telegram: @HackenClub

Twitter: @HackenClub

About PAID

PAID Network seeks to redefine the current business contract, litigation, and settlement processes by providing a simple, attorney-free, and cost-friendly DApp for users and businesses to ensure they #GetPAID wherever they are in the world.

PAID technology leverages Plasm to operate on both Ethereum and Polkadot ecosystems. PAID makes businesses exponentially more efficient by building SMART Agreements through smart contracts to execute DeFi transactions and business agreements seamlessly.

For any questions for the PAID network, please feel free to reach out to us on: