Author

Topic: [Scam Alert] Beware of Airdrops that will drain tokens out of your address. (Read 240 times)

legendary
Activity: 2422
Merit: 1083
Leading Crypto Sports Betting & Casino Platform
Wow, this is a new one, one thing am still yet to wrap my head around is how this scammers and hackers come up with this strategies, this is really mind bugging, makes me wonder if we really can ever get rid of this scammers and hackers, one would have thought that as crypto is advancing in tech, this bag eggs will run out of ideas on how to operate, but it seems that as the technology advances, they are also coming up with new ideas.. Really pathetic.

So sorry to those that are already a victim to this, I personally don't pay much attention to airdrops anymore cus 99 percent of them are either scam or an unserious project.
legendary
Activity: 2618
Merit: 1181
I agree with the advice about avoiding airdrop. To be honest I've been doing it for quite a while and I'm even ignoring everything shared by the telegram and Facebook communities. While it seem that some airdrop are also profitable, I prefer to stay away simply because I want to prevent scam. Using a new address to join the airdrop might be a workaround if they still want to do it, but it's better to avoid it than risk it.
jr. member
Activity: 57
Merit: 17


I checked my metamask wallet and found many tokens that I had never seen before. They usually exist as integers and are of high value. I don't know what they are. I'm curious

Damn, you can retire, sipping a glass of martini with those values.

Jokes aside, if you don't join airdrops or sign up for those things, ignoring them is the best option.
lol, brother, I also want to retire early. I checked the contracts of these tokens. They can only buy but not sell. This is obviously a scam. Another suspicious point is that these tokens are usually owned by millions of coin-holding addresses.



I guess you also have these tokens in your bsc wallet, but you haven’t found it yet.
hero member
Activity: 2254
Merit: 537
My passive income eBook @ tinyurl.com/PIA10


I checked my metamask wallet and found many tokens that I had never seen before. They usually exist as integers and are of high value. I don't know what they are. I'm curious

Damn, you can retire, sipping a glass of martini with those values.

Jokes aside, if you don't join airdrops or sign up for those things, ignoring them is the best option.
jr. member
Activity: 57
Merit: 17


I checked my metamask wallet and found many tokens that I had never seen before. They usually exist as integers and are of high value. I don't know what they are. I'm curious
legendary
Activity: 2380
Merit: 5213
I have never encountered this type of fraud before and did not even allow such a possibility of stealing money from a wallet without gaining access to a private key.
From my understanding, the hacker didn't withdraw ETH from victims wallet directly. So, the hacker didn't need the private key at all.
Those who lost their money had deposited their coins/tokens to the liquidity pool before. The bug allowed the hacker to deposit fake assets worth zero and extract real assets from liquidity pool instead.
legendary
Activity: 2268
Merit: 1655
To the Moon
I have never encountered this type of fraud before and did not even allow such a possibility of stealing money from a wallet without gaining access to a private key. And I don't fully understand how the THORChain vulnerability can affect the ability to withdraw ETH from the wallet.
legendary
Activity: 2268
Merit: 1379
Fully Regulated Crypto Casino
Once the victim tries to authorize the airdropped token in order to exchange it, the victim’s address instantly gets drain off other tokens if they available in the same address. In other words, the hacker will transmit tokens from your wallet to his address without needing any private keys or seeds.
Damn if there is an exploit like this then its the most dangerous one cause the hacker doesnt need the seed phrase or private key in order to move tokens to his wallet.

Thats so scary and somehow I find it hard to believe that an exploit with this method could exist.

3. If you receive a questionable token in you address yet you never participated in any airdrop program, abandon the address and move your tokens to a fresh one. Do not move the suspicious token to an exchange and try to exchange it with the other tokens still in the wallet.
I think its fine as long as you dont transfer those spam tokens somewhere cause its normal that we received some tokens randomly especially thsoe accounts with multiple transactions.
staff
Activity: 1316
Merit: 1610
The Naija & BSFL Sherrif 📛
This type of scam is very famous on Facebook and you see thousands of wallet addresses in the comment section, waiting in line to be scammed. How can a company decide to airdrop a token to your wallets without you working for them? They are not fools a legit project must make you work for them before you get a token. I stopped participating in airdrops a long time ago when they started asking for an email address, most of these email addresses are sold to scammers, sometimes they send a phishing link to these email addresses to get hold of our private keys.


Free money does not exist anywhere, money is the most difficult treasure to find.
legendary
Activity: 2702
Merit: 4002
This is the first time I have heard of such scam, but from what I understood from this article[1], the case includes only THORChain Decentralized Liquidity Network and not all the addresses.
I wonder about those who are looking for wealth from Airdrop, you need to be lucky to achieve a good amount and luck is not always happy, it is wrong to try to achieve wealth in this way.

In general, the tips above are ideal, and the rule remains that even altcoins are not as safe as Bitcoin, and most of them are not good investments in the long term.

[1] https://www.coindesk.com/thorchain-8-million-exploit-bifrost
sr. member
Activity: 1106
Merit: 310
Some hours back, there are users who have lost funds due to a scam airdrop that exploits Thorchain's code base

In this sort of attack the hacker airdrops the malicious tokens to several addresses of the would be victims. In this case the malicious token that was airdropped was UNI Holding (UniH) tokens

Once the victim tries to authorize the airdropped token in order to exchange it, the victim’s address instantly gets drain off other tokens if they available in the same address. In other words, the hacker will transmit tokens from your wallet to his address without needing any private keys or seeds.

Around 2,500 ETH was lost due to the attack
Some traders also lost RUNE tokens

Ways to avoid Airdrop scam losses

1. Avoid participating in airdrops at all and giving out your sensitive details like email addresses and wallet addresses

This I think is the safest way to avoid scams and letting hackers get into your accounts, by far, airdrops might give you a chance to be a millionaire but if you have already built your portfolio, from investing to other coins, why not just focus on those and keep distance from the airdrop.
but if you really want to get airdrops badly I think you make a separate email and wallet for those things, just to be 100% safe,
also this one is an old trick but always scam people email links always read where it came from and never ever open it just delete suspicious emails, change your password immediately.
legendary
Activity: 1652
Merit: 1208
Gamble responsibly
I have never heard about this kind of airdrop scam before, the hackers will send a token to victims address (like ethereum address), if the victim wants to exchange the airdrop token to another coin that can be traded to fiat or so, the victim will lose all other coins that address holds, this is new to me but there is nothing impossible with hackers.

1. Avoid participating in airdrops at all and giving out your sensitive details like email addresses and wallet addresses.

2. If you must, use fresh address for each airdrop and token.
The first can lead to scam attempt which can be successful if hackers use the information given them against the person that have them.

If fresh email is used, that is not resistant to hackers to send email to the person but new emails will be good to have privacy but not completely safety.
copper member
Activity: 2128
Merit: 1814
฿itcoin for all, All for ฿itcoin.
Some hours back, there are users who have lost funds due to a scam airdrop that exploits Thorchain's code base

In this sort of attack the hacker airdrops the malicious tokens to several addresses of the would be victims. In this case the malicious token that was airdropped was UNI Holding (UniH) tokens

Once the victim tries to authorize the airdropped token in order to exchange it, the victim’s address instantly gets drain off other tokens if they available in the same address. In other words, the hacker will transmit tokens from your wallet to his address without needing any private keys or seeds.

Around 2,500 ETH was lost due to the attack
Some traders also lost RUNE tokens

Ways to avoid Airdrop scam losses

1. Avoid participating in airdrops at all and giving out your sensitive details like email addresses and wallet addresses.

2. If you must, use fresh address for each airdrop and token.

3. If you receive a questionable token in you address yet you never participated in any airdrop program, abandon the address and move your tokens to a fresh one. Do not move the suspicious token to an exchange and try to exchange it with the other tokens still in the wallet.

4. Avoid shit projects. Do due diligence.




Links for more details:
- https://www.runebase.org/news/thorchain-suffers-exploit
- https://www.cryptoknowmics.com/news/scam-alert-after-approval-of-this-airdrop-cryptocurrency-wallets-deflate
- https://twitter.com/THORmaximalist
Jump to: