Hacken Ecosystem

Fake airdrops are becoming a growing threat.

Airdrops: what are they and what is their point?

iPhone owners are familiar with the term “airDrop,” but cryptocurrency airdrop has a different meaning. In a crypto world, airdrop is when a company sends tokens to wallet addresses of active community members for free or for a certain action, such as a retweet. Airdrop typically involves a small share of all circulating tokens. The primary purpose of an airdrop is to promote awareness about the new crypto project. A legitimate airdrop is a vital marketing stunt to stand out from other cryptocurrency startups.

Fake Airdrops: Dangerous and Tricky

Not all airdrops are created equal. While most airdrops are legitimate and credible, some crypto teams use airdrops as pump-and-dump schemes. But there are fake ones too. Fake airdrops are malicious. Their only purpose is to trick victims and get access to their financial assets. Fake airdrops are phishing scams. Victims click on phishing links and connect their digital wallets to a fake address. 

Optimism Fake Airdrop

Optimism is an unfortunate name for a target of a scam. But scammers are ruthless and don’t care about feelings. Unsuspecting victims wanted to stay optimistic but connected their wallets to malicious addresses. It all started when Optimism announced an airdrop on June 1st. 

The same day dozens of fake optimism accounts popped up on Ethereum and BNB Chain.

Approximately ~6 Optimism are honeypots (5 Optimism on BNBChain, 1 Optimism on Ethereum), and 76% are at risk (insufficient liquidity or no BNB pair).

Factors that enabled fake airdrops 

The company hyped the OP drop for weeks, which naturally drew the attention of many scammers and hackers. On the drop day, they came prepared.

Traffic to Optimism increased tenfold after the announcement. Many users experienced delays of several hours because the public endpoint was under-provisioned – insufficient edge proxy capacity. OP also ran into problems with backend claims flow, indexer, submitter, and Warp Speed (the deposit processing service). The failures in internal services made fake airdrops more attractive to victims as they enjoyed no delays.

Another enabling reason for fake airdrops was lagging communications from Optimism. The company remained quiet amid increased questions and speculation on Discord and Twitter, creating perfect conditions for scammers.

It is worth noting that the Optimism team has been transparent about their shortcomings and showed dedication to improving their internal services for the next drop.

Protect your financial interests from fake airdrops

We all agree that fake airdrops are nasty, and nobody wants to become their victim. Yet, scammers employ more intricate tools to steal money from you. Hacken’s duty as a leading cybersecurity firm is to protect crypto and NFT enthusiasts from fake airdrops. The following tips will significantly enhance your chances in this battle against scammers.

  1. Read our essential article on how to improve your cybersecurity. Knowledge is the first line of defense from fake airdrops.
  2. Check the company behind the airdrop. When was it created? Who are the owners? Most importantly: Did it publish the announcement about the airdrop on its official social media?

Crypto projects should undergo penetration testing, such as DDoS resistance and network penetration testing, to prevent delays and failures of internal services on the drop day.