Airdrops are a common way to receive NFTs and tokens. They are also a common tool scammers use to steal tokens and NFTs from wallets.
These attacks usually use an NFT or token with a URL in the name or description, such as uniswap-airdrop.claim.
The website at the URL offers to redeem the token/NFT received for a token with value (ETH, UNI, etc). During the redemption process, the scammers trick the victim into approving a contract in their wallet.
Once the approval is done, the scammers have permissions to the tokens and NFTs in the victim's wallet. With these permissions, they can transfer everything out of the victim's wallet.
If you receive an NFT or token from an unknown sender that you were not expecting to receive, we recommended that you don’t attempt to claim the airdrop.
If you have accepted an airdrop for an NFT or token you weren’t expecting, you may want to consider transferring everything out of your wallet to a different wallet. Note: Transfers include network costs.
To protect yourself from these scams, follow these steps:
- If you receive an NFT or token with a URL, do your research before attempting to claim.
- If you receive an NFT or token from an unknown source, do not attempt to swap or sell it.