Are all airdrops scams?

No. A real airdrop is a marketing move where a project sends free tokens to wallets. The scam version copies that idea to make you connect, sign, or hand over keys. The test is simple: a real airdrop never needs your seed phrase or private key.

I clicked a claim button and connected my wallet. Am I drained?

Connecting alone does not move funds. The danger is the approval or signature that comes next. Go to revoke.cash, revoke any approval you do not recognize, and move funds to a fresh wallet if you also signed something. Acting in minutes matters.

Why do I keep getting tokens I never bought?

That is dusting. Scammers send junk tokens or NFTs whose name or image hides a phishing link, hoping you will visit it or try to sell. Treat them as toxic dust: hide them and do not transfer, swap, or burn them.

Is a signature safer than a transaction because it is free?

No. A gas-free off-chain signature can still authorize transfers. Permit-style signature phishing caused the single largest theft of 2025 at 6.5 million dollars. Read what a signature grants before approving it, the same way you would a transaction.

🧭 Guide 🔰 Beginner 🪜 Step by step

🎁 How to Avoid Airdrop Scams How to Avoid Airdrop Scams

Seven steps so a free-token offer cannot drain your wallet.

A real airdrop is a marketing move: a project sends free tokens to wallets to get noticed. Scammers copy the shape of that and turn it into a trap that wants you to connect a wallet, sign something, or reveal your keys. The good news is that the safe habits are short and repeatable. Here they are, step by step.

1Verify the airdrop is real

Find the announcement yourself on the project's official website and its verified social accounts. Do not trust a DM, a reposted link, or a message in a Telegram or Discord group, even if it looks like an exchange or a known person. Those accounts get faked and hacked to borrow credibility.

Type the project's address into your browser yourself. A claim page you reached by clicking a stranger's link is the most common way in for a phishing site.
2Never share your seed phrase or private key

No legitimate airdrop ever needs your seed phrase or private key. Any page or person asking for one is a scam, with no exception. Those words are the wallet itself, not a login you can safely re-enter somewhere.
3Claim from a separate burner wallet

Make a second wallet that holds little or nothing, and use it for claims and any risky interaction. Keep it apart from the wallet with your main holdings. If a claim turns out to be malicious, it can only reach what is in the wallet that touched it.
4Read what you sign before you sign it

Before you approve, read exactly what the transaction or signature grants. A fake claim button often hides an unlimited token approval that lets the attacker's contract spend that token now and in the future. A gas-free signature can be just as dangerous: a single Permit-style signature was behind the largest theft of 2025, at 6.5 million dollars.

A hardware wallet helps here: confirm the device screen matches what the site claims, and decline blind or unlimited approvals you do not understand.
5Revoke approvals you no longer need

After a claim, take back permissions you are done with. A free tool like revoke.cash lists what your wallet has approved and lets you cancel each one. Make it a habit to review your approvals every so often, the same way you would check old app permissions on a phone.
6Ignore and hide unexpected tokens and NFTs

Strange tokens or NFTs that arrive on their own are usually a dusting attack. The token name or NFT image hides a link to a drainer site. Treat them as toxic dust: hide them, and do not transfer, swap, or burn them, because the action itself can route you to the trap.
7If you are compromised, act fast

Move any remaining funds to a fresh, secure wallet right away. Revoke the approvals on the affected wallet, turn on two-factor authentication on your exchange accounts, and report the address. Minutes matter, so do the move first and the cleanup second.

⚠️ Red flags that mean stop

🔑 Anyone asking for your seed phrase, private key, or recovery phrase
⏰ Urgency: claim within 24 hours or lose eligibility. Real airdrops do not rush you
🎣 A claim page you reached from a DM or random link, not the project's own channel
🎈 Big rewards for no effort, with no whitepaper and no team you can name
🪙 A mystery token or NFT you did not expect: leave it alone

For context on scale: across all of 2025, wallet-drainer phishing took about 84 million dollars from roughly 106,000 victims, down sharply from the year before. Smaller than the peak, still real money, and the habits above are what kept most people out of those numbers.

❓ FAQ

Are all airdrops scams?: No. A real airdrop is a marketing move where a project sends free tokens to wallets. The scam version copies that idea to make you connect, sign, or hand over keys. The test is simple: a real airdrop never needs your seed phrase or private key.
I clicked a claim button and connected my wallet. Am I drained?: Connecting alone does not move funds. The danger is the approval or signature that comes next. Go to revoke.cash, revoke any approval you do not recognize, and move funds to a fresh wallet if you also signed something. Acting in minutes matters.
Why do I keep getting tokens I never bought?: That is dusting. Scammers send junk tokens or NFTs whose name or image hides a phishing link, hoping you will visit it or try to sell. Treat them as toxic dust: hide them and do not transfer, swap, or burn them.
Is a signature safer than a transaction because it is free?: No. A gas-free off-chain signature can still authorize transfers. Permit-style signature phishing caused the single largest theft of 2025 at 6.5 million dollars. Read what a signature grants before approving it, the same way you would a transaction.

🔗 Related

🎁 Airdrop 🎣 Phishing 🔑 Seed Phrase 🌫️ Dusting Attack 🔒 Hardware Wallet ⟠ Ethereum 🪙 Bitcoin

Information only, not advice to use any particular tool or to invest.