Introduction

Crypto airdrops, a method frequently used by blockchain projects to distribute tokens, can be perceived as a lucrative opportunity to expand your cryptocurrency holdings. For instance, notable instances like Uniswap's UNI token airdrop showcased early adopters receiving significant sums, with some securing over $10,000 worth of tokens.

However, navigating the airdrop landscape requires a cautious approach due to potential security risks. While these events offer a chance to amass wealth, the crypto sphere is rife with malicious actors seeking to exploit unsuspecting participants. Scammers perpetually seek access to users' wallets, making it crucial to remain vigilant and informed.

In this comprehensive analysis, we delve into the fundamentals of crypto airdrops, shedding light on the mechanisms and strategies to safeguard your assets when pursuing complimentary crypto tokens all through a lens of on-chain data

What is an Airdrop

A Crypto airdrop is a giveaway by blockchain projects, offering free tokens or coins to their community. It's seen as a gesture of appreciation or a marketing tactic to boost interest in a new project, similar to a startup distributing free samples. These events can be significant for capital growth, according to figures like Gigantic Rebirth.

For crypto projects, airdrops generate buzz and attract users, while users get a chance at free cryptocurrency tokens or even valuable NFTs. Although many airdrops offer minimal token amounts, some, like Aptos (APT) and Arbitrum (ARB) last year, distributed millions in value, making airdrop farming lucrative

How to Identify Airdrops through onchain data

We can analyze the data of airdrops through the common link between all of them making multiple transfers in a single transaction which we can get through this query on bitquery APIs

{

EVM(network: eth, dataset: archive) {

Transfers(

orderBy: {descendingByField: "count"}

limit: {count: 20}

where: {Block: {Date: {after: "2023-10-01"}}, Transfer: {Currency: {Fungible: true}}}

) {

Transaction {

Hash

}

count

Fee {

SenderFee

}

Transfer {

Currency {

Name

Fungible

SmartContract

}

}

}

}

}

How to Check your wallet got Airdrop or not

I seldom open my wallet directly; instead, I rely on Bitquery Explorer for all my essential information as it provides comprehensive details. Furthermore, if you prefer not to add all those tokens to your wallet immediately, you have the option to skip that step. Just monitor Bitquery Explorer to track incoming transactions. When you're ready to transfer tokens to an exchange, you can add the specific tokens at that time.

The 1st thing to do is copy your ether public key that you used in the airdrop then go to https://explorer.bitquery.io Paste your public address into the search bar.

This is what my current ETH wallet for airdrops looks like. Its got just under $5 worth of Ethereum

Cick on Any Token from the list, take its smart contract address and analyze all the data about it from inflow to gini coefficient, go to your app wallet and click on add custom token. Enter the details and click save.

Check Who got the airdrop from a Particular Project

We can easily check who got a particular airdrop just by getting the Transaction Hash, for example we have a fake phishing transaction hash “0x34455829dc9ca3a5fa880c163d6f6c2e9266b163b0ae015b894b2dceb63c8d47” and we can open up it into bitquery explorer and see the tracing of funds and find each of the address which got the specific token from the airdrop

Cost of AirdroppingAirdropppig Tokens

The cost for airdropping tokens is gradually decreasing due to L2’s and upcoming scalability solutions but still, the OG and most phished on-chain is Ethereum and the gas price for each airdrop is the initial cost for the wallet that airdropped with some optional cost such as creating a liquidity pool etc.

We can get the gas cost using the below query for each of the airdrops which is proportional to the no. of wallets included for transfers in a transaction

{

EVM(network: eth, dataset: combined) {

Transfers(

orderBy: {descendingByField: "count"}

limit: {count: 10}

where: {Block: {Date: {after: "2023-12-01"}}, Transfer: {Currency: {Fungible: true}}}

) {

Transaction {

Hash

}

count

Fee {

SenderFee

} } } }

The Dark Side of Crypto Airdrops

Of course, the world of crypto airdrops isn’t all free tokens and happy dances in the Metaverse. There’s a darker side to it that’s plagued with potential scams and risks. Let’s put on our detective hats and sniff out these potential pitfalls.

In the crypto world, not every airdrop is your friend. Like a wolf in sheep’s clothing, bad actors are waiting to pounce on unsuspecting users. These scam airdrops often lure users with the promise of free tokens, only to steal their information or funds.

There are mainly 3 types of Phishing attacks that can happen out of them 2 happens on web servers and the last one is a bit more advanced and uses on-chain techniques

Private Key Scam - It is the most common and lethal scam.

Scammers will create fake websites with malicious code designed to hack your crypto wallet and steal your private keys or seed phrases. Once a scammer has your keys, it’s game over. They’ll have full control over your wallet and can drain all your crypto assets in a few minutes.

These scam sites can be hard to recognize because they’ll often look like an exact replica of trusted sites like OpenSea or Uniswap. They might also run fake Twitter profiles and share dangerous links.

Advance Fee Scam - In this case, the scammers ask users to send them a certain amount of cryptocurrency to ‘qualify’ for the airdrop. It’s like someone asking you to pay for a free sample. If it sounds too good to be true, that’s because it is. Remember, legitimate airdrops will never ask you to send them funds.

Onchain Scams - Nowadays, scammers target using distributing actual tokens and using them in various ways to manipulate the Wallet users, we can categorise them into 2 different types

• Airdropping Token Linked with an external website - It is quite similar to the "private key" scam, but intead of using social media platforms such as Twitter etc., scammers airdrops token linked with a malicious website which when visited upon steals the private key.

  An attack of same kind can be analyzed on Explorer, In this transaction the scammer airdropped token named getETH.org which when clicked upon in metamask led to a fake website of the same name

  It only cost the scammer only 0.0224241248 ETH - $45.49 which is the gas fees and is quite beneficial even if only 1 of the 1000 wallets go the website

• Shitcoin Liquidating - This method is less harmful for the people who got the airdrop and is a gamble from the scammer.
  So it works like the scammer makes a Liquidity Pool on Uniswap and provides some liquidity for the scammer token and airdrops it to people so they can transact on it and increase the daily volume of the token while keeping a amount of tokens to himself and when the enough people have bought the token which increases the price of it, he simply sells all of his tokens making a profit and making the coin dead by lowering it's price and bringing panic in holders.

  To analyze this type of attacks first we will use the query above to get a list of airdrops and then analyze their charts and liquidity using the bitquery DexTrades API, below is a chart for token discussed above which can be made using OHLC APIs

How to Identify Airdrop Scams

One way is to check that the token contract address is the original one and does not have any link to an external website with it and another one is checking the age of token creation, if it is a relatively new token with low liquidity, it is most probably a scam, just like this token airdrop transaction named geteth.org

Any airdrop, giveaway program, or any program at all that requires you to enter your private keys and seed phrases is an outright scam. Your private key and recovery phrase should be known to you only, and stored offline on crypto steel. Never enter this information on any website, as no legitimate app will ask you for your private keys; this isn’t limited to airdrops but includes every other crypto interaction.

Final Thoughts

While airdrops are real, airdrop scams are equally real. Sometimes it is hard to differentiate between legitimate and fake airdrops, with even experienced investors falling prey to these. However, in many cases, fake airdrops have telltale signs, where the giveaway is usually in the domain name. We have shared some known cases but also admit that airdrop scams take many more forms and this list is not exhaustive of the forms these scams could take.