#空投防骗手册 Scam Method: Forging a website that is highly similar to a well-known project, enticing users to connect their wallets or enter their private keys, and then transferring away assets.

Key identification points: Abnormal domain suffixes (e.g., .com changed to .cm), unverified social media links, no official blue V certification.

Malicious contract authorization

Typical trick: Requesting users to authorize unlimited smart contracts in the name of 'claiming airdrops', resulting in bulk transfer of wallet assets.

Warning signals: Contract not open-sourced, no audit report, or requesting authorization beyond necessary permissions (e.g., transfer rights).