#空投防骗手册 Common Airdrop Scam Warning Signals

Fake Official Website Phishing

Scam Method: Forging a website that is highly similar to a well-known project, enticing users to connect their wallets or enter private keys, then transferring assets away.

Identification Points: Abnormal domain suffix (e.g., .com changes to .cm), unverified social media links, no official blue V certification.

Malicious Contract Authorization

Typical Trick: Requesting users to authorize unlimited smart contracts under the guise of 'claiming airdrops', leading to bulk transfer of wallet assets.

Warning Signals: Contract not open-sourced, no audit report, or requesting authorization beyond necessary permissions (e.g., transfer rights).

Fake KYC and Data Theft

Operational Flow: Falsely claiming compliance review, requesting submission of ID, facial information, then reselling on the black market or extorting users.

Danger Signals: Unknown platforms requesting sensitive information, no privacy protection statement, customer service urging submission of materials.

High Yield Staking Traps

Inducing Language: Exaggerated promises like '10,000% annualized' or 'zero-risk arbitrage' to attract users to stake assets and then abscond with funds.

Identification Key: Returns far exceeding industry averages (DeFi protocols typically yield 5%-30% annually), no actual application scenarios.

Social Engineering Scams

Disguise Techniques: Impersonating official customer service to privately message users, requesting mnemonic phrases under the pretext of 'account issues' or 'qualification for claims'.

Core Vulnerability: Real customer service will not proactively message, and communication is limited to official websites or certified community channels.