Airdrop ≠ free money. It's a trap — if you can't distinguish a legitimate project from a scam.
My red flags:
— Fake websites that copy well-known brands. I always check the domain and SSL certificate.
— Unclear team or complete anonymity without a technical background.
— A contract that requests overly broad permissions (especially for approve all).
What I do for verification:
— Analyze the smart contract through DeFi platforms (Revoke.cash, Tenderly, Etherscan).
— Research activity on X and Discord: bot-like activity or silence — a warning signal.
— Look at who from reputable auditors mentions the project (or mentions it at all).
Example: in March, I saw an “airdrop” of a token that required signing in from a wallet and immediately launched a script for mass token approval. I avoided it thanks to manual contract analysis.
Security is not a feature, but a strategy.