#空投防骗手册

Common Airdrop Scam Warning Signals

Fake Official Website Phishing

Scam Method: Fabricating a website that closely resembles a well-known project, inducing users to connect their wallets or enter private keys, subsequently stealing assets.

Key Identification Points: Unusual domain suffixes (e.g., .com becomes .cm), unverified social media links, no official blue V certification.

Malicious Contract Authorization

Typical Tactic: Requiring users to authorize unlimited smart contracts under the guise of 'claiming an airdrop', leading to the mass transfer of wallet assets.

Warning Signals: Contract not open-sourced, no audit report, or demands for authorization exceeding necessary permissions (e.g., transfer rights).

Fake KYC and Data Theft

Operational Process: Claiming compliance review, requiring submission of ID cards and facial information, then reselling on the black market or extorting users.

Danger Signals: Unknown platforms requesting sensitive information, no privacy protection statements, customer service urging submission of documents.

High-Yield Staking Traps

Inducement Language: Exaggerated promises like 'annualized 10,000%' or 'zero-risk arbitrage', attracting users to stake assets before running away with the money.

Key Identification: Returns significantly higher than industry averages (DeFi protocols typically have annualized returns of 5%-30%), no actual application scenarios.

Social Engineering Scams

Disguise Tactics: Posing as official customer service and messaging users, requesting mnemonic phrases under the pretext of 'account issues' or 'eligibility claims'.

Core Vulnerability: Genuine customer service will not initiate private messages, and communication is limited to official websites or certified community channels.