Someone forwards a link. "Free claim, ends in 4 hours." The panda has seen this movie. The ending rarely involves free money, but it often involves an empty wallet. This tutorial walks through the seven checks that separate a real airdrop from a wallet drainer in about ten minutes.
According to CoinGecko's global market data, the market tracks 17,409 active cryptocurrencies as of May 28, 2026, total cap $2.53 trillion. Most fake-claim domains spotted this week mimic projects in the top 100. The phishing factory scales with the market.
Prerequisites
Before you start, have ready:
- A clean browser tab on a laptop or phone. Do not connect a wallet yet.
- The official project handle on X, Discord, or its primary domain. Get it from the project's own pinned post, not a reply or a screenshot.
- A view-only address or a burner wallet for the first checks. Keep the main wallet out until step seven.
- Ten minutes and zero FOMO. The deadline on the claim page is almost always fake.
Time to complete: 10 to 12 minutes.
What counts as a legitimate airdrop?
A legitimate airdrop has three traits the scammy version rarely has. First, the announcement comes from a verified primary channel: the project's own domain, its own X handle with a credible posting history, ideally a governance forum entry. Second, the eligibility logic is public and snapshot-based. You qualify because of something you already did on-chain, not via a "connect-and-sign" page. Third, the claim site lives on a domain that matches the project's known one character for character. No swapped Cyrillic "a", no "claim-" prefix on a separate domain.
Real airdrops do not require unlimited spending approvals. They do not "sync your wallet". They do not "verify" via a signature that turns out to be a transfer authorisation.
Step-by-step: seven checks before you connect
Run these in order. Stop at the first failure.
1. Trace the announcement to a primary source. Open the project's main domain manually. Type it, do not click. Look for the airdrop post on the project's own blog or pinned X post. If the only "proof" is a Telegram forward or a paid Twitter ad, you have your answer.
2. Check the claim domain character by character. Drainers register lookalikes like arbitrum-claim.io, optimism-foundation.net, bsc-airdrop.app. Real projects usually claim at their own root domain. Compare letter by letter.
3. Look at the contract age. Open the airdrop contract on Etherscan or BscScan. Drainers often deploy less than 24 hours before the campaign. Real projects are auditable for days or weeks. New plus loud equals risky.
4. Read the function you are about to sign. A real claim is usually claim(uint256, bytes32[]). A drainer is setApprovalForAll(true), permit(...), increaseAllowance(...), or an opaque "Sign-In With Ethereum" payload that transfers ownership on closer reading. If the function name is unreadable, the panda goes home.
5. Cross-check the contract against the project's docs. Projects publish the airdrop contract on their own site. If the address on the claim page does not match the docs, the claim page is not the claim page.
6. Use a simulator before signing. Tools like Wallet Guard, Pocket Universe, or Blockaid (now bundled into MetaMask) simulate the transaction and show actual asset movement. If the simulation shows assets leaving instead of arriving, do not sign. This step alone catches roughly nine out of ten drainer attempts.
7. Revoke promptly after claiming. Even legitimate claims sometimes leave approvals open. Visit the Etherscan Token Approval Checker or the BscScan equivalent right after claiming and revoke anything unused. Our walkthrough on revoking token approvals on BSC covers the gas-efficient path.
The official Ethereum security guide repeats most of these rules in calmer prose.
Troubleshooting common failures
The site asks for my seed phrase. Close the tab. That is the whole note. No real airdrop ever asks for a seed phrase. None. Ever.
The simulator shows zero in and zero out. The transaction probably sets a permission rather than moving an asset. Permission grants are how most modern drains work. Reject the signature.
The contract is brand new but the project is real. Possible, but verify the address against the project's domain, docs, and governance vote. Three primary sources. Two out of three is not enough.
I already signed something I should not have. Go to the approval checker and revoke every non-essential approval. Move remaining assets to a fresh wallet if a high-value approval was granted. Our hardware wallet primer covers the long-term hygiene side.
FAQ
How long do I have to claim a legitimate airdrop?
Real campaigns run for weeks or months, not hours. Any "60-minute window" headline is almost always a scarcity trick.
Do real airdrops ever ask for a gas payment?
Yes. A small ETH or BNB gas fee to execute the claim is normal. A "deposit to unlock" is not. No legitimate deposit-to-unlock airdrop exists.
Can a hardware wallet save me from a malicious signature?
Partly. The device protects the key, but if you approve a malicious function on it, the device signs. The device screen is the last line of defence. Read it.
Are airdrop bots and farming services safe?
The bot itself is rarely the threat. The drainer-shaped claim page it routes you to often is. Treat any bot link like a link from a stranger in a bar.
What if I missed a legitimate airdrop?
You missed it. The market still exists. The next one will too. Spoiler: we saw this one coming.
Airdrop drainers are the most efficient phishing vector in crypto today. They wrap a malicious signature in a legitimate-looking workflow. Wallet warnings keep improving, but the cost of running a drainer keeps falling. The gap between "looks legit" and "is legit" widens.
For builders in the memecoin ecosystem, the bar is what every honest project clears: a public contract, a known domain, a claim flow without unlimited approvals. The Dadacoin team treats these as the floor, not the ceiling. For adjacent scams, read how to spot a rug pull and how to spot a honeypot token on BSC. Same checks, same arithmetic, same panda watching from the back.
