TLDR
Phishing claim sites mimic legit airdrops (uniswap airdrop[.]xyz, arbitrum claim[.]io, layerzero claim[.]live, jupiter airdrop[.]app). Victim connects wallet and clicks 'claim'; drainer requests approvals + permits. Promoted via hijacked...
How it works
Phishing claim sites mimic legit airdrops (uniswap airdrop[.]xyz, arbitrum claim[.]io, layerzero claim[.]live, jupiter airdrop[.]app). Victim connects wallet and clicks 'claim'; drainer requests approvals + permits. Promoted via hijacked...
Red flags
- Urgent pressure to click, pay, or share codes immediately.
- A link or sender that does not match the official organization.
- Requests for card data, passwords, OTPs, wallet signatures, or bank transfers.
What to do
- 1Indicators: (1) URL not matching official domain (verify on docs/project Twitter pinned); (2) demands signature BEFORE any visible allocation; (3) claim amount unrealistic ($5k 50k); (4) eligibility check returns random number; (5) signature is Permit/Permit2 with large value not 'claim()'.
Source
FAQ
Is Fake airdrop site — claim button triggers drainer a real scam pattern?
Yes. Treat the message, call, or payment request as suspicious until you verify it through an official channel.
What are the first warning signs?
Urgent pressure to click, pay, or share codes immediately.; A link or sender that does not match the official organization.; Requests for card data, passwords, OTPs, wallet signatures, or bank transfers.
What should I do first?
Indicators: (1) URL not matching official domain (verify on docs/project Twitter pinned); (2) demands signature BEFORE any visible allocation; (3) claim amount unrealistic ($5k 50k); (4) eligibility check returns random number; (5) signature is Permit/Permit2 with large value not 'claim()'.
Can LegalAudit check my case?
Yes. Start a free chat and paste the message, link, sender, or payment details for triage.