Lately, a lot of blockchain projects on Ethereum have been ‘airdropping’ tokens in the wallets of users. This is done to either spread the distribution of tokens or to advertise the token to users, but it can also be a scam.
The amount of airdropped tokens you receive depends (in a lot of airdrops) on how much Ether (ETH) you had at a specified block. Some airdrops drop the same amount of tokens to everyone, while others can be distributed to users of a specific protocol or people who already owned a different, related token in the past. Projects like decentralized exchanges or NFT platforms distribute tokens to their early adopters, investors, and supporters. That is known as Retroactive Airdrops.
That said, your Ethereum address is public on the blockchain, which means that anyone is able to send you ETH and/or tokens. If you want to find more information about airdropped tokens you received in your wallet, you can look them up on the internet for more information.
Because token creators have the ability to airdrop their tokens to a wide range of addresses, even all existing wallet addresses, that means that random, unsolicited tokens and NFTs can appear in your wallet without your knowledge. The token itself doesn’t negatively affect the wallet or the overall security, however, it can be used in a way that can.
For example, scammers can create a DApp or another crypto platform where they will offer to trade the airdropped tokens for tokens with higher value. However, to do that you would need to connect your wallet to this platform and give certain permissions, which then gives the scammers access to move all of your assets out. Another way of using airdropped tokens for scams: when you try to send or exchange the tokens, the transaction will fail, but the gas will go to the scammer's wallet. Finally, scammers can encourage you to interact with your airdropped token or NFT in some way, and collect your wallet information in the process, tricking you into giving up your keys or giving them access to your NFT marketplace account.
That’s why it is always a good rule of thumb NOT to interact with unknown assets. It's not possible to 'delete' tokens from an address, but you can hide unwanted tokens in some interfaces – in MEW wallet app, just click on the token entry and choose 'Hide token'. In the NFT section of MEW wallet, you can mark some of your NFTs as favorites to have them show up on the top of the screen, and hide the rest.
Many scams work by having you interact with a malicious token or contract, so it's a good idea in general to be aware of any approvals that you make with your wallet. Whenever a DApp requests that you give an approval or permission, carefully consider whether you trust the platform and try to understand what you are giving approval for. Generally, avoid interacting with any web DApp that you are not familiar with, and remember that if it seems too good to be true – it is. And of course never, ever give your wallet keys or phrase to anyone.
Always use a well-known secure wallet.
Never give your Private key or Mnemonic phrase (seed phrase) to anyone for any reason.
Don't interact with tokens you didn't buy, swap for, or expect to receive.
Don't interact with DApps and websites you are not familiar with. Double-check URL’s and certificates of websites. Make sure that they are trusted and secure.
Be vigilant when it comes to interacting with people claiming to be ‘Customer Support’. Please remember that your recovery information will never be needed in order to assist you.
For more tips on staying safe in crypto, see our articles:
Pro tips: how to avoid phishing and scams
mewwalletios, mewwalletandroid, whatis, random, token