Telegram airdrop scams — five red flags

Airdrops are real. The links in your Telegram messages are usually not. Here's the pattern that gives them away.

Airdrops — projects giving away tokens to early users or to wallets that meet certain criteria — are a real thing in crypto. Uniswap did one. Arbitrum did one. Optimism did one. They've sometimes been worth thousands of dollars per eligible wallet.

This makes airdrops irresistible bait for scams. The Telegram and Discord messages claiming you've "qualified" for one are almost always fake. Here's the pattern.

Red flag 1: They came to you

Real airdrops do not message individual wallet holders. They're announced publicly through official channels — the project's verified Twitter account, their main website, major crypto news sites. You discover them by reading the news or by checking a dedicated tool like a snapshot site.

If a project DMs you, comments on your tweet, or finds you in a Telegram group to tell you you've "qualified," that's the scam.

Red flag 2: You have to "claim" by connecting your wallet

The mechanic of real airdrops varies. Sometimes you connect a wallet and sign a single message (no transaction, no fees). Sometimes the tokens just appear in eligible wallets without any action required. Sometimes you have to perform an on-chain transaction that costs a few dollars in gas.

What real airdrops do not do is ask you to connect your wallet to an unfamiliar website you got from a DM link. That action — connecting your wallet and approving a transaction — is the entire attack surface. The scam transaction usually grants the attacker permission to drain specific tokens from your wallet, or in newer variations, to act on your behalf for everything.

Red flag 3: The website domain is "almost right"

Real airdrop pages are at the project's official domain. Scams use look-alike domains: uniswap-claim.io, optimism-airdrop.org, arb-claim.app. These addresses are designed to look right at a glance. Always check the address bar carefully. Cross-reference the URL against the project's verified Twitter account, not against a link in someone's message.

If the link goes to a domain that you wouldn't naturally have found on the project's actual website, treat it as hostile.

Red flag 4: There's urgency

"Claim within 24 hours." "Eligibility expires Friday." "Limited slots."

Real airdrops typically have a claim window measured in months, not days. The urgency in scams is there for a reason — it pushes you past the careful-checking stage you'd otherwise apply.

If you missed a real airdrop deadline, that's annoying but survivable. If you fall for a scam because of urgency, your wallet might be drained.

Red flag 5: The token you're supposedly receiving doesn't make sense

Sometimes the scam is dressed up as an airdrop from a project you've never interacted with. You're suddenly told you "qualify" for the something-coin airdrop because of "your activity in the ecosystem," but you've never used the ecosystem in question.

Real airdrops have specific, narrow eligibility — wallets that used a particular protocol before a particular date, wallets that bridged a particular amount, etc. If the criteria sound vague or you genuinely don't meet them, you're not eligible. The message is not for you.

What to actually do if you're curious

If you hear about a real airdrop and want to check eligibility:

Search for the airdrop on the project's verified Twitter account or website. Bookmark the domain from there. Use that.
Use a community tool like a snapshot checker (e.g., snapshot.org checkers) to confirm eligibility before connecting your wallet. These tools are read-only.
If you do connect a wallet, use a fresh wallet, not your main one. This protects against the worst case where a connection approval grants more access than expected.
Read what you're signing. Most wallets show a preview. If the transaction is asking for permission to spend specific tokens, or for permission to manage everything in your wallet ("setApprovalForAll"), stop. That's not a claim, that's a drain authorization.

What to do if you already clicked

If you connected a wallet to a suspicious site:

Use a tool like Revoke.cash or the Token Approvals page on Etherscan to see what permissions you've granted. Revoke anything from the suspicious site immediately.
If you signed a transaction, move remaining funds to a fresh wallet as fast as possible. The attacker may have permissions that activate later.
Don't try to "engage" with the scammers to learn more or to get your funds back. Whatever they tell you next is a second-stage attack.

Takeaway

Real airdrops come to you through the project, not the DM. They give you time. They don't ask you to "connect to claim" on a domain you've never seen. The five red flags above appear in almost every airdrop scam. Once you've seen the pattern three times, you'll spot it instantly.

When in doubt, the safe move is to do nothing. Real airdrops will still be there tomorrow. Scams won't.