Getting an airdrop is fun. You get paid for being early. But it’s also a dangerous period when scammers prey on FOMO around claiming tokens. In this post, we show you how to stay safe when claiming airdrops, using the ZK token as an example. 

Know the risks

First, you need to understand what the risks are. 

  • Connecting to the wrong site — by clicking on the wrong link on social media or in Google search results, you can end up on a scam website. As long as you don’t connect your wallet, you’re ok. However, if you connect the wallet, the scammers will read your portfolio and act accordingly. 
  • Signing approvals and/or transfers — a button can say ‘claim’ when, in reality, the transaction gives approvals to drain tokens from your wallet. The scammers will usually show fake error messages and proceed to transfer assets from your address. 
  • Sharing private key or seed phrase — scammers can also impersonate the project’s team and share a form that is supposed to review the cases when your address is ineligible. Eventually, they will ask for your private key or seed phrase or send you a link to a malicious website. 

Luckily, it is not too difficult to protect yourself from these risks. 

Don’t rush 

With real airdrops, you rarely need to rush. 

For example, the timeframe for claiming the ZK token claim is from June 17th until January by January 3rd, 2025. 

If you want to sell your tokens, you might get a better price in the first hour, but bots will be faster anyway. 

However, you might get an even better price later. The bottom line is that rushing is not worth the risk. 

Double and triple-check links to make sure you are on the official claim website. 

In particular, avoid clicking links in: 
  • Telegram channels — links can intentionally or unintentionally (due to typos) lead to wrong addresses owned by scammers 
  • Twitter/X — tweets in your timeline can be from fake accounts impersonating the project
  • Google Search results — ads and SEO-optimized articles that show up on top can by scammers 

Even if you have the link to zkSync in your bookmarks, it’s best to cross-check the claim URL in other channels, such as Discord.

Use a wallet with phishing defense 

If you still end up landing on the wrong website, Zerion Wallet will warn you if it’s a malicious website. 

Zerion uses Blockaid to identify malicious websites in real-time when you try to visit them. Blockaid does internet-wide scanning to detect phishing and malicious apps, on average, 24 hours before they first try to attack users.

Understand what you sign 

Scammers rely on the fact that most people don’t read transaction messages. 

It doesn’t help that most wallets show raw technical messages that are hard for regular people to read. 

Zerion runs a simulation for every transaction and shows you the result before you sign. 

To sum up 

In this post, we’ve reviewed the steps to protect yourself when claiming an airdrop, using the ZK token as an example. 

First of all, it’s important to understand when and how scammers can attack. To stay safe, don’t rush, use only official links. And use Zerion Wallet, which detects phishing and simulates transactions before you sign them. With that in mind, enjoy your airdrop!