Wallet drainer airdrop claim alert

A fake claim page often looks like a reward, mint, migration or refund. The risk is not only the website; it is the wallet action the user signs.

The page may ask for an approval, permit, signature or transaction that does not match the promised reward.

• The user clicks a claim link from an ad, social post, compromised account or direct message.
• The page asks the wallet to sign or approve token spending.
• Tokens move immediately or later through the approved spender or malicious transaction.

CryptoRescue labels this as a risk-pattern alert. The page is designed to help a reader pause, preserve evidence and avoid additional payments. It is not a finding that every similar message is from the same actor, and it is not a promise that funds can be recovered.

• The link comes from a reply, ad or urgent countdown.
• The wallet prompt grants broad token spending permission.
• The page asks for repeated signatures after an error.
• The domain is not linked from official project channels.

One signal may be explainable. Several signals together should slow the user down. The strongest red flags are requests for seed phrases, private keys, remote access, additional crypto payments, secrecy or pressure to move the conversation away from official support.

• Stop signing and disconnect from the page.
• Check token approvals on the relevant chain.
• Revoke suspicious approvals where possible.
• Move remaining assets if wallet secrets or malware are suspected.

The first goal is to prevent more loss. If a wallet secret was exposed, treat the wallet as compromised. If only a payment request was received, do not send the payment while you collect and verify evidence. If a transaction already happened, preserve the hash and explorer URL before chats or dashboards disappear.

• Claim page URL and screenshots.
• Approval transaction hash and spender address.
• Token contract and affected wallet address.
• Social post, ad or message that delivered the link.

Keep the original evidence and the follow-up evidence separate. Many crypto cases have two stages: the first scam and then a fake recovery, tax, legal or support scam. Mixing the timelines makes reports harder to read.

Use the warning checker when you have a platform name, domain, social handle, payment request or recovery pitch. Use the transaction lookup router when you have a wallet address or transaction hash. Use the evidence kit when you already paid, connected a wallet, signed an approval or shared documents. The order matters: first preserve the evidence, then check official sources, then decide whether the page is ready for a report or needs more evidence check.

If a known exchange, wallet or service name appears in the story, open the related service profile or research review before trusting a private support route. If the case includes a coin or network, open the coin profile and explorer context so the report says exactly which chain, token and transaction are involved.

Write the timeline in plain language: who contacted you, which site or app was used, what payment or signature was requested, what you sent, what changed after the payment, and which evidence proves each step. Avoid guessing about the attacker identity unless there is a source that supports it. It is safer to say "this account requested an AML fee" than to say "this company stole funds" without independent evidence.

That discipline protects the reader and the site. It also makes the case easier to escalate because the important details are not buried under emotion, screenshots without context or unsupported accusations.

• Do not sign a recovery transaction from the same site.
• Do not assume disconnecting the site removes on-chain approvals.
• Do not pay someone to revoke approvals.

Do not let urgency make the evidence worse. A clean record of URLs, contacts, wallet addresses, transaction hashes and timestamps is more useful than a rushed payment made to test whether the contact is telling the truth.

A wallet prompt is a security decision. Scam pages rely on users clicking quickly because they believe a reward is waiting.

Crypto payments can be difficult or impossible to reverse once confirmed. That makes prevention, early verification and evidence preservation more important than hopeful follow-up payments to strangers.

This alert uses wallet security guidance and scam-pattern sources. It should be linked to token-approval explainers and approval-checker reviews.