It’s no secret that the decentralized finance ecosystem is rapidly expanding, with more protocols and apps emerging every day. To stand out in such a crowded space, airdrops have become a go-to strategy for many DeFi projects to attract users and build a community.

However, recent events have highlighted the risks associated with airdrops. In particular, the recent Arbitrum airdrop was not without its mishaps. Although users were able to claim over US$1 billion worth of tokens, the process was marred by bugs, frustrations and scammers looking to take advantage of the chaos. This serves as a stark reminder that security in DeFi should always be a top priority, and airdrops can pose significant risks if not executed properly.

The importance of security in DeFi cannot be overstated. With the rise of DeFi comes the risk of hacks, exploits and other security vulnerabilities. In 2022, crypto hackers stole at least US$3.8 billion — more than 80% of which was suffered by DeFi. 

As the industry continues to mature, the community must prioritize security measures to ensure that users are protected and that the ecosystem can continue to grow and thrive. Unfortunately, wallets used in token airdrops have been found to be a significant source of security risks, exposing DeFi to potential vulnerabilities.

Importance of wallets in token airdrops

Wallets play a crucial role in token airdrops as they are the primary tool used to distribute tokens to participants. In a token airdrop, a company or project will distribute a certain number of tokens to users who complete a specific action. 

To receive these tokens, users typically need to provide a wallet address where the tokens can be sent. Without a crypto wallet, it is not possible to participate in an airdrop, and the potential rewards will be lost. Therefore, owning a crypto wallet is a necessary first step to participating in any airdrop.

Tokens received during an airdrop can be stored in the wallet and held for the long term, or they can be sold on a cryptocurrency exchange. Regardless of the strategy, having a reliable wallet prevents the loss of tokens and provides a way to access them. 

By requiring users to hold a crypto wallet, airdrops encourage new users to become familiar with and use cryptocurrencies. This ultimately leads to greater adoption and acceptance of cryptocurrencies, which benefits the entire industry.

Wallet security risks 

One of the primary security risks posed by wallets in DeFi is the underlying algorithm that generates the recovery phrase for new wallets. If the algorithm is weak and generates not-so-random phrases, it can be cracked or guessed by a program, leading to the theft of the assets stored in the wallet. This has been a problem for many years and is still a concern in the current Web3 era.

Wallets are also vulnerable to attacks and hacks due to the keys being stored in individual devices. A compromised phone or computer can give hackers access to the wallet, potentially leading to the theft of assets. 

Additionally, wallet providers storing recovery phrases somewhere without user knowledge, as in the case of the Slope wallet, can lead to data breaches that leave all wallets vulnerable. As DeFi becomes more popular and valuable, attackers will become more sophisticated, and wallet providers must stay vigilant to stay ahead of these risks.

There have been several high-profile security breaches involving wallets, highlighting the need for increased security measures. In one example, a scammer swindled US$8 million in Bitcoin and Ether by targeting users who wanted to get airdrops from Uniswap, a popular decentralized crypto exchange. The scammer posed as a representative of Uniswap and tricked users into providing their wallet information, allowing the scammer to gain access and steal their assets. Another example is the US$300,000 stolen by fake Blur airdrop websites, where users were directed to download a wallet app that was actually a phishing tool designed to steal their assets.

Addressing security risks

To minimize security risks associated with the claim process, airdropping tokens directly to eligible wallets is the best practice. By doing this, scams and other security issues that may arise during the claim process can be avoided. To ensure the success of airdrops, protocols and decentralized apps should communicate their airdrop plans to the community right from the start. Effective communication will help the community understand the process and prevent any misunderstandings.

Another best practice in securing wallets during DeFi token airdrops is to have a hot wallet for testing new protocols with fewer tokens and a cold wallet for storing the major portfolio. This segregation of assets ensures that even if a malicious site is accessed, the portfolio is not at risk. It is important to be vigilant and connect wallets to known domains and to claim airdrops from the known contract from Etherscan to mitigate risks.

Multi-factor authentication, strong passwords and other security measures are also critical for securing wallets during DeFi token airdrops. Multi-factor authentication should be enabled wherever possible to provide an added layer of security. Strong passwords should be used when multi-factor authentication is not available. Revoking contract access, accessing only known dApps, and being vigilant on new domains are some of the other measures that can be taken to enhance wallet security. Hardware wallets and enabling notifications for all wallets used are additional measures to consider.

Looking ahead

As the DeFi ecosystem continues to grow and mature, security must remain a top priority. Token airdrops can be an excellent way to introduce new projects and incentivize participation, but they also pose significant security risks to users’ wallets. The DeFi community must take action to address these risks. Only by prioritizing security can we unlock the full potential of DeFi and provide users with the confidence they need to participate in this exciting new space.