Airdrops: the Good, the Bad, and the Scammy
by Crystal Stranger, CEO of PeaCounts and Timothy Kingery, CEO of ShareDrop
The Initial Coin Offering (ICO) world has often been described as the “Wild West” of the technology space. Nowhere does this seem more apparent than when marketing a token sale, which is an adventure through murky waters on the best of days. Scams are rampant, not just in token sales, but in the products marketed to the founders of companies running token sales as well.
Airdrops are the granting of free tokens to individuals who in exchange provide a source of viral marketing to the company granting tokens. The activities can range from sharing a link to the company on social media, signing up as a member of a messaging platform such as Telegram, participating in a contest, or bug-testing a beta launch. Telegram message boards and Twitter feeds are full of people seeking out easy money from airdrops, and the appeal of free tokens can feed a form of greed that makes intelligent people lower their guard and fall victim to scams.
Airdrops are not all bad. They are one of the most common methods employed by token offerings to engage large numbers of users, raise awareness of the project, and fill social media channels quickly. When performed properly, they can be used to launch a massive marketing campaign without risking large amounts of precious capital for early-stage fundraising.
However, airdrops are often poorly designed and managed, becoming a dilutive waste of token supply. The “free token” ecosystem is a target-rich environment for scammers, full of new users looking to make a quick buck and absent of due diligence. Whether it is bots and fake profiles filling the entry limits to the max, or flat-out ICO scams aiming to prey on large amounts of unwitting users quickly, there are numerous inefficiencies and pitfalls plaguing the current airdrop market. And if these bad actors are allowed to continue at this pace they run the risk of raising regulatory red flags and ruining airdrops as a legitimate marketing method for other companies.
Challenges for projects
Airdrops have been criticized by many in the token sale community. Many argue the return on investment (ROI) is difficult to measure and the recipients have no genuine interest in the project. Post-airdrop many companies wonder why their performance was not what they expected. Providing a legitimate ROI and ensuring the intended recipients are reached largely depends on engaging real users to deliver a powerful message to large lists of like-minded friends, with adequate incentives to achieve virality. The users who enter are often not your typical investor crowd, but if directed properly to spread an effective message, they are your key to thousands of impressions across multiple platforms with each qualified registration.
To address the performance issue, there are many reasons why most self-hosted airdrop campaigns, as well as many paid hosting solutions, do not perform as well as they could for the amount and value of tokens expended. Bots, fake profiles, and major airdrop channels tend to capture a majority of a campaign’s tokens before the thousands of real, deserving users could even have a chance at claiming them.
A few dollars is a lot of money to earn for a few minutes of work. This is also more than adequate incentive for users to create duplicate social media accounts to enter repeatedly as they switch their IP addresses with VPNs. Hundreds of phones in floor to ceiling racks can be managed by just a handful of operators who automate a majority of the process, only stepping in to fool captchas and keep the Telegram bots on track.
Fake Facebook profiles are another common problem. A vast majority of users tend to create duplicate Facebook profiles and go on “adding sprees” to fill their friends list to create the appearance of legitimacy. In all the airdrops we studied, more than 9 out of 10 users used these types of alternate accounts with tons of “friends” but no real following, their timelines packed with airdrops with no post engagement.
Then there are the large airdrop channels. Perhaps the worst culprits when it comes to capturing nearly half a campaign’s referral tokens and squandering them to reap enormous profits for the simple task of aggregating links and spamming their channel around. A majority of these channels fail to do their due diligence to protect their audience from scam campaigns, despite raking in massive amounts of tokens for their efforts. Even the biggest, most well-known channels like AirdropAlert are sadly no exception, which listed an ICO/Airdrop scam named Cardonio (CDO) that lured tens of thousands of users with high-rewards, offering huge $300 bonuses of tokens in exchange for a $20 token purchase, and stealing personal information with running checks to meet the know your customer (KYC) validation that is necessary to meet the anti-money laundering rules that most countries have.
Challenges For Users
Sadly, it’s users who often get the worst treatment from participating in prominent airdrop methods. Airdrop bots, fake Twitter profiles imitating authentic projects, easily duplicated google docs, and multiple forms of phishing are only some of the dangers they face on their quest to make a few bucks. Sometimes they cannot be blamed, as projects who opt for such poor choices of self hosting like Google Forms are almost asking for it in their misguided attempt to save a couple ETH. These take almost no time at all to duplicate and release into airdrop groups to misguide, steal information, and harm every user that has almost no way to tell if the token sale is real or not. Imitation Twitter profiles and Telegram airdrop bots are common as well. Many select real projects and time themselves to run in parallel with the actual campaigns.
These scammers collect personal information, from emails, names, and social media accounts to social security numbers, driver’s license numbers, and even KYC users gaining enough data to steal their identity, sell to other scammers/hackers, and compromise other important accounts. They then use this data to send phishing emails, posing as other projects they may have entered airdrops for or shared on social media. Often making offers for discounts or bonuses for purchases, or even efforts at tricking users into giving up their private keys and wiping them out completely.
The airdrop ecosystem is still evolving, yet many of these problems remain due to a lack of standardization. Very few airdrop channels and the users who follow them perform proper due diligence. Most self-hosted solutions are poorly managed. Even a majority of airdrop hosting providers do not filter out the fakes, despite the high costs.
Legal Issues
Additionally, there are new issues being raised by the recent Tomahawk case where the SEC concluded that the distribution of tokens in an Airdrop is a security offering that requires registration. Many in the crypto regulatory space have taken the position that this decision will make all airdrops security offerings that require registration with the U.S. Securities and Exchange Commission (SEC) under one of the exceptions such as Regulation D or Crowdfunding. However, whether or not tokens distributed in an airdrop are securities comes back to when tokens are sent out, and in what form. Many companies when running airdrops send out the funds as Ethereum, and in that case the airdrop would not be considered a security offering as Ethereum has been determined by the SEC to not be a security. If providing the company’s own tokens, then there must be an active ecosystem when the tokens are granted in order to support the utility token status, or securities regulations must be met. Tomahawk was clearly a security by the type of company it was, and therefore violated securities laws from granting tokens, even though it never actually raised any funds in its token sale.
Regardless of the securities regulation issues, there still must be KYC validations run to verifying who the tokens are being paid to in order to meet the anti-money laundering rules. Additionally, if making payments to a U.S. person in an amount over $600 then there must be informational reporting done for tax purposes. There then is an issue because the scams run the KYC checks to get the information from users for identity theft, so how can a company verify this information to make sure they meet their legal requirements, without scaring away the real users that will provide viral growth.
As with many areas in the blockchain technology space where there are pending legal actions that may clarify matters in the future, there is uncertainty around how airdrops will be viewed by the SEC and government agencies in other countries. In the meantime airdrops will continue to be seen as free money for some, a source of viral growth for others, and an opening for identity theft for others.
Crystal Stranger, EA, author of The Small Business Tax Guide, has more than 14 years of tax experience, with a focus in international tax. She has been writing about cryptocurrency tax and regulatory issues since 2014. She’s the founder and CEO of PeaCounts, a blockchain payroll technology company. This new, transparent payroll will promote fair wages and eliminate the need for black market labor.
