Arbitrum Shows Just How Messy (and Tricky) Crypto Airdrops Can Be

Bugs, server crashes and scammers continue to plague crypto airdrops. Will regulatory pressures be next?

AccessTimeIconMar 29, 2023 at 11:00 a.m. UTC
Updated Apr 25, 2023 at 7:26 p.m. UTC

It’s been around a week since the Arbitrum airdrop, when the largest Ethereum layer 2 platform by transaction volume distributed its long-awaited governance token to community members.

What’s clear by all accounts is that while users managed to successfully claim over $1 billion worth of tokens, the process was anything but smooth – mired by bugs, frustrations and scammers looking to take advantage of the chaos.

An “airdrop” is when a crypto project doles out free tokens to users in a bid to encourage adoption and jump-start the marketplace for a new asset. Arbitrum is a network that allows users to transact on Ethereum with lower fees; Offchain Labs, the network’s creators, introduced the “ARB” token to grant Arbitrum users the ability to vote on changes to the protocol.

This article originally appeared in Valid Points, CoinDesk’s weekly newsletter breaking down Ethereum’s evolution and its impact on crypto markets. Subscribe to get it in your inbox every Wednesday.

Any airdrop is an event. This one, which came amid a market downturn and a regulatory crackdown on the crypto industry, seemed timed to lift the crypto community’s spirits just when they were at their lowest. Certainly, the free money didn’t hurt; many ARB claimants rushed to sell their new tokens on crypto exchanges for a healthy reward.

But from the outside looking in, the Arbitrum airdrop was plagued by bugs and seized on by predators who, a week on, continue to use the project’s likeness to promote phishing scams. Spoof Arbitrum accounts became so prolific on Twitter, in fact, that the real Arbitrum account was briefly suspended after it was erroneously flagged as spam.

As another possible airdrop looms on the horizon – that of the Ethereum scaling platform zkSync – and regulators continue to ramp up scrutiny of token-based projects, it may be time to consider whether the airdrop model is so inherently messy (and so thoroughly mired in a gray area of securities regulation) that some protocol teams might need to find other ways of incentivizing new users and raising funds.

The airdrop fiasco

There was a week-long period between when the Arbitrum airdrop was announced and when investors were allowed to claim their ARB tokens. In that week, Crypto Twitter descended into a kind of frenzy, with people speculating about the token’s eventual price on the open market (will ARB trade for $1? $10?) and gloating about how many tokens they were set to receive. (ARB was apportioned to users according to their past usage of the platform.)

But when the airdrop finally went live on Thursday, the upbeat scene on Twitter quickly turned chaotic.

In the hours leading up to the airdrop, Arbitrum’s block explorer and the website for claiming tokens crashed in response to high server demand. Those who managed to complete the claim process successfully – usually by executing commands directly onto Arbitrum smart contracts – were forced to pay extraordinarily high gas fees because of the influx of network activity.

The high fees and service outages made it impossible for some users to claim their tokens altogether.

Despite the trouble, around half of eligible ARB claimants managed to nab their share within just an hour of the airdrop’s opening. But the airdrop wasn’t just plagued by inconvenience – it was also seized on by criminals.

For months leading up to the airdrop, even before there was official confirmation of an ARB token, scammers were spinning up spoof Arbitrum airdrop links and promoting them on Twitter, Discord and Telegram in an effort to phish unwitting investors – gaining access to their crypto wallets and sensitive personal data. Before the airdrop went live, more than 10,000 people fell prey to fake Arbitrum airdrop schemes, according to at least one analysis shared with CoinDesk by the Web3 antivirus firm De.Fi.

Scammers cast out even more Arbitrum phishing lures once the real airdrop went live. Even now, a week after the ARB claim window opened, virtually any crypto-adjacent tweet that gains modest traction can expect to be flooded with responses from accounts promoting fake ARB claim links. One attacker even managed to compromise the account of an Arbitrum Discord moderator, using it to promote a phishing scam to community members.

And criminals haven’t just employed phishing tactics to fleece would-be ARB holders. According to one analysis, an attacker managed to loot $500,000 worth of ARB tokens by hacking into a third-party service used by some eligible claimants.

With so many users falling prey to ARB scams before the airdrop, there’s no telling how many users may have been scammed since the drop went live.

Can you run a successful airdrop?

Arbitrum is far from the only crypto project whose airdrop was beset with chaos – airdrops have long been magnets for crime and calamity.

Optimism, Arbitrum’s main peer in the race to help scale up Ethereum, famously bungled the widely hyped launch of its OP token last year. In a case mirroring that of Arbitrum, would-be OP claimants were forced to contend with widespread service outages that made it difficult for people to claim their share. OP claimants were also plagued by phishing scams, and an attacker stole $15 million worth of OP’s circulating supply by hacking into one of Optimism’s market-making partners.

It's not just Arbitrum’s competitors that have run into airdrop issues. In another example of an airdrop gone awry last year, the eligibility criteria for claiming airdropped tokens on the Juno blockchain led to a big-money “whale” earning vastly more tokens than should have gone to a single person. In an unprecedented test case of decentralized justice, the Juno community voted to confiscate those tokens – $36 million worth – only to accidentally send them to the wrong crypto address.

The securities problem

Airdrops have been around for around half a decade now, and the playbook for executing one has seen improvements over the years. Newer projects such as Arbitrum and Optimism have used stricter, more thoughtful eligibility criteria than airdrops of years past to avoid sending users more than their fair share. There’s a chance, moreover, that social media companies might find ways to get phishing under control, and that users will fall victim to scams less frequently as they learn to identify red flags.

But beyond the scams and service errors, airdrops might eventually need to contend with regulatory issues – at least in the U.S. – as Securities and Exchange Commission Chair Gary Gensler wages his crackdown on the industry.

Before airdrops, ICOs (initial coin offerings) were all the rage, where project owners would sell off tokens to investors in a process mirroring a more traditional IPO (initial public offering). This system, perhaps unsurprisingly, caught the attention of U.S. securities regulators who have argued that ICOs constitute the unregistered sale of securities (see: SEC vs. Ripple).

Though projects might not admit it publicly, airdrops were initially viewed as a way to avoid some of the regulatory red flags associated with ICOs.

The Howey Test – a legal precedent that U.S. regulators use to determine whether an asset should be considered a security – defines securities as “the investment of money in a common enterprise with a reasonable expectation of profits to be derived from the efforts of others.”

Nowadays, most major projects that airdrop tokens tend to avoid promising investment returns, so there’s no “expectation of profits” from owning a token. Moreover, by distributing tokens to a community (rather than selling them) and using tokenized “governance rights” to “decentralize” control over an ecosystem, it’s easier to avoid the appearance that a project is centrally controlled. If the project associated with a token is decentralized, it’s harder to argue that appreciation of the token’s value has been “derived from the efforts of others.”

The ground rules for what constitutes “decentralization,” however, are not altogether clear: Offchain Labs, for instance, reserved nearly half of ARB's circulating supply for investors and team members.

Also, while projects might not explicitly promise profits to token holders, virtually every big airdrop is accompanied by massive market hype, and one could argue that the investors who accepted tokens as part of their funding agreements might reasonably expect some kind of profit in return for their cash. (So-called fair launches try to address this issue by barring investors and early contributors from reserving tokens, but any project’s creator can theoretically game an airdrop because they set its eligibility criteria.)

ZkSync, another buzzy Ethereum scaling platform, is expected to airdrop a token sometime soon. Whether – and how – it pursues its token launch might be indicative of the future of airdrops and token-based projects. As the crypto ecosystem matures and regulators wise up to the industry, it’s hard to imagine that the messy airdrops of the past several years will be allowed to continue without major revision.

Edited by Bradley Keoun.


Please note that our privacy policy, terms of use, cookies, and do not sell my personal information has been updated.

CoinDesk is an award-winning media outlet that covers the cryptocurrency industry. Its journalists abide by a strict set of editorial policies. In November 2023, CoinDesk was acquired by the Bullish group, owner of Bullish, a regulated, digital assets exchange. The Bullish group is majority-owned by; both companies have interests in a variety of blockchain and digital asset businesses and significant holdings of digital assets, including bitcoin. CoinDesk operates as an independent subsidiary with an editorial committee to protect journalistic independence. CoinDesk employees, including journalists, may receive options in the Bullish group as part of their compensation.

Sam Kessler

Sam is CoinDesk's deputy managing editor for tech and protocols. He reports on decentralized technology, infrastructure and governance. He owns ETH and BTC.