Thief lays trap to claim 3 million ARB tokens in upcoming airdrop

Quick Take

  • A bad actor is trying to take advantage of 2,400 compromised crypto wallets to claim the Arbitrum airdrop on their behalf.
  • If the plan is successful, it could net them around 3 million ARB tokens, amounting to 0.26% of the user airdrop.

A would-be thief is laying the groundwork to intercept 3 million ARB tokens from the upcoming Arbitrum airdrop.

The crypto criminal sent ether to around 2,400 wallets in order to approve a contract that allows recipients to claim the airdrop, which is set for Thursday. Normally this wouldn’t be a problem, but this person also appears to have access to the wallets' private keys.

The approved contract will automatically claim the airdrop on behalf of the thief, bypassing any bots that might be set up to sweep funds that land in the wallets. 

Word of the scheme was first brought to light by Arkham Intelligence and a post on GitHub. The ARB token will control the governance of the Arbitrum One and Nova networks through a DAO.

Since the bad actor knows the private keys for the wallets, wallet owners can’t necessarily block them. What they can do is revoke the contract that has been set up — but even then they would still need to manually claim the airdrop before the hacker does.

In a world often rife with exploits, this attempt to hijack an airdrop is unique.  If successful, it means the thief would end up claiming 0.26% of the user airdrop by siphoning them from wallets that aren't their own. Such a move would undermine the goal of handing over governance to the most dedicated Arbitrum community members while at the same time depriving these wallets of their rightful claim.


Keep up with the latest news, trends, charts and views on crypto and DeFi with a new biweekly newsletter from The Block's Frank Chaparro

By signing-up you agree to our Terms of Service and Privacy Policy
By signing-up you agree to our Terms of Service and Privacy Policy

Not possible on Arbitrum 

The fact that the drop is happening on Arbitrum, a layer2 scaling project, complicates matters for the wallets in question. If the airdrop was on the Ethereum blockchain, then it might be possible to use Flashbots to gain an edge in claiming the airdrop first — but that’s not possible on Arbitrum.

Some in the community have called on Offchain Labs to blacklist these wallets so that the bad actor doesn’t end up with all of the tokens. Yet this could stop legitimate users from having a chance to claim them.

At the time of the airdrop announcement, Offchain Labs CEO Steven Goldfeder told The Block there will be no changes to the airdrop allocation. The company has not addressed this specific issue.

© 2023 The Block. All Rights Reserved. This article is provided for informational purposes only. It is not offered or intended to be used as legal, tax, investment, financial, or other advice.

About Author

Tim is the Editor-In-Chief of The Block. Prior to joining The Block, Tim was a news editor at Decrypt. He has earned a bachelor's degree in philosophy from the University of York and studied news journalism at Press Association Training. Follow him on X @Timccopeland.


To contact the editors of this story:
Larry DiTore at
[email protected]
Nathan Crooks at
[email protected]