Earlier this year, I was scrolling through Twitter (now X) when I saw a trending post about a new Layer 2 project called SkyBridgeX that was “doing a huge airdrop.” The tweet came from a verified account and had thousands of likes, retweets, and replies. The instructions were simple: connect your wallet to claim the free airdrop tokens and help “test their new smart contract bridge.”

Curious and seeing how much engagement it had, I clicked the link. It led me to a beautifully designed site with animations, branding, and even a roadmap outlining future development. There was a “Connect Wallet” button and a prompt to sign a simple message—not a transaction. I signed it.

What I didn’t realize at the time was that this wasn’t a harmless signature—it was part of a wallet-draining smart contract hidden in the signature request. Within a few minutes, $2,900 worth of tokens were siphoned out of my wallet. Gone.

I posted on Twitter for help, and immediately dozens of bot replies appeared, offering “crypto recovery services” or asking me to connect my wallet to “fix the drain.” It was a coordinated scam. Even the engagement under the original airdrop tweet was fake—entirely boosted by bot accounts to make the scam feel legitimate.

I felt violated and foolish. I thought I was cautious, but the sophistication of the setup made it feel like a real project. I later learned that there are entire bot networks designed to create viral scam campaigns, from fake comments to fake influencer retweets.

Never connect your wallet to unverified airdrop sites. If you’re signing something, read the contract—if you don’t understand it, don’t sign it.