Skip to main content
Sign in

Fake Chainbase Airdrop Phishing Campaign

avoid.net/fake-chainbase-airdrop-phishing-campaign2/100·82% conf.
[AI-DRAFTED · AWAITING VERIFICATION]
anchored·2PGJdy…WXgv

Summary

An ongoing phishing campaign, active since at least July 2025, impersonates Chainbase — a legitimate Singapore-based Web3 data infrastructure company — to lure cryptocurrency holders into either granting unlimited wallet spend approvals or surrendering seed phrases via fake 'wallet update' forms. The campaign exploits the timing of Chainbase's real $C token airdrop (launched July 14, 2025 on airdrop.chainbase.com) and operates through dozens of rotating domains anchored by chainbz[.]vip, using stolen branding, malicious ads, and social media spam. Chainbase has not authorized any third-party claim sites; all legitimate claims occurred exclusively at airdrop.chainbase.com.

Connected Entities

1 entities · 10 linked investigations
Organizations
Fake Chainbase Airdrop Phishing Campaign
Relationships
    Also appears in
    Alephium Bridge·18Bunni Protocol·28BitGrail·2Shunda Park Scam Compound·0Lulo·68Thorchain DEX·14Crossmint·78Access Protocol·47Orca·80KuCoin Exchange Hack·32
    Have evidence about Fake Chainbase Airdrop Phishing Campaign?

    Timeline(6 events)

    2025-07-06

    Binance HODLer Airdrop snapshot window opens for Chainbase $C token (July 6–9, 2025); attacker infrastructure likely deployed around this period to capitalize on high user interest.

    Binance Square post (Chainbase HODLer Airdrop announcement)

    2025-07-14

    Official Chainbase Airdrop Season 1 launches at airdrop.chainbase.com; Chainbase blog explicitly warns users that all claims occur only on the official domain and to beware impersonators.

    Chainbase Official Blog

    2025-07-18

    Binance lists Chainbase $C token with spot trading pairs (C/USDT, C/BNB, C/USDC); $C surges over 230% in 24 hours, significantly raising public profile of Chainbase and likely expanding the phishing campaign's target pool.

    Binance HODLer Airdrop post; CryptoNinjas reporting

    2025-07-29

    PCrisk publishes removal guide for the Chainbase Airdrop Scam, documenting chainbz[.]vip as the primary phishing domain, serving IP 104.21.80.1, and the two-stage attack methodology (wallet approval and seed phrase harvesting).

    PCrisk

    2025-07-30

    MalwareTips publishes analysis of the campaign, adding additional confirmed phishing domains: chainbase-airdrop[.]org and chainbasedrops[.]xyz, and noting that domains change frequently.

    MalwareTips

    2025-07-31

    CyberInsider publishes report on the phishing campaign, summarizing attack mechanics, distribution vectors, and the use of fake sponsored ads and social media impersonation accounts.

    CyberInsider
    Provenance & Audit Trail
    Anchored on SolanaVerify on-chain

    Decision Log

    This investigation is cryptographically anchored to the Solana blockchain and source URLs are archived via the Internet Archive.

    full audit log →version history →

    model: claude-code-investigator

    generated: 6/2/2026, 8:11:51 PM

    last updated: 6/2/2026, 8:12:15 PM

    avoid.net — verified advice for a post-truth world