Cybercriminals continue to exploit the hype around airdrops and decentralized finance (DeFi) projects, and the latest target is Raydium — a legitimate decentralized exchange built on the Solana blockchain. Our researchers recently identified a fraudulent website masquerading as a “Raydium Airdrop” promotion, designed to trick users into connecting their digital wallets and ultimately draining their crypto funds.
The scam site we uncovered operates at raydium-usa[.]xyz, although similar clones may appear under different URLs. The fraudulent page mimics the design and branding of the official raydium.io website, luring unsuspecting victims with the promise of a lucrative airdrop.
Once users connect their crypto wallets — typically prompted by browser-based wallet extensions like Phantom or MetaMask — the malicious page silently executes a crypto drainer script. This script identifies valuable digital assets and transfers them to wallets controlled by the attackers. These transactions are swift, often automated, and can remain undetected until it’s too late.
The “Raydium Airdrop” scam is a dangerous blend of phishing, social engineering, and financial fraud. Due to the irreversible nature of blockchain transactions, once funds are stolen, there is virtually no way to recover them.
Scan Your System for Viruses
✅ Free Scan Available
✅13M Scans/Month
✅Instant Detection
✅ Removes ransomware
✅ Prevents scams
✅ Detects trojans
Don’t leave your system unprotected. Download SpyHunter today for free, and scan your device for malware, scams, or any other potential threats. Stay Protected!
To raise awareness and help protect users, here’s a detailed summary of this threat:
Threat Summary
| Category | Details |
|---|---|
| Threat Name | “Raydium Airdrop” Crypto Drainer |
| Threat Type | Phishing, Scam, Social Engineering, Fraud, Cryptocurrency Drainer |
| Disguise | Fake Raydium Airdrop |
| Fake Domain Example | raydium-usa[.]xyz |
| Associated Emails | None identified (may vary by campaign) |
| Detection Names | Combo Cleaner (Phishing), CRDF (Malicious), Emsisoft (Phishing), Fortinet (Phishing), G-Data (Phishing), Trustwave (Phishing) |
| Symptoms of Infection | Unauthorized crypto transactions, missing funds, unknown wallet interactions |
| Serving IP Address | 104.21.50.137 |
| Distribution Methods | Social media spam, compromised websites, rogue ads, potentially unwanted apps |
| Damage | Permanent financial loss via stolen cryptocurrency |
| Danger Level | High |
| Recommended Removal Tool | SpyHunter – detects phishing pages and crypto-drainers |
Why This Scam Works
Cybercriminals capitalize on users’ desire to obtain “free” cryptocurrency, a tactic that has proven effective time and again. Because Raydium is a trusted name in the Solana ecosystem, a well-designed fake version of their platform can easily convince a casual user to interact with it — especially when presented with the opportunity to receive airdropped tokens.
What makes this scam particularly insidious is its automated draining capability. Once the wallet is connected, the attacker doesn’t need any further user action. The script can instantly scan for high-value assets and start siphoning them off without any warning. Victims may only realize what happened after checking their wallet balances, often too late.
Eliminating Crypto Scam Threats
Step 1: Identify and Report the Scam
- Gather evidence (screenshots, emails, transaction IDs).
- Report the fraud to:
- Your crypto exchange (Binance, Coinbase, Kraken, etc.).
- Law enforcement agencies like the FBI’s IC3 (ic3.gov) or the SEC (sec.gov/tcr).
- The Federal Trade Commission (reportfraud.ftc.gov).
- Blockchain explorers (like Etherscan) to check your wallet transactions.
Step 2: Uninstall Suspicious Software & Apps
- On Windows: Open Control Panel > Programs & Features → Find & Uninstall suspicious programs.
- On macOS:Go to Finder > Applications → Drag unwanted apps to Trash.
- On Android & iOS: Go to Settings > Apps → Uninstall fake crypto wallets or trading apps.
Step 3: Remove Malicious Browser Extensions
- Google Chrome:
- Open
chrome://extensions/ - Remove any unfamiliar or crypto-related suspicious add-ons.
- Open
- Firefox / Edge / Safari:
- Go to browser settings > extensions → Delete suspicious ones.
- Clear browser cache & cookies:
- Open browser settings → Privacy → Clear browsing data.
Step 4: Secure Your Accounts & Wallets
Change passwords immediately for:
- Crypto wallets
- Exchanges
- Email & social media
Enable Two-Factor Authentication (2FA):
- Use Google Authenticator, YubiKey, or Authy.
Move remaining funds to a secure wallet:
- Use a hardware wallet (Ledger, Trezor) instead of online wallets.
Step 5: Scan for Hidden Malware & Keyloggers
Your system may still have spyware, tracking your keystrokes or redirecting you to scam sites. A deep scan is essentialto detect and remove threats.
⏳ For a thorough malware check, use SpyHunter. (See Method 2 below.)
Automatic Removal with SpyHunter
Scan Your System for Viruses
✅ Free Scan Available
✅13M Scans/Month
✅Instant Detection
✅ Removes ransomware
✅ Prevents scams
✅ Detects trojans
Don’t leave your system unprotected. Download SpyHunter today for free, and scan your device for malware, scams, or any other potential threats. Stay Protected!
If you suspect hidden malware, SpyHunter can detect and remove crypto scam-related malware, trojans, and browser hijackers.
Step 1: Download SpyHunter
Follow SpyHunter installation instructions here: SpyHunter Download Guide
Step 2: Install and Run SpyHunter
- Run the SpyHunter installer.
- Follow the on-screen installation steps.
- Launch SpyHunter after installation.
Step 3: Perform a Full Malware Scan
- Click “Start Scan Now”.
- Let SpyHunter scan for:
- Crypto-stealing malware
- Browser hijackers redirecting to fake exchanges
- Phishing-related spyware
Step 4: Remove All Detected Threats
- Click “Fix Threats” to eliminate malicious programs.
- Restart your system to complete the cleanup.
Step 5: Enable Real-Time Protection for Future Security
Activate SpyHunter’s real-time protection to:
- Block phishing & scam websites
- Prevent future infections
- Monitor system vulnerabilities
Proactive Prevention: How to Avoid Crypto Scams
- NEVER share your private keys or seed phrases – even with “support teams.”
- Always verify URLs before logging in to exchanges.
- Use only official wallet apps from trusted sources.
- Ignore unsolicited investment offers via Telegram, Discord, and social media.
- Check for HTTPS & security certificates before entering login details.
- Regularly scan your device for hidden malware and spyware.
- Store crypto in a hardware wallet (Ledger, Trezor) rather than online wallets.
Final Thoughts
Cryptocurrency scams like the “Raydium Airdrop” drainer exploit trust, branding, and airdrop excitement to siphon real money from digital wallets. As always, verify links carefully, and never connect your wallet to unfamiliar websites, even if they resemble legitimate services.
If you believe you’ve interacted with such a scam site, scan your system immediately using a trusted security tool like SpyHunter to detect hidden threats or rogue scripts that may linger on your device.
Stay informed, stay skeptical, and safeguard your digital assets.
Scan Your System for Viruses
✅ Free Scan Available
✅13M Scans/Month
✅Instant Detection
✅ Removes ransomware
✅ Prevents scams
✅ Detects trojans
Don’t leave your system unprotected. Download SpyHunter today for free, and scan your device for malware, scams, or any other potential threats. Stay Protected!
