Stellar Airdrop Scam Tokens: How to Identify and Remove Them

Published March 2026 by @maattssoonn

What Airdrop Scams Look Like on Stellar

You open your Stellar wallet and see tokens you never purchased. Names like "CLAIM-FREE-XLM" or "www.freestellar.xyz" or "GET10KXLM" appear alongside your legitimate assets. These tokens were not deposited by mistake. They were deliberately mass-distributed to thousands of Stellar addresses by scammers who created a custom token and sent it to as many accounts as possible. The tokens themselves have no real value -- they exist purely as bait.

How the Scam Works

The attack is social engineering, not technical exploitation. The scam token's name, home domain, or the memo field of the transaction that delivered it contains a URL. The scammers are betting that some percentage of recipients will visit that URL out of curiosity or excitement about "free" tokens.

The URL leads to a phishing site designed to look like a legitimate Stellar service. It will ask you to enter your secret key to "claim" your airdrop rewards, "verify" your account, or "unlock" additional tokens. The moment you enter your secret key on one of these sites, the attackers drain your entire wallet -- all your XLM and every token you actually own.

The Golden Rule

Never enter your Stellar secret key on any website you reached through a token name, memo, or airdrop link. Legitimate Stellar services will never ask you to "claim" tokens by providing your secret key on an unfamiliar site.

Why Scam Tokens Lock Your XLM

Beyond the phishing risk, scam tokens have a direct financial impact on your account. Each token creates a trustline, and each trustline locks 0.5 XLM of your reserves. This is a Stellar network requirement that applies to all trustlines, legitimate or not. If you've received 50 scam airdrop tokens over time, that's 25 XLM sitting in your account that you cannot spend, send, or trade until those trustlines are removed.

The scammers don't care about this cost to you. Creating tokens on Stellar costs virtually nothing -- just a tiny network fee per transaction. They distribute to thousands of addresses, hoping that even a small fraction of recipients visit the phishing URL. Your locked XLM is collateral damage in their numbers game.

How to Identify Scam Tokens

Not every unfamiliar token is a scam -- some may be legitimate airdrops from projects trying to build awareness. Here are the key indicators that a token is malicious:

  • Token name contains a URL or words like "CLAIM," "FREE," or "REWARD" -- Legitimate projects use standard asset codes (3-12 alphanumeric characters) that represent their brand, not marketing phrases.
  • Zero or near-zero DEX trading volume -- If no one is buying or selling the token on Stellar's decentralized exchange, it has no market. Check the token on stellar.expert to see its trading activity.
  • You never bought or explicitly accepted it -- If a token appeared in your wallet without any action on your part, it was airdropped. While some legitimate projects do airdrops, unsolicited tokens warrant scrutiny.
  • Issuer account has thousands of trustlines -- Mass distribution is a hallmark of spam. Legitimate token issuers typically have organic trustline growth, not thousands of recipients all at once.
  • Community warnings on stellar.expert -- The stellar.expert block explorer shows community-flagged warnings on known scam tokens. If a token is flagged, treat it as malicious.

Safe Removal

The most important rule when dealing with scam tokens: do not interact with any URL associated with the token. Do not visit the token's "home domain." Do not send the token to random addresses you found online.

The safe removal process is straightforward:

  1. Attempt a DEX sale -- Try selling the token on the Stellar DEX for XLM. Most scam tokens have no buyers, so this step usually results in nothing, but it's worth trying in case anyone is willing to purchase.
  2. Return to issuer -- Send the remaining balance back to the token's issuer address. This brings your trustline balance to zero.
  3. Remove the trustline -- With a zero balance, close the trustline and instantly reclaim the 0.5 XLM reserve.

Stellar Asset Pruner automates this entire flow client-side. Your secret key never leaves your browser, never touches a server, and is wiped from memory after each signing operation. No phishing URLs, no manual transaction building -- just select the scam tokens and let the automated process handle the rest.

Related Guides

Start pruning nowQuestions? View FAQ