TechFlow news, November 25 — According to SlowMist's Yuxuan, some users may not have received the Monad airdrop and are advised to check whether the wallet address previously bound on the airdrop claim page matches their intended address.
Yuxuan indicated that if the bound address is not the user's intended one, they might have encountered an issue similar to that of user Onefly (@Onefly)—where their wallet address was hijacked and replaced with the hacker’s address, causing the official team to send the airdrop to the hacker.
According to Yuxuan, a white-hat hacker had previously reported a related vulnerability, which has a prerequisite condition: if an attacker hijacks a user’s session on the Monad airdrop claim page, they can change the receiving wallet address without requiring further confirmation.
