Fake Solana airdrop / Jito priority-fee bundle-tip front-run drainer lure — "Solana airdrop claim window expires soon; pay 0.01 SOL Jito priority fee bundle and approve setAuthority on your SPL token account before snipers front-run your claim" targeting Jupiter / Drift / Kamino / Solana-ecosystem airdrop hunters. The signed setAuthority transfers ownership of the user's SPL token account to the attacker, draining the entire token balance on the next attacker-initiated transfer. Real Solana ecosystem airdrops never demand a Jito-priority-tip wire and never demand a setAuthority signature on the user's SPL token accounts. Distinct from `fake-eip-7702-account-abstraction-delegation-lure` (Ethereum EIP-7702), `fake-eigenlayer-symbiotic-restaking-slash-recovery-lure` (LRT slash drainer), and `base-superchain-l3-sequencer-fee-refund-claim-lure` (Base / OP bridge). Airdrop-drainer cluster. Source: GC1 R8 multiagent council (S4 crypto specialist).

Fake Solana airdrop / Jito priority-fee bundle-tip front-run drainer lure targeting Jupiter / Drift / Kamino / Solana-ecosystem airdrop hunters. The phish narrative arrives as: "Solana airdrop claim window expires soon — pay 0.01 SOL Jito priority fee bundle and approve setAuthority on your SPL token account before snipers front-run your claim," or "Jupiter and Drift airdrops are being front-run by sniper bots — submit a Jito bundle tip and sign setAuthority on your SPL token account to claim before the snipe expires." Solana airdrops genuinely face MEV / sniper / front-running pressure, and Jito bundle priority-fee tipping is a real Solana mechanism that the user-base understands, lending the phish narrative immediate credibility. The drainer prompts the user to sign a `setAuthority` transaction on their SPL token account — under the SPL token program, signing setAuthority transfers full ownership of the token account (and all the tokens within it) to the attacker, draining the entire token balance on the next attacker-initiated transfer. Compromised victims see full token-balance loss across every approved SPL token (USDC, USDT, plus governance tokens, plus airdrop allocations) — typical retail exposure $500-$50K, whale exposure $100K-$10M+ depending on Solana DeFi position. Real Solana ecosystem airdrops never demand a Jito-priority-tip wire and never demand a setAuthority signature on the user's SPL token accounts; legitimate claims flow through native protocol UIs (jup.ag, drift.trade, kamino.finance, app.phantom.app, solflare.com) with the user's wallet signing a routine transfer-from-treasury transaction. Distinct from `fake-eip-7702-account-abstraction-delegation-lure` (Ethereum EIP-7702 setCode delegation), `fake-eigenlayer-symbiotic-restaking-slash-recovery-lure` (LRT slash drainer), and `base-superchain-l3-sequencer-fee-refund-claim-lure` (Base / OP bridge refund) — this signal is specifically the Solana / Jito-priority-fee / SPL-token-account / setAuthority / airdrop-snipe framing. Airdrop-drainer cluster. Fires when body references Solana / Jito / priority fee / Jito bundle / bundle tip / SPL / SPL token / token account / setAuthority / Drift / Jupiter / Kamino AND contains claim / snipe / sniper / front-run / expires / airdrop / sign-setAuthority / connect-wallet / action-required urgency. Excludes solana.com, jito.network, phantom.app, solflare.com, jup.ag, drift.trade, kamino.finance. Auto-classified as danger via the `-drainer` suffix. Source: GC1 R8 multi-agent council (S4 crypto specialist).