Fake Jupiter CJUP Airdrop Phishing Campaign

2024-01-01

Jupiter Exchange completes first Jupuary airdrop, distributing 1 billion $JUP tokens to approximately 1 million Solana wallets, establishing the brand recognition that the phishing campaign subsequently exploits.

2024-02-01

Earliest variant phishing domains in the campaign family, including listed-jup[.]space and reg-jup[.]com, are documented by PCRisk malware researchers.

2025-01-01

Jupiter Exchange completes second Jupuary airdrop, distributing approximately 700 million $JUP tokens valued at roughly $616 million. The claimjupuary.pages[.]dev phishing domain is documented around this period.

2025-06-01

jupitersearns[.]com phishing domain variant documented.

2025-09-01

Cluster of claim.juplter[.*] variant domains documented, targeting users with wallet connection prompts.

2025-10-01

jupbox[.]net phishing domain variant documented.

2025-12-01

jupiterofficial-ag[.]com and jupiter.onspace variant domains documented.

2026-01-01

jup-airdrop.onspace phishing domain variant documented.

2026-02-01

Jupiter DAO opens governance vote on whether to cancel future Jupuary airdrop events, potentially eliminating the legitimate brand context that the phishing campaign exploits.

2026-03-25

PCRisk publishes updated removal guide for the Jupiter Airdrop Scam family, cataloguing over 30 malicious domains.

2026-05-22

Solana Floor issues prominent alert warning that scammers are distributing fake $CJUP tokens to Solana wallets and directing victims to drainer websites, triggering widespread coverage from crypto news outlets.

2026-05-23

WEEX Crypto News (citing rootdata) and Bitget News amplify the Solana Floor alert; Cryptopolitan, Coin Turk, and BigGo Finance publish detailed articles on the campaign mechanics.

2026-05-27

An X user documents a related NFT-based variant: 'Jupiter Airdrop Live' NFTs appearing in Phantom wallets containing embedded links or QR codes pointing to drainer infrastructure.