The way they usually work is they give you some string and you sign it to prove you own the address.
Could a malicious air drop make a transaction sending all your BTC to them, and then you sign it, and then they broadcast it to the network?
Or is signing a message different than signing a transaction?
Airdrop is currently more insecure,which is often caused by malware viruses through social media sites or other media,especially if you have to send bitcoin to get coins,I have long since left airdrop I think if you are interested,you should be careful because it often happens data theft.
The best time I only enjoyed airdrop was during the bull run, all I got was ETH tokens that can easily be traded in Ether delta at that time.
But when some of the airdrop I joined ask some KYC information, I loss my interest in such as I know most of the airdrop are scams.
It will only be safe if we don't give anything, except our ETH address where they will send the free tokens.
I made a good amount from airdrop, but that was only when the time people are still in FOMO due the bull run, but then as the market starts to stabilize and correction happen, airdrop has slowly gone in the space.