NFT scams to watch out for

NFT scams have caused many people to lose money. As an NFT investor, it’s important to know the most common forms of scams that target unsuspecting users. Read on to learn how to protect yourself from NFT fraud.

What are NFTs?

Non-fungible tokens (NFTs) are digital assets that represent ownership of unique items. NFTs allow you to tokenize real-world and digital items, such as artworks and collectibles, or even access credentials to digital or physical assets. 

Non-fungible tokens are not interchangeable, and those deployed on Ethereum (ETH) usually comply with the ERC-721 standard instead of the usual fungible ERC-20 standard.

Fungible tokens can be mutually exchanged for similar tokens. For instance, 1 ETH is exchangeable for another 1 ETH — this is due to their fungibility, or in other words, their being interchangeable. With NFTs, each one is a separate entity with its own features, even when they belong to the same series — just like two baseball trading cards are distinct despite both being baseball trading cards.

Furthermore, non-fungible token standards enforce that even if you create multiple NFTs featuring the same media, they are still distinguishable based on their metadata — much like multiple baseball trading cards featuring the same player having their own serial numbers. Taking this notion further, creators of these NFT collections often incorporate different traits of varying degrees of rarity to enhance the scarcity and value of their NFTs. 

Having said that, an advantage of having NFT historical data on the blockchain is that you can authenticate the provenance of digital artworks and media without having to involve counterparties. 

What are NFT scams?

As the NFT market develops, fraudsters are increasingly finding innovative ways to separate NFT owners from their digital assets. NFT scams are continuously evolving, and users need to keep abreast of the newer forms.

Scams in the NFT market are intended to defraud you of your NFTs and/or funds held in your wallet. The sad reality is once your NFTs have been stolen or compromised, it is usually impossible to recover them.

Therefore, it is essential to identify common NFT scams and how you can prevent them. 

Most common NFT scams to look out for

Let us look at the most common scams that have managed to defraud NFT collectors of millions of dollars. 

Phishing campaigns

This type of scam involves bad actors who create fake social media accounts or send instant messaging or email messages in an attempt to lead NFT users to connect their wallets to fake NFT marketplaces or projects.

Once they access your wallet, they drain it off all your assets and NFTs.

Scammers often copy legitimate social media accounts and advertise them on social media to lure unwitting buyers. They convince buyers to buy fake NFTs and disappear with their funds. These fake social media accounts sometimes host fake giveaways, so remember the old adage: “If something sounds too good to be true, it probably is.”

One way to prevent these scams is always to check the URL of the page you are visiting — the URL is the text where “google.com” would appear if you were on Google. Check carefully for anything suspicious; if, for instance, instead of opensea.io you see something you would not expect, like cpensea.io then you are most likely on a phishing website that you should close.

Their URLs often use characters that, at a glance, might resemble the original URL but occasionally have a completely random URL instead. Often times those websites also feature a user interface completely identical to the original.

A good way to be safe is always to use links from a reliable source (which may be your web browser’s favorites) and look for that NFT collection you saw on social media by searching it on the market yourself instead of clicking on links you should not trust.

Social engineering attacks

Scammers often pose as legitimate NFT or crypto exchange customer support services or any other trusted third party to get NFT users to divulge sensitive information.

This is particularly common on instant messaging platforms Discord and Telegram, where many NFT projects have forums and communities. They engage users on the pretext of solving a customer issue or escalation and, in the process, ask the users for their wallet private keys or seed phrases. Once they have the details, they then proceed to steal their all crypto assets immediately.

You can avoid this type of scam by following one simple rule: never share your private keys or recovery phrase with anyone. There are no legitimate reasons for sharing this information short of giving up control over your asset to another person.

Fake NFTs

Bad actors often copy a successful NFT and sell it on marketplaces, hoping that some users will buy it, believing it is the original.

To avoid this kind of scam, ensure that the account listing the NFT is the official account of the issuer behind the NFT you are trying to acquire. If you are confident that you know the real social media pages of the issuer, they may link to the NFT auction from there.

Rug pull or exit scams

In this kind of scam, fraudsters simply create a project and promise investors a lot of future development. Still, once they become confident that this is as much money as they can get out of their scheme, they disappear with all the assets they raised and do not make good on their promises.

One example is the Evil Ape scam that resulted in investors losing over 700 ETH to an anonymous NFT creator.

Market manipulation

In this scenario, fraudsters work to inflate the price of an NFT collection by placing several bids within a short period to build a frenzy around the NFT and cause the price to rise. They also often wash trade assets by buying and selling the tokens from accounts that they control themselves.

Once the price has reached a certain level, the malicious actors liquidate their collection at a profit and leave buyers holding seriously overpriced digital assets.

One way to skirt this sort of trap is to check the transaction history of any NFT before acquiring it. If the transactions seem suspicious and the sudden pickup in interest is not mirrored by community attention, then the market action may be fake.

Bidding scams

These scams usually happen when you try to sell your NFT on the secondary market. A scammer will pose as a buyer and place the highest bid on the NFT you have listed. When it comes to paying, the scammer will switch the digital currency used without your knowledge. The result is you will end up receiving 10 USDC (worth $10) instead of the 10 ETH you agreed upon.

To avoid this, you are advised to always check the transactional currency before initiating the payment.

Airdrop or free NFT minting scams

In this kind of phishing scam, hackers share links that supposedly lead to an airdrop via social media or other means. When a victim clicks on the link, the website usually requests to sign a transaction with their web 3.0 wallet to “register for the airdrop.” This transaction then empties their wallet of their NFTs and often also everything else.

In April 2022, a hacker stole about $14 million of dollars worth of NFTs from the official Instagram account of the Bored Ape Yacht Club. After accessing the account, the attacker posted a fake update about a LAND airdrop. Users had to connect their wallets to claim it, but the link took them to a phishing site.

There are multiple ways to decrease the likelihood that you are falling for this sort of attack. You should research in-depth any entity whose transaction you are about to sign.

You should also at least attempt to understand the data of the transaction you are about to sign. If you cannot understand it, consider playing it safe and avoid participating in this airdrop.

Vulnerability exploit

In some instances, you can do little to prevent your software wallet from being exploited. Sometimes software is faulty and a transaction may be signed by your wallet without you confirming it, sometimes an on-chain attack vector is discovered.

This risk can still be attenuated, but there is no perfect safety since such a complex ecosystem is prone to having some weak links that expose the whole system to failure — which is the reasoning behind Bitcoin’s (BTC) simplicity and lack of a turing complete script language. One good strategy to decrease this kind of risk is to use a cold wallet — such as a hardware wallet — instead of a software hot wallet, which prevents many such attacks.

With a hardware wallet, you have to confirm the transaction on an external device that is disconnected from the internet to sign your transaction. For this reason, even if your computer is vulnerable and compromised, it still cannot confirm that transaction as long as you do not press the button — your computer does not have access to your private key. It only receives the signed transactions from the external device.

How to avoid NFT scams

• Verify URLs: Phishing campaigns prey on distracted users. Always double-check URLs. If “opensea.io” appears as “cpensea.io,” steer clear. Legitimate websites have distinct URLs.
• Use reliable sources: Instead of clicking on links shared over social media, use bookmarked websites or type the address manually to ensure you’re visiting the actual website.
• Guard your info: Social engineering attacks target your private information. Never share your wallet’s private keys or recovery phrases. Trusted platforms will never ask for these.
• Check authenticity: To avoid fake NFTs, ensure you’re purchasing from the official account of the NFT issuer. Always verify listings against their official social media or website.
• Research new projects: Avoid “rug pull” scams by researching new projects before investing. Check for transparency, team details, and community engagement.
• Scrutinize transaction histories: For market manipulation schemes, inspect an NFT’s transaction history. Discrepancies between rapid price increases and community engagement are red flags.
• Review transactional currency: In bidding scams, always check and re-check the digital currency of the transaction before finalizing.
• Be skeptical of airdrops: Scammers promise airdrops or free NFT minting to get access to your wallet. Research thoroughly before signing any transaction, especially if it sounds too good to be true.
• Stay updated: Vulnerabilities can emerge in software wallets. Keep your software updated and be aware of any recent vulnerabilities reported in the crypto community.
• Engage with communities: Join forums and communities of NFT enthusiasts. They often share their experiences, which can help you spot potential scams.
• Use hardware wallets: For high-value NFTs and assets, consider using a hardware wallet. This offline storage reduces the risk of theft from online attacks.
• Stay educated: The NFT and crypto world is ever-evolving. Regularly reading up on the latest security practices can save you from potential pitfalls.

Closing words: navigating NFTs safely

The world of NFTs promises digital uniqueness, potential for great financial returns, and a new way of defining ownership in the digital realm. However, like any booming market, it’s not without its shadows. Scams and fraudulent actors have found their way into the NFT space. These scams range from phishing campaigns to fake NFT listings, and they can cause considerable financial and emotional distress.

Staying safe in the NFT universe is possible with vigilance, education, and proactive measures. By double-checking URLs, guarding personal information, researching new projects, and engaging in active NFT communities, users can build a defense against the most common scams.

Furthermore, utilizing hardware wallets for high-value assets, staying updated on the latest vulnerabilities, and continuously educating oneself can further fortify this defense. As we continue to forge ahead in this digital frontier, being informed and cautious ensures that we can enjoy the innovative world of NFTs while safeguarding our valuable assets.

FAQs