Non-fungible tokens have taken the world by storm, revolutionizing the art world and many other industries. While crypto enthusiasts see this as another sign of the mass adoption of blockchain, it can be difficult to distinguish trustworthy artists from malicious entities in this relatively new space.
The growing interest in NFTs has made many communities of popular NFT projects vulnerable to phishing and other fraudulent activities. This has led to active discussions about how to protect digital assets.
With NFTs on the rise, it’s crucial to keep up with common scams and the latest NFT security updates. Read on to learn how to spot red flags and keep your NFTs safe.
NFT stands for a non-fungible token, which is a crypto token that exists on a blockchain. NFTs can be anything digital such as music, images, videos, etc. NFTs are non-fungible because every token is unique and can’t be exchanged for another NFT.
When you purchase an NFT attached to a digital asset, you don’t own the asset itself. You can’t reproduce it or use it commercially. Instead, you take ownership of a purchase record that is stored on a blockchain, which can later be sold to someone else. Therefore, NFTs serve as digital certificates of ownership.
NFTs exist on a blockchain, a distributed ledger that stores transactions, and point to a web link, such as an image file. NFTs are typically held on the Ethereum blockchain, although other blockchains also support them.
NFTs are created from digital objects that represent tangible and intangible assets, including art, collectibles, gifs, memes, videos, virtual avatars, etc. This list is partial, as NFTs can be almost anything.
NFTs are the digital equivalent of collectibles. The buyer receives a digital file rather than a work of art to display. This gives them exclusive ownership because NFTs can only belong to one person at a time. The unique data associated with each NFT enables ownership verification. What’s more, token owners and creators can store specific information within NFTs.
To deal with NFTs, you need a digital wallet that can store both cryptocurrency and NFTs. You need cryptocurrency to buy NFTs on marketplaces such as OpenSea. However, some platforms also support fiat payments.
As mentioned above, most NFTs run on the Ethereum blockchain, so people can buy them with Ether, its native currency. You can exchange fiat currencies for ETH on exchanges like Coinbase. There are centralized and decentralized finance crypto exchanges and wallets, with differences in security.
Decentralized wallets are non-custodial, meaning that the user has complete control over their assets stored in DeFi wallets such as MetaMask. NFTs are decentralized by nature, so they are managed with decentralized wallets and can be purchased on various marketplaces or trading platforms.
In terms of security, users don’t have to pass through any authentication, identity verification, Know Your Customer (KYC) procedures or share any personal information when using a DeFi wallet. On the contrary, centralized wallets are obliged to comply with the relevant laws when onboarding users and authenticating them and their activities.
As innovative technologies continue to emerge, strong security measures become even more necessary to keep users’ digital assets safe. When using a DeFi wallet, there is no two-factor authentication or other additional security measures. Therefore, if someone gets your credentials, they can access your wallet and your assets.
Both cryptocurrencies and NFTs are relatively unregulated spaces, so there is potential for malicious entities to carry out fraudulent activities. Let’s take a closer look at the types of NFT scams.
Third-party marketplaces like Rarible are designed to simplify NFT transactions and provide security to support every sale. However, bad actors can set up fake marketplaces with very similar URLs to mislead users.
The visible component of an NFT is an image and some plain text information that can be easily copied, so fake platforms can look like legitimate marketplaces.
A rug pull is a scam where promoters attract investors by heavily promoting fake NFT projects on social media to drive up the price. Once the scammers get the investors’ money, they stop supporting the project, causing the value of the asset to plummet and investors to lose money.
In some cases, NFT developers remove the ability to sell the token, leaving investors with unsaleable assets.
Pump and dump schemes
A pump-and-dump scheme occurs when multiple people intentionally buy NFTs to artificially increase demand. Unsuspecting users believe the token is valuable, join the auction, and start bidding. Once the bids rise, the culprits sell the NFTs for a profit, leaving investors with worthless assets.
Phishing scams typically target customers with fake ads on Discord, Telegram, and other public platforms. These ads ask for users’ private keys and 12-word security phrases.
Scammers may also impersonate MetaMask and send you fake warning emails claiming that your wallet has been suspended due to security issues. Such emails typically contain a link to verify your account, which is actually used to steal your personal information and drain your digital wallet.
Customer support scams
This is a type of phishing scam where criminals pose as customer support for NFT marketplaces. They usually contact unsuspecting users through social media channels such as Discord, Telegram, or Twitter with an issue regarding your account. The scammers will then send you a link to fake but official-looking websites to obtain your personal information and access to your crypto wallet.
In some cases, bad actors will ask you to share your screen to resolve the issue. What they really want is to steal your wallet credentials.
Bidding scams happen when investors resell their purchased NFTs on a secondary market. Buyers may swap your preferred currency for lower-valued cryptocurrencies without your permission right after you list your NFT for sale. If the seller doesn’t double-check the details before agreeing to the sale, this can result in losing money.
Scammers can copy someone else’s artwork and list the plagiarized NFT on an NFT marketplace. Since the token was created using stolen or counterfeit artwork, it has no value. By the time the defrauded buyer realizes this, it’s too late, and the seller has made off with the investor’s money. It can be almost impossible to trace the fraud back to the forger.
NFT giveaway or NFT airdrop scams
Bad actors may pose as legitimate NFT trading platforms on social media to promote NFT giveaways. They typically offer a free NFT if you spread their message and sign up through their website. When you sign up, you are supposed to link your wallet credentials and receive your reward. However, once they have your credentials, the scammers will use them to drain your wallet of any existing digital assets.
Investor fraud can be common in the NFT space due to the anonymity associated with doing business in the cryptocurrency space. Scammers leverage anonymity and create projects that seem to be viable investments. Once they collect money from investors, they disappear with the funds.
Social media impersonation
Cybercriminals often copy popular NFT accounts and create fake social media profiles that look very similar to the originals. Scammers use these fake accounts to convince people of their legitimacy and sell them counterfeit NFTs. What’s more, fake social media accounts can host fake giveaways, putting unsuspecting users at great risk.
Experienced fraudsters create replicas of legitimate marketplaces with the same designs. This is done to confuse users about the original site.
This type of NFT scam is considered a social engineering scam. Investors need to check websites carefully to avoid buying NFTs from fake platforms.
Celebrities and influencers can increase the popularity of an NFT collection. Therefore, NFT developers invite celebrities to promote their projects. The public may fall victim to such NFT scams even before identifying the fake promoters.
In some cases, scammers try to persuade potential investors to join their projects for the sake of charity. However, such promises are insincere.
Stealth drop NFT scams
Twitter and other social media platforms are widely used by bad actors to carry out this scam. The algorithms behind these platforms also play an important role in these schemes. When you join NFT conversations, Twitter starts recommending more of that content to you.
Therefore, scammers create a so-called stealth NFT drop that eventually attracts unsuspecting users who think it is a good deal. According to the tactic, the NFT promises to make a fortune quickly but becomes bait to lure unsuspecting users into an NFT scam.
Many artists have faced fraudulent activities. For example, Tyler Hobbs, the artist behind the Art Blocks project “Fidenza,” accused the SolBlocks platform of using his code to sell copies of his works. Derek Laufman’s artwork was also put up for sale by a fake account using his name, which even received a verified icon.
The list of such scams is long, prompting artists to react by commenting, reviewing, and denouncing fake platforms and profiles for the unauthorized sale of their art.
Swindlers airdrop NFTs into the wallets of influencers, making it look like the celebrities actually minted the tokens on the blockchain. This scheme exists because many potential buyers monitor certain wallets for new activity, foreseeing mass interest and a rise in the value of an NFT.
Hacking is so widespread that it takes many forms. It is designed to steal the most sensitive information, such as personal and bank account information, social security numbers, good credit scores, and money. A hacker can get your crypto wallet information in many ways, even by hacking the app or exchange platform that hosts your wallet.
2021: Evolved Apes
Evolved Apes is an NFT rug pull that took place in October 2021. The project consisted of 10,000 NFTs and promised investors that they would make money from a fighting game. In this game, players would receive a unique ape made up of component elements that could be used in battles against other apes.
The original NFT offering was intended to raise funds for the game. However, after raising approximately $2.7 million, the anonymous developer known as “Evil Ape” disappeared, leaving investors with nothing.
In addition, all of the project’s social media accounts were deleted. It was later discovered that none of the game’s competition winners had received the NFT prizes as promised.
Initially, investors expected to receive a limited edition NFT. However, they discovered that a link they received from the project’s official Discord channel was designed to steal cryptocurrency. Ultimately, users who followed the link in hopes of receiving an NFT instead found their digital holdings transferred to the scammer’s account.
When the investors bought all 8,888 tokens created, they found that the project team had deactivated their social media accounts and completely dropped out of contact.
In the end, the scammers got away with $1.3 million of investors’ money, and the criminals still haven’t been found. It is unlikely that the defrauded investors will ever get their money back.
Do your research
Before agreeing to a transaction, check the details thoroughly. Make sure you’re using a reliable and well-established marketplace and that you can view the buyer or seller’s transaction history. It’s also a good idea to read reviews and look at the creator’s engagement level to see if there have been any complaints about their transactions in the past.
Also, if you’re planning to invest in a project, check out the developers behind it to see if they’re legitimate.
Don’t open files from senders you don’t know well
Hackers have improved their malicious software and created viruses that directly attack cryptocurrency wallets. To protect yourself, never follow links in unsolicited emails, as they may lead to fake exchange sites. Also, avoid clicking on links or attachments from unknown sources.
Watch out for giveaways
While giveaways or free drops are common in the NFT space, they can often come with security threats. Each NFT comes with a smart contract that defines what can be done with it, which means bad actors can attach permissions to access your wallet, sell your assets, and more. So never accept an NFT from someone you don’t know and trust.
Never share the private key or seed phrase to your crypto wallet with anyone
Always keep your private key and seed phrase safe. If someone knows your credentials, they can access your wallet and remove your holdings undetectably. Use two-factor authentication to protect your account and wallet.
Verify the creator behind the project
Before paying for the NFT, find and verify the contact details of the digital artist you want to buy from. Make sure that project creators are honest and transparent about who they are. Therefore, if you can’t find clear information about the people behind a project, don’t transfer your money to them.
Deal with official sites
For crypto transactions, always go directly to verified websites. Avoid links or pop-ups that ask you to enter your wallet credentials. Also, resist the temptation of so-called bargains that may take you to suspicious blockchain networks.
Avoid visiting untrustworthy sites
It’s easy to misspell things, and hackers make heavy use of this fact. Typing an incorrect URL by a letter or two can lead you to fake websites, which are extremely dangerous in the NFT world.
Always double-check the URL to make sure you’re on a legitimate site, and avoid doing anything you’re not comfortable with. Keep in mind that if something seems too good to be true, it probably is.
Double-check the NFT project price
Before buying an NFT, cross-check the price on an official trading platform, such as Sorare, Mintable, or OpenSea. If the price appears to be lower than what is listed on the legitimate trading platform, it’s probably a scam.
Use burner wallets
With a burner wallet, you can limit the number of funds you want to allocate for a particular purchase, such as crypto for transaction fees, etc. This minimizes the risk of getting scammed.
Check verification marks
The majority of legitimate NFT sellers tend to have a blue checkmark next to their usernames on OpenSea and other NFT trading platforms. Also, the characteristics of the collection are usually clearly listed.
Make sure that the NFT creator you are buying tokens from is a legitimate artist and has a verified account. You can search for the artist on social media channels or their website. You can also ask them directly if they own the NFT you’re interested in and if you have the correct user profile.
Keep keys private
Another important rule is to never share your crypto wallet information with anyone. Your private keys must be kept private, as well as any recovery codes. No one needs to know your login details for any reason.
Review transaction history of NFT
Stay away from NFTs with transactions executed in one day.
Do not click on suspicious attachments or links
Avoid clicking on links or attachments related to your digital assets unless you’re sure of the sender’s identity. Bad actors use phishing emails to trick people into giving up their digital wallet credentials.
Even if the link looks like it leads to a legitimate website, it may be fake. The best solution is to always visit the site directly and not follow any links.
Create strong passwords
You should only create unique, strong passwords for your NFT accounts and cryptocurrency wallets. Also, use two-factor authentication wherever possible to keep your digital assets safe. To make it even harder to steal an identity, use facial or fingerprint recognition.
Use reputable NFT exchange markets
You shouldn’t trust offers that sound too good to be true. New marketplaces are popping up all the time, but they offer minimal security. To eliminate the risk of scams, stick to well-established exchange platforms, such as Axie Marketplace, Foundation, Mintable, Nifty Gateway, OpenSea, and Rarible.
Before purchasing an NFT, it’s important to take some security measures. First, use two-factor authentication apps to access your account. Second, protect your username and password. Don’t share your credentials with anyone; remember to change your password regularly.
Always make sure the platform where you’re buying NFTs is legitimate. Never follow links sent to you by someone you do not know via email or social media. It’s also a good idea to do your due diligence on the NFT you’re buying.
After purchasing an NFT, move your token from the marketplace account, which can be hacked, to cold storage or hardware. Cold storage is more secure because all the key information is stored on the device itself, which is harder for bad actors to access. You can also keep your digital assets in a crypto wallet, but keep in mind that they’re more vulnerable to attack than offline storage.
Today, anyone can become or hire a digital artist to create an NFT collection and then create a lot of hype with crypto influencers. Unfortunately, this hype makes it difficult to distinguish trustworthy NFT creators from bad actors. In addition, many NFT collectors and creators use anonymous names and popular cartoon NFT profile pictures on social media.
However, it is not only crypto rookies who face the risks of fraud. For example, scammers can spend very little money and make millions of dollars selling NFTs if they really do everything right. This leads to governance and transparency issues, as once an NFT creator or community founder makes a $1 million promise, collectors tend to expect them to deliver.
If NFT creators don’t follow through and just pay themselves generously, then their NFTs are worth nothing. However, not every failed project should be considered a scam. Collectors need to look at the founders and their subsequent actions. If they give money back to collectors, then there is nothing to worry about. Otherwise, such people must be considered criminals.
NFTs are a credible technology for digital asset ownership and have great potential as digital assets. However, the NFT space is plagued by a bundle of scams, so enthusiasts must stay vigilant to prevent losing their digital assets.
While legitimate NFT projects offer attractive benefits to potential inventors, fraudulent schemes have damaged market confidence and made it difficult for people to know which NFTs are reliable and safe to invest in. That’s why investors need to understand how NFT scams work and how to avoid them.
Just follow the rules, be cautious, and check all the details twice before taking any action. Don’t let bad actors ruin your blockchain experience.
If you have any questions or ideas, don’t hesitate to contact our NFT developers.