Tuesday, May 24, 2022
HomeGuidesThe Top 7 NFT Scams and How Not to Get Scammed

The Top 7 NFT Scams and How Not to Get Scammed

In a room full of NFT skeptics, there’s a good chance you’ll find half of them having heated arguments about NFT scams and the other half talking about whether NFTs are a scam. While the latter is certainly debatable, we’re going to share our take on the former, NFT scams, today. 

In this article, we will be learning about some of the most common kinds of NFT scams, along with our insights and tips regarding how to avoid them. 

Additionally, to ensure you can go the extra mile with your cybersecurity, we’ll also be discussing the seven rules of thumb that’d make it extremely hard for scammers to con you. 

Seven Most Common Types of NFT Scams

Phishing 

Phishing is a fairly common online scam where scammers steal sensitive information like login credentials and credit card information by tricking people into handing them over through emails or texts. 

For example, a scammer can pretend to be your credit card company and send you an email saying your credit card will be deactivated if you don’t prove your ownership by sending its number and CVV code. The email will have the company’s logo and everything, so you probably won’t suspect anything and just send them what they asked for. 

That’s how phishing attacks work. Since many people wouldn’t bother verifying whether the company actually sent the email, this kind of social engineering-based scamming is pretty effective.

Phishing attacks have also made their way to the NFT space, where scammers impersonate real organizations and people to get you to send the seed phrase or private key to them. 

NFT phishing often takes place through tempting NFT giveaways, where unsuspecting enthusiasts are then asked to share their seed phrase allowing scammers to steal their digital assets from their wallets.

Scammers may even send you fake security alert emails regarding your wallet or offers for your NFT assets, where you’ll be asked to click on a phishing link and submit your seed phrase to proceed further. 

What Is a Seed Phrase?

A seed phrase to a crypto wallet is almost like a PIN code to a bank account. It’s a list of 12-24 words that you can use to access your crypto wallet, generated during wallet creation. 

A seed phrase is so secure that even your wallet provider can’t reset it.

So the only way for a scammer to get access to your wallet is by getting the seed phrase. Once they have it, they can steal funds and assets from your wallet.

And once the assets are stolen, they’re gone forever. Transactions are irreversible on Blockchain technology, leaving you with no way to get your crypto or tokens back. 

Fake Lookalike NFT Websites, Projects, and Collections

Lookalike websites are essentially another kind of phishing scam. But unlike the previous one, the scammers don’t approach you with phishing links. Instead, they create lookalike NFT websites and collections very similar to the original projects. People walk right into their traps, not realizing it’s a fake website.

To achieve that, scammers use a domain name almost the same as the real one, so people end up landing there simply by typing the address wrong. 

An example of how a phishing website works –

Let’s pretend, WopenSea is a popular marketplace for NFTs. The website address is wopensea.io. 

John is new in the crypto space and just heard the name of WopenSea from his friend. Intrigued, he types wopensea.com into the browser expecting the marketplace to have a “.com” domain extension like most websites.

Even though he mistakenly typed the wrong address, an authentic-looking website opens anyway with WopenSea’s logo. Unsuspecting, John connects his digital wallet to the website and starts browsing through NFT assets. 

The next day, John finds out somehow all funds and NFTs stored in his wallet have been stolen. 

What happened here? A scammer intentionally made a lookalike website of WopenSea, so people who mistakenly typed WopenSea.com instead of WopenSea.io go to the fraudulent website and allow the scammer to get access to their wallets. 

This also happens for NFT collections on marketplaces, where scammers create fake collections impersonating real artists. Marketplaces like OpenSea have a verification process and give authentic creator accounts a “verified” badge, which is a good way to know you’re not buying from a fake collection. Some other signs include suspiciously low prices and low sales volume. 

If it’s too good to be true, it’s most probably not true. 

Rug Pull

In a nutshell, rug pull is basically raising funds for a project and then fleeing without delivering the projects. Usually, scammers make an authentic-looking website with social media accounts and hype up the launch as much as possible, leveraging psychology hacks like Fear of Missing Out (FOMO) and flock mentality. And after the launch – by when the investors have already invested the money – the developers vanish into thin air with all the funds. 

The worst part about rug pulls is that they’re hard to differentiate from genuine projects, as both real and fake projects try to generate buzz around their launch. That being said, it’s possible to identify a rug pull by looking into the team behind the project and asking the right questions.

A genuine team will always have a project roadmap to back up their claim about the possibilities of the project. If they don’t seem to have a clear idea about where they’re headed or what their vision is, it can be a possible rug pull or a project with an incompetent founding team. Either way, you should steer clear of it. 

Background checks can also help a ton. An authentic team will not be afraid to take the risk under their names, so their identities should be easy to find. Please do your homework and check their past experiences in the industry. 

Listen to your gut feeling. If something doesn’t add up, be very, very wary. And if you can’t find anything about the team behind the project, stop right there – it’s a huge red flag. 

Generally, the buzz around the project doesn’t necessarily vouch for its authenticity. All hyped projects are not rug pulls, but all rug pulls started as overhyped projects. 

Pump-And-Dump Schemes

In the stock market, the term pump-and-dump refers to a manipulative fraud scheme that artificially inflates the value of a stock through false recommendations and misleading positive statements. So after the value of the stock has skyrocketed, those who bought it earlier at its original price can sell at the inflated price and make a killing in profit. 

Pump-and-dump means pretty much the same thing in the crypto and NFT space. It happens when some people collectively buy some NFTs or cryptocurrencies and create an artificial demand for them, so the price starts hiking. 

To drive the demand even higher, they even go as far as falsely recommending the said NFTs or crypto to unsuspecting people making exaggerated claims about its potential.

And when the price has hit the roof and the bubble is about to burst, those fraudsters sell their holdings to make a fortune and leave the victims behind with digital assets that become worthless as soon as the bubble bursts. 

How to Avoid Pump-And-Dump NFT Schemes

Again, do your research before making your investment. Take full advantage of the transparency the blockchain technology offers and go through the wallet records and history of the project you’re interested in. If they look fishy, take a step back and think the whole thing through again. FOMO and flock mentality are the main reasons people fall victim to pump-and-dump schemes. Don’t let emotions get the better of you. 

Most NFT marketplaces, including OpenSea, will let you view the number of transactions and purchasers of the token or NFT collection. You can also use Etherscan to check all incoming or outgoing transactions happening as long as they’re on the Ethereum blockchain.

Forged or Stolen Artworks Sold by Scammers Impersonating NFT Artists

Art forgery has been around for as long as art itself has been, considering how ancient Romans made thousands of copies of Greek sculptures.

Interestingly, it’s also becoming more common in the NFT market, where scammers often sell fake and stolen copies of NFT artworks by impersonating the artist. 

In most cases, the tricksters open a fake account with the artist’s profile picture and bio, leading unsuspecting fans to believe that they’re buying original NFTs from the artist. 

A noteworthy example of that would be how Banksy, the widely renowned graffiti artist, had his website compromised. The hacker added a link to a fake NFT auction website. Another popular NFT enthusiast pseudo named Pranksy fell victim to the scam and lost a whopping $336,000 thinking she was buying from the artist. 

How to avoid it:

If you’re buying from a marketplace, look for the verification badge beside the artist’s name. OpenSea and several other marketplaces verify the artists, confirming their NFTs’ authenticity.  

If buying from marketplaces isn’t an option, try to go for highly curated, credible websites like KnownOrigin and SuperRare. 

If the artist is famous, there should be official announcements regarding the NFT drop on their social media accounts. If you don’t find any, make sure to ask the artist directly before purchasing. 

For comparatively less-known artists, run background checks to check their legitimacy. For starters, go through their social media accounts. 

Google’s reverse image search can come in super handy to learn about the origin of NFT artworks. You can use that information to check if the artwork was stolen or if any other versions of it exist online. 

Fake Social Media Accounts and Hacked Discord Servers

We’ve mentioned the importance of authentic social media presence quite a few times in the article so far. However, you must keep in mind that social media accounts are also just as vulnerable to hacking and can be used to carry out scams and frauds. 

Discord is becoming increasingly popular among NFT enthusiasts. Most, if not all, NFT projects have their own Discord servers, which serve as the bridge between the team behind it and the collectors/minters. Unfortunately, the Discord bots (an automation feature the platform offers) are often hacked to post fraudulent messages on the channel. 

Sometimes, the fraudsters would announce a “secret launch” with a link to a fishing website, where the community members would be asked to mint NFTs. Once they’ve done that, the scammers would run away with the stolen money. Recently, an NFT project entitled Boss Beauties fell victim to this kind of scam, where hackers compromised their Discord server.

While we’ve only talked about Discord here, other social media accounts like Instagram and Twitter can be hacked to circulate fake messages as well. Since these are announced from official accounts, it’s difficult for someone to determine whether the announcements are authentic or not. 

To be on the safe side, it’s always a good idea to check with the project founders before spending any amount of minting. 

Unsolicited NFT Airdrops 

In NFT lingo, an airdrop means giving away cryptocurrency, tokens, or NFTs to NFT wallets for promotional purposes. It’s like the sample drink you get for free at supermarkets, where the brand incentivizes you to turn you into a regular customer of that drink. 

While airdrops aren’t generally something you need to be suspicious of, unsolicited airdrops may mean that somebody is trying to trick you.

If you start trading NFTs on OpenSea regularly, there’s a good chance you’ll be receiving random NFTs every single day, whether you won them in any giveaway or not. Most of the time, the unsolicited ones tend to be stolen NFT artworks or duplicates of existing NFT collections. Now, that’s a red flag. 

Even if the NFT is authentic, as in, it’s not stolen or anything – the collection dropping that NFT is still in violation of the OpenSea Terms of Service (TOS). If people report the collection for unrequested airdrops, it will be de-listed by OpenSea.

We would strictly recommend you not to invest in that sort of collection, as if it gets taken down by OpenSea, you would be stuck with the worthless NFTs. 

How Not to Get Scammed in the NFT Space: The Supreme Guide 

Do Network but Be Careful

It’s essential to build up meaningful connections through networking. But given how there is a staggering number of fraudsters and impersonators in the crypto and NFT space, we would strictly discourage you from interacting privately with strangers at first. 

Both Discord and Twitter let you talk to strangers in public which is a considerably safer option. 

It would be best to change the privacy settings on your Discord account so only users you’ve added as friends on Discord can message you privately. Since most DMs from strangers would be either scams or spam anyway, you wouldn’t be missing out on much. 

As we’ve discussed already, phishing links often look identical to the real ones. So, you should try to get the links from the official social media handles of the project.

The official Discord server of the NFT project should have a dedicated channel that displays the relevant links, look for something called #Official-Links or similar. It can also be found in the bio of the project’s official Twitter account, but make sure it’s not a fake account. 

Never, ever trust the official links shared by other people in the comment section on Twitter or the main chat on Discord.

Sharing Your Screen With Strangers: Huge No-No

Sohrob Farudi is an NFT collector and trader who was facing difficulty locating his NFT on OpenSea. So, he joined a support group on Discord where two users pretended to be administrators of the platform and offered to help him. 

They asked him to share his screen and ended up convincing him to do something that revealed the QR code of his MetaMask Chrome extension. Shortly after that, they were able to steal about 250 ETH (about $1Mn) from his screen. 

That’s the reason why you don’t share your screen with strangers. It’s a fairly common practice in the corporate world for showing presentations, discussing technical problems or simply collaborating on something. 

However, sharing your screen is an extremely risky thing to do in the NFT space, as fraudsters can trick you into sharing your seed phrase with them, as we’ve seen above. 

Don’t Use Your Regular Go-to Device for Your Crypto Wallet

A lot of people make the mistake of storing their crypto wallets on the same computer or phone they use every day. Unfortunately, their everyday activities can expose the crypto wallets to a boatload of cybersecurity risks that could have been avoided simply by using a different device for the wallet.

For instance, you might click on plenty of links on your mobile on a day-to-day basis – which can be a link to a presentation for work or a meme your friend sent you. But what if it was a malicious link and your mobile gets hacked? If your wallet was stored there, it would get compromised too. 

That’s why you should use a different, totally isolated computer or phone for your crypto wallet. 

What we mean by a totally isolated computer is you shouldn’t browse social media or do anything other than accessing your crypto wallet from that system. Since illegitimate software like pirated games can contain malware, you must also avoid them. Most importantly, don’t let anyone else use that device.

Don’t Put All Your Eggs in One Basket.

If you keep all your digital assets in one crypto wallet, the odds of losing them all to scammers increase drastically. 

Instead, you should maintain a couple of different wallets for your crypto and NFT assets so that even if one of them gets compromised, the rest of your assets remain untouched. Diversification is the key.  

And for the most valuable NFTs and crypto in your collection, consider using something more secure than software wallets. That brings us to…

Go Old-School, Use Hardware Wallets

Hardware crypto wallets are basically highly secure offline hardware storage devices that store the user’s private keys. Since they’re never connected to the internet, it’s nearly impossible for a hacker to access the keys from an online location. 

The best part about hardware wallets is that they’re immune to malware and viruses even if you connect them to infected systems. Additionally, they require an access password so only the user can access the device. 

While hardware wallets promise incredible security on paper, they should not be considered a silver bullet. Never, ever purchase hardware wallets from fishy suppliers or buy them used; they might have been modified to steal the keys stored in them. Do your homework about the manufacturer company (check if they have a solid reputation) and only buy from official dealers.

If you let your guard down, nothing can protect you from hackers. 

Question Everything, Leave Nothing to Curiosity

We can’t stress this enough – never shy away from asking questions. Whatever NFT project you’re investing in, get in touch with the founding team and do ask away. If you’re not satisfied with the answers, dig deeper. 

If the responses from the team lack clarity and they don’t help you clear up your confusion – that’s a warning sign. Authentic projects maintain transparency because they have nothing to hide. Hence, asking many questions almost always helps you differentiate the real deal from the fraudulent ones. 

Conclusion

Differentiating between authentic NFT sites and scam ones might be challenging to someone who is new to the NFT world and has little knowledge of the industry. Since NFT is currently one of the fastest-growing industries globally, there’s no doubt that the number of NFT scams is only going to increase.

Having said that, what you need to keep in mind is that all fraudulent schemes are centered around ignorance and greed. As long as you’re not slacking off on your research or getting greedy, avoiding scams should be a piece of cake. 

Henry Hicks
Henry Hickshttps://nonfungibletalk.com
NFT and Crypto Enthusiast. Loves Travelling and Exploring the Metaverse!
RELATED ARTICLES

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Subscribe to our newsletter

To be updated with all the latest news, offers and special announcements.

Most Popular