• Tue. Jul 16th, 2024

10 NFT Scams to Watch Out For and How to Avoid Them

NFT Scams


Key Takeaways:

  • Over $100 million has been lost as a result of NFT scams in the first half of 2022. 

  • These can range from price manipulation and NFT piracy, to fake platforms and phishing attacks.

  • You can minimize your risk through tightening your electronic security, and also being aware of social engineering attempts to gain access to your accounts.

As an NFT enthusiast, creator, or collector, you are one out of over 30 million people participating in one of the most significant blockchain innovations to date. Since it hit the ground running, over $80 billion worth of NFTs has been traded on NFT marketplaces according to a report published by Chainalysis. The Ethereum blockchain alone hosts over 80,000 unique NFT collections and most other smart contract blockchains also boast relatively impressive numbers with regards to NFT activities.

With NFTs conferring ownership rights to a wide range of digital media and commodities,  attempts to monetize this ownership have resulted in some of the hottest blockchain-powered businesses. But just like any other booming financial space, the NFT business has met with some unfortunate events. Generally known as NFT scams, these events have caused mild to grave losses for NFT creators and traders.

Over $100 million has been lost in NFT scams in the first two quarters of 2022, and the figure continues to rise as more NFT scams are reported daily.

Here are the most common NFT scams:

1. NFT Price Manipulations

NFTs derive their value mainly from the quality of the media and how well the NFT community reacts to these displayed qualities. Successful NFT projects see exponential growth in the value of their NFTs as collectors flock to add them to their collections. A continuous rise in value is also a strong point of attraction for NFT collectors who buy into these projects with the hopes that the value continues to appreciate.

Unfortunately, NFT projects and independent collectors as well have found a way to move the value of NFTs in a rather unscrupulous way. An Outlook report suggests that about 2% of NFT trades are manipulated. Through wash trading, foul players artificially engineer a rise or drop in the value of an NFT collection, with the sole aim of influencing the market in certain ways.

To manipulate the value of NFT through wash trading, the manipulators simultaneously buy and sell an NFT between themselves at a certain frequency to cause a drop or increase in the floor price of the collection or the value of a single NFT. This is also done to increase trading volume and boost visibility and trustworthiness

A drop in value could influence NFT holders to sell their NFTs at lower prices to prevent further losses while a rise in value could influence investors to buy into an NFT project. Having steered the market in this way, the perpetrators proceed to buy at this low price or sell at the engineered high price. This is also known as https://www.coingecko.com/en/glossary/pump-and-dump-schemePump-and-Dump, a similar scenario that is seen in crypto trading and most financial markets.

2. Phishing Scams

Phishing scams are a major internet security threat. Cryptocurrency and NFT investors have a rich history of facing phishing scams. Through phishing scams, scammers trick their victims into giving away vital security information by sending them fake links (known as phishing links) or emails that lead to malicious websites. These websites are built to automatically breach the security of the visitors’ devices through certain means or install malware that scans for vital information and relays them to the attackers.

On April 25, 2022; Bored Ape Yacht Club (BAYC) holders reportedly lost about $3 million worth of BAYC NFTs in a phishing scam that targeted users through the project’s official Instagram page. The Instagram page was compromised and the BAYC attackers posted a link that redirects to a fake airdrop program. The program requires that BAYC NFT holders sign a smart contract transaction from the wallet. By signing this transaction, the attackers gained access to the victims’ wallets.

The BAYC phishing attack only adds to a long list of NFT scams that have resulted from phishing attacks. A fake discord link posted on Ozzy Osbourne’s NFT project’s page resulted in investors losing thousands of dollars.

3. Wallet Hacks or Security Breaches

Apart from phishing attacks, hackers can obtain wallet or NFT account details through other means such as random security breaches or accessing poorly stored wallet details. Using information obtained from a successful phishing attack or from these other means, hackers maneuver their way into personal wallets and siphon their contents, including NFTs.

Defiance Capital founder – Arthur reportedly lost all Azuki collection NFTs in his wallet to a phishing attack. The attacker had gained access to Arthur’s personal wallet through a malicious email.

4. Fake NFT Giveaway Programs

Fake NFT giveaway programs work in two ways. Scammers can organize giveaway programs with a deceitful claim or registration link that snipes vital information from the participants or exposes them to phishing attacks as described earlier.

Through fake giveaways, ‘foul-playing’ NFT projects can also trick NFT investors into running social tasks. With the hope of earning free and promising NFTs for performing these simple social tasks, NFT hopefuls join promotional programs for new or existing NFT projects. In some fake giveaway scams, these free NFTs are never distributed to the participants of the giveaway program while the project benefits from the awareness created through the community’s help.

Unfulfilled giveaway promises might be disappointing, but the chances of getting scammed through fake NFT giveaways are a bigger issue and a more popular occurrence. 

5. Identity Theft and Fake Mints

Prominent names in the NFT space command huge regard and trust. The NFT community is a young one and reputable members are revered, especially when they are an integral part of an NFT project. Prominent collectors, creators, and ‘influencers’ are seen as trusted figures and easily earn the trust of other NFT enthusiasts. This phenomenon is easily exploitable. 

Scammers pose as NFT project team members, community support teams, or known collectors. Masked in a fake identity, they demand vital details from other members of the community or request certain actions (like transferring NFTs or cryptocurrencies) that put their unsuspecting victims at a loss.

Some adopt an impersonation strategy, where scammers create new NFT projects posing as a reputable designer or project team, and trick investors into buying the NFTs with the impression that they are created by the impersonated figure. Canadian illustrator Derek Laufman denied running an NFT program that was created and operated in his name after being called out by a supposed collector for stealthily dropping his NFT collection. 

Another impersonation tactic is Fake Mints. How this works; fraudulent NFT projects can mint NFTs and send them to an influencer’s wallet. This tricks investors to believe that influential figures are buying into the project.

6. NFT Piracy

Beyond the creators’ identity, digital media can also be duplicated and the fake prototype sold as an NFT. NFTs were introduced as immutable proofs of originality and ownership; unfortunately, this sometimes is not the case. Scammers can create digital signatures of NFT arts, photography, or any other multimedia that don’t belong to them originally. Some pirated NFTs could come in modified versions such as color variations, rotations, or a simple tweak in attributes. These duplicates are sold to an unsuspecting buyer who might assume the NFT to be a part of an original and (probably) very prominent collection. Two famous examples of this are the PHAYC and Phunky Ape Yacht Club (PAYC), which sell mirrored versions of the famous BAYC avatars and are now banned on OpenSea.

Guess which is BAYC and PAYC?

Original creators can be caught up in this act as well. Digital media creators can mint two separate copies of the same media and put them up for sale on the same or different NFT marketplaces. This maximizes their profits but defeats the goal of originality and uniqueness, and the creator may be banned from the platforms.

7. Fraudulent NFT-Drop Campaigns

Popular brands and mainstream content creators are joining the NFT space. Internet Icons like Dennis Rodman, Tory Lanez, and Snoop Dogg have dropped NFT collections or contributed to NFT projects. Big brands like Adidas have also joined the NFT wave. Projects backed by figures like these are known to draw huge attention and subsequently attract investors.

In unfortunate events, NFT investors are conned into investing in an NFT project after being convinced by fake promises or proof of support from mainstream artists. Adult movie star, Lana Rhoades reportedly abandoned her NFT project after raising about $1.8 million from investors. These events leave investors with huge losses to bear as these NFTs fail even before they are launched.

8. Fake NFT Hype

Social media influencers can easily build a huge hype around an NFT project. Using well-crafted social media posts and conversations, influencers can improve the internet presence of new and existing NFT projects. For existing projects, the floor price and the price per NFT continue to rise for as long as the hype is sustained.

New projects backed by NFT influencers also pick up momentum before the initial launch. This effect is similar to that seen in NFT projects backed by mainstream artists or firms.

However, once the NFT prices have reached a high, the Pump-and-Dump happens. These influencers sell their stake and back out of the project. The hype dies down and the value plummets. Investors rush to sell off their NFTs against shrinking liquidity. Most of the time, this (selling off) is not even possible.

9. Bidding Scams

To sell an NFT, holders list their NFTs on an NFT marketplace for sale at a stated price or to the highest bidder. The latter is prone to a popular trick played by NFT collectors. How this works: the intended buyer places a high bid for the NFT. This bid is usually high enough to be the highest bid.

The bidder cons the seller by switching his bid to a different cryptocurrency. For instance, the bidder places an initial bid of 3 ETH ($4,000) which makes it the highest bid and changes this to 3 USDC ($3). The seller accepts the modified bid without checking, and the NFT is claimed by the bidder at the modified bid ($3) instead of the initial bid ($4,000).

10. Fake NFT Facilities

NFT marketplaces, minting applications, and marketing platforms are hot grounds for NFT scammers and hackers. Apart from the constant attempt to scam NFT investors on these platforms, scammers invent a different strategy – cloning the original platform. Scammers clone prominent NFT facilities and host them on similar domains. For instance, scammers can clone the exact user interface of Opensea (opensea.io) and host it on Opensea.com.

Unsuspecting collectors and creators mistake the fake platform for the real one. This fake website is programmed to handle normal actions differently. For example: substituting an asset listing command with an asset transfer command. By visiting the cloned platform and performing basic activities, the investor runs the risk of giving involuntary access to the hackers, resulting in losses.

 How to Avoid NFT Scams

Now that we’ve covered some of the most common NFT scams, here’s how you can avoid them.

1. Improved Electronic Security Habits

Cryptocurrency wallets and marketplace accounts are the common points of contact between NFT owners and NFT scammers. How well these points are protected goes a long way to determining the safety of your NFTs. As electronic technologies get sophisticated, strategies to breach its security provisions develop as well. A zero-tolerance security habit is important to keep your NFTs away from hackers. This can be achieved by:

Choosing the right wallet for your NFTs

NFTs are just like crypto tokens in terms of safekeeping. Hot wallets like Trust Wallet and MetaMask are more available and easier to use. But these wallets are connected to the internet and are prone to exploitation. Cold wallets like Ledger and Trezor wallets are safer options for NFT storage.

Hot wallets are, however, more flexible and simplify routine NFT transactions. A safer practice is holding a small fraction of your NFTs in hot wallets and moving the rest to cold wallets. Cold wallets are offline, and unlike hot wallets, are not exposed to the internet. This keeps your NFTs safe from most phishing scam attempts.

Healthy Password Habits and 2-Factor Authentication

Developing strong passwords, keeping them safe, and remembering them is very tedious, sensitive, but vital processes. Some studies on security tips suggest the best practice for password development. To improve the chances of your assets remaining safe, developing abstract passwords is the safest way to go. Passwords that don’t make many references to the common knowledge of you are harder to guess. The popular ways of developing passwords such as; a combination of your name, birth date, and other notable dates, or hobbies have simplified ‘hacking by guesswork’ in many reported cases. Abstract passwords make guessing harder for hackers.

To reduce the stress of remembering passwords, we tend to reuse one password for many profiles. This practice creates room for greater danger. Just like the idiomatic “putting all your eggs in one basket”, using one password for multiple profiles further expands your vulnerability. When one is broken, others follow. A better practice is to create a new password for every profile.

Storing your passwords over electronic media is also potentially dangerous. The rampant reports of passwords stored in places like emails, google drive, or Pastebin getting stolen show how unsecured these options are. Saving passwords in an offline tool is a safer strategy.

Two-factor authentication adds an extra layer of security to your electronic accounts. Where available, the Google authentication service connects your profile to the google authenticator. It allows ownership verification through codes generated by the authentication application. Similar authentication tools work in the same way. SMS and email verification services make it harder to break into personal profiles. An attacker will need to get hold of your personal devices or access to your email before successfully breaking into your account. 

A good way to reduce losses in case of hazards is by using a fresh wallet with just enough funds for new mints, especially those free mints that keep popping up every day. That way, even if it’s compromised only a limited amount of funds is lost.

Unfortunately, many internet users have yet to realize the importance of enabling authentication services for their accounts. Endeavor to enable a 2-Factor authentication service for your NFT accounts where available.

2. Be Careful of Social Engineering

A greater percentage of NFT scams don’t happen as a result of a direct wallet or account hack. Social engineering is the most widely used approach by scammers. Scammers devise ways of either finessing investors’ funds from them or tricking them into involuntarily giving out their details. Here’s how you can tighten your guard from a social perspective.

Don’t Trust, Verify

Most NFT scams are designed to exploit investors’ sense of trust. “Unsuspecting investors” are the victims of most NFT scams. Like the popular blockchain slogan, it is advised that as an NFT investor, the only sense of trust should come after proper verification.

Before clicking any link presented directly or via email, ensure that the source is properly checked and scrutinized for possible tweaks. Only click links whose authenticity is confirmed. Even when that is done, do proceed with caution.

While selling your NFTs using bids, ensure that you check a bid properly before accepting it. Run a check on the currency and amount before accepting a bid.

Regardless of how legitimate or promising an NFT project might appear, do run sufficient checks on the team. This could include the team’s previous records, the influencer(s) talking about the project, and the most prominent members of the community. Good research on the team and their offers will reduce your chances of running into investor scams and giveaway scams.

To stay safe from Fake Mint scams, confirm that the influencers in question actually minted the NFTs themselves. You can do this by checking Etherscan to see if the wallet that interacted with the contract is also the same wallet that received the NFT. If not, then it’s just a mint and the ‘send’ transaction is only meant to trick people

3. Use Known or Properly Audited NFT Utilities

New NFT marketplaces, minting, and marketing platforms emerge regularly. These new platforms are introduced to the NFT communities and promote their advantages to NFT investors. Unfortunately, the authenticity and security of these new platforms is hardly confirmed at launch. Many NFT scams have resulted from using new NFT utilities. To stay safe, investors should endeavor to stick to known utilities or verify the authenticity of these new platforms before proceeding to use them.

Even when this is done, it is important that investors apply a good level of caution while interacting with these platforms to prevent huge losses in case of technical exploitation on the platform. This could be 

Final thoughts

NFTs are a brilliant invention, despite having made a huge breakthrough that extends beyond the crypto space; however, it is still an emerging technology. Like any other new invention, it is prone to constant changes and improvements, and also vulnerable to irregularities and exploits. Many new developments in this space focus on making NFT investing easier and limiting losses in case of security failures.

These security improvements remain in development, it is therefore important that NFT investors play their role in protecting themselves from a sea of foul players attempting to rid them of their investments in the cruelest ways. UItimately, a trustless security habit is important while investing in NFTs and while engaging in any financial activity.