NFT Scams: What Are They and How to Avoid Them?

Jorge Felix  - Cybersecurity Expert
Last updated: August 17, 2024
Read time: 18 minutes Disclosure
Share

NFTs are among the latest developments in the blockchain universe, attracting a lot of attention and money from investors. However, this market is prone to digital risks. Read this article to be aware of the NFT scams and how to deal with them.

NFTs (Non-fungible tokens) are among the latest developments in the digital industry that have quickly become a craze among netizens. Consequently, this popularity has also attracted negative attention, exposing users to various NFT-related scams and frauds.

Some NFTs out there look like nothing special, something anybody could have produced with Photoshop in a few minutes. But that does not prevent collectors and NFT artists from making a good deal of money transacting with these items.

In this article, we will discuss the most common and uncommon scams regarding NFT and how you can prevent them.

NFTs: What are they?

We all know that NFT stands for “Non-Fungible Token.” The critical bit is “fungible.” What does it mean? A non-fungible item cannot be duplicated. Star Trek fans can think of Latinum, the liquid that serves as currency because replicators can’t handle it.

NFTs are closely related to blockchain technology because each is equivalent to a token in a particular position of a blockchain. So think of a blockchain whose associated cryptocurrency is not a digital coin, like Bitcoin, but one of these NFTs. Typically, NFTs come in the form of digital media such as video games, videos, music, or pieces of digital art.

So you need to understand the concept of “blockchain” to get NFTs because these relatively new objects are elements in a blockchain ecosystem. A blockchain is a decentralized system that keeps a transaction ledger. Each NFT is a line in the log.

While digital art items are currently getting most of the attention as NFTs, you can make almost anything an NFT –any physical object, from a toy to a piece of real estate.

NFTs are new kids in the crypto block. But that hasn’t stopped the NFT market from attracting vast amounts of money. For example, Dexerto reports that a single item collected almost 92 million USD after thirty thousand collectors came together to provide the funds.

However, NFTs remain a largely speculative asset. As a result, many investors are trying to jump in the NFT wagon early, hoping their purchases will grow in value dramatically. This is no surprise, as the whole cryptocurrency universe remains fueled by speculative forces.

The risks involved in NFTs

NFTs are kept in cryptocurrency digital wallets. Their trade happens through blockchain operations. NFTs are essentially a cryptocurrency in which the token is not a digital token or coin but an associated object that is unique and can’t be replicated. And since both environments are closely related, the risks behind the NFT trade are the same as with cryptocurrency.

In February 2022, a successful phishing attack happened against OpenSea.The hackers went away with almost 2 million USD in NFTs after the attack. Then, in March 2022, Axie Infinity, an NTF gaming system that has sold more than 4 billion USD, suffered a security breach. It led to Ronin, a service processing Axie Infinity’s transactions through the Ethereum blockchain, to a 600 USD million loss.

Blockchains are among the most secure digital systems ever devised. However, in every scenario, other factors can become security risks and fall prey to malware, phishing, and other problems. For example, NFT platforms can be vulnerable to hackers, and NFT wallets can be hacked.

Awareness is the first step in any digital security strategy. So let’s get started by showing you the most frequent NFT scams out there so you can read the writing on the wall (when it’s there) and be ready to fight them.

The most frequent NFT scams

The cryptocurrency and NFT ecosystems are more extensive than ever today. And as they keep growing, the same sentence will remain true next week or next year. But, unfortunately, the increased value and activity in both markets bring about an undesired but unavoidable consequence: scams involving digital assets are also more frequent today than ever. And their frequency will keep growing along with the momentum in both environments.

So let’s see what the typical threats you can find nowadays are.

1. False or malicious NFT trading systems

Every time you buy something online, you have to pick a retailer. But, with so many available today, how do you know which is reliable? Many users get around this problem by sticking to Amazon or another e-commerce platform they know to be trustworthy.

Buying NFTs is no different. You need to know a trading platform you can trust before you go ahead and complete a purchase. So do your homework. Do a little research before using a particular platform for your NFT trades. Keep this in mind: some hacker groups have fake NFT trading platforms online. The trick grants them access to their unsuspecting users’ wallets. So if you fall for this common NFT scam stratagem, your whole wallet is at risk.


2. Phishing NFT fraud

Phishing is a prevalent criminal tactic in every field, including NFTs. This attack typically starts with an unsolicited email telling you that you have received a free NFT or that somebody wants to buy an NFT from you. Then, it will prompt you to follow a link that looks okay on the surface but will take you to a false NFT platform.

You’ll be squeezed for information such as your seed phrase or private keys as you reach the website in question.

So how to avoid this? First, never follow links that reach you in unsolicited email messages. Use common sense. It is too good to be true if it seems too good. Also, ensure that any URL is authentic by typing it directly into your browser’s address bar. And remember: these people can invest a lot of effort in making false things look genuine. Appearances can be deceiving.


3. Impersonating customer support

The terrible quality of customer service prevalent in many cryptocurrency and NFT platforms is very well known among users. That leads many users to ask for help in community forums.

The problem with trusting in the kindness of strangers is that you could come across unkind strangers that will take advantage of your situation. For example, they could pose as customer support personnel to persuade you into doing something you wouldn’t do otherwise. For instance, they could have you accept a remote connection from them. Then they could take pictures of your credentials to access your digital wallet.


4. The “Rug Pull”

It is one of the new NFT scams. However, in this scenario, the criminals will manipulate you into having a sense of security –a false one, of course. And then, they will pull the rug from under your feet.

It goes like this: An announcement goes public about a new NTF collection going for sale soon. The supposed creator tells the world about upcoming events, giveaways, and other related things.

Then, as some eager investors join in the hype by putting forward some money, the project owners disappear along with all that cash. This happened with the “Frosties” collection. The project’s discord channel went offline overnight, leaving no signs or clues.

According to a report, this scam has gathered a lot of money in a short period — nearly three billion USD in 2021.

Again, doing your homework is the way to avoid falling for this type of scam. So who is behind this seemingly exciting new NFT collection? What are the credentials? What plans are there for the collection in the long term?


5. “Pump and Dump” schemes

A band of wrongdoers is usually behind “pump and dump” schemes. The plan is to cause a token’s or NFT’s price to explode quickly and then hide away with the money other people invested.

The band of scammers will buy many items in an NFT collection in the shortest possible period. So, naturally, this inflates the price and gathers additional interest from the market. In the next step, many other investors come in with fresh money, buying even more items in the collection at higher prices. Thus, the price increases even more, and the hype reaches its highest point.

And this is when the scammers get rid of everything quickly, profiting from the sales, killing the hype and the value in everybody else’s assets related to this NFT collection.

Research is your friend again. NFTs tend to have slow increases in value over time. Sustained but without spikes. Anything else looks unnatural, and you should be a little suspicious.


6. Plagiarized NFTs

The core principle of NFT is the creation of unique digital tokens. However, cases of plagiarized NFTs have been rampant in the recent past, where people are buying and selling stolen copies of a real-world artist’s work.

Always verify an NFT before completing a purchase. Do due diligence on the seller by checking their social media profiles and transaction history to confirm they are the real owners and the art is original.


7. Stealth drop NFT scams

Nowadays, scammers are flooding social media, especially Twitter, with NFT scams. In fact, the Twitter algorithm plays a part in influencing these scams. The algorithm gives you content recommendations when you start engaging in NFT conversations.  

So, fraudsters design a ‘Stealth Drop’ NFT, which is appealing and looks like a good deal to unsuspecting users. A stealth drop NFT is a bait that promises quick returns, and innocent users end up losing money.

The best way to avoid Stealth Drop scams is by checking whether their discord server is open via invitations only. Scammers usually invite easy targets for NFT scams.


8. Fake influencers

Influencers and celebrities greatly affect the performance of an NFT project in the market. Therefore, many NFT developers approach influencers to popularize their projects, leading to public deception. In some cases, influencers create fake charity promises to promote a project.

A good example is when an NTF influencer, Mineervas, scammed a Brazilian teenager for 0.14 ETH. The scammer sold the teenager an alpha pass for 0.14ETH for a project allegedly promoted by Punkie and driven by Murat Pak. The victim realized too late that the pass was for a fake project.


9. NFT Airdrop or giveaway scams

These scams are associated with free NFT giveaways, especially on social media. Some of the giveaways may have malicious motives where scammers ask you to agree to ‘Terms and Conditions’ upon clicking the giveaway link. They may even ask you to retweet or share the message with others. Then, they redirect you to a form where you must provide your MetaMask wallet credentials to claim the prize. So, they’ll store your credentials in their system, and they can easily access your account and steal your assets.

A good example is the Fractal Airdrop attack, a startup NFT marketplace, where 373 users lost around $150,000 after scammers hacked a Discord server. Fractal members received an offer message to mint celebrity NTFs which included a fraudulent link. The members lost all their SOLANA tokens after minting through the affected URL.


10. Bidding scams in NFT collection

Bidding scams occur in the secondary market, intending to drive up the prices of NFT. The bidders move to a low-value preferred currency after enlisting NFTs for resale. This leads to uncertainty in the market as investors face potential losses. It is not easy to spot or escape a bidding scam, but you can avoid bids that are below your limits. Also, ensure you double-check the listed currency.


Less common NFT scams

Some NFT scams are less popular but equally effective and dangerous. Let’s look at some less-known NFT scams.

Customer support impersonation

This is a phishing and social engineering scam where illegitimate people contact you, posing as support agents from an NFT marketplace. They can reach you through various communication channels, including social media channels like Facebook, Twitter, and Discord.

Scammers then send you fraudulent links to fake NFT marketplaces where you are required to enter your private wallet keys. Once the scammers get your private keys, you can lose all your digital assets. To avoid this type of scam, only communicate with your customer support center through their approved channels and avoid clicking links from unknown sources.


Investor scam

This type of scam occurs when fraudsters launch a legitimate NFT project and hype it up to attract investors. Once investors flock in and pump in enough money, the scammers disappear and close the project. A good example is the Evil Ape investor scam, where an anonymous NFT creator disappeared with over $2.7 million without a trace. So, you should conduct a thorough background check on any NFT creator before investing your hard-earned money.


Other NFT risks

NFT scams

1. Malware

You should be aware of malware infections as long as you are on the internet. Prevention is key here. You should always have a top-notch antivirus suite active on your device and be online through an equally premium VPN service.

NFT trading platforms are no different than any other user-management system on the internet. Thus, they are susceptible to malware attacks, especially since many platforms are relatively new and not yet thoroughly tested.

The current word in malware distribution in the NFT environment is “airdropping.” An NFT is sent directly into a wallet for free in legitimate airdrops. This is common when a new project needs publicity and is trying to get investors’ attention. However, hackers know how to send malware that looks like a freshly dropped NFT.

This is why you should only accept an NFT airdrop if you know who and why it is sending it to you. Malware infecting you in this way could compromise your private keys, seed phrases, and other vital information regarding your cryptocurrency and NFT activities.


2. Social engineering

Social engineering relies on persuasion rather than technological savvy to harvest data from users and organizations. Do not underestimate this type of criminal behavior. Remember that Kevin Mitnick, the most notorious hacker in his generation, relied on social engineering almost exclusively.

In social engineering, a scammer finds out everything about you. Vital stats, hobbies, habits, you name it. Then, they will befriend you and earn your trust. Before you know it, your new close and trusted friend will find a way to persuade you to do something utterly out of character for you. 

Social engineering is highly effective and relies on human nature as the weakest link in the security chain. The desire to help a close friend is a strong motivator, and the hackers turn it against the victim with this strategy.


3. Fake NFTs

Uniqueness is at the heart of any NFT’s value. So when you come across one that could be easily duplicated, that’s a problem. Selling knock-offs is a time-honored trade as old as the industrial revolution itself. Over the centuries, we’ve seen it applied to clothes, accessories, concert tickets, watches, and other merchandise.

So how can you tell if the NFT you wanted is fake or a scam? Beware of the following things:

  • The price is much lower than the original.
  • Is it too good to be true?
  • Is the NFT listed as a single item instead of within a collection?
  • Is the trading volume too low?
  • Is the seller’s information and the registered owner’s information consistent?

If you buy a fake NFT, you will end up with something. But it won’t be very worth much very soon.


Staying safe in the NFT market from scams and frauds

Digital security is an art as much as it is a technical skill. It offers no guarantees, and there are no silver bullets. Nevertheless, adopting a small set of reasonable preventive measures can help you to stay safe at all times. So let’s review those measures.

1. Use a reputable service to set up your wallet

You must have a good crypto wallet to get into the NFT market. So get one from a platform that is well-known and respected. It also needs to be compatible with the NTF platform you intend to join, so do a little research beforehand. We recommend you the following wallets:

  • Trezor
  • Exodus
  • Mycelium
  • Electrum
  • Public
  • Ledger
  • Coinbase

2. Set up your new crypto wallet for maximal safety

Since we’re confident that you followed our advice and picked a top-notch wallet, we know that your brand-new wallet has plenty of reliable security protocols available. However, you need to activate them manually because they are only sometimes on by default.

Some wallets have 2FA available; Some have phishing attack protection. Enable everything to secure your crypto wallets.

Spend a bit of time exploring your new toy so you can learn and understand everything it offers you regarding security.


3. Do good research

We see why you want to get a piece of the NFT action as soon as possible. However, know this: Only put a Satoshi into an NFT of any type after doing your homework by thoroughly researching the project. Granted, new NFT projects are hard to research, and the available information about them tends to be meager. But even that can be meaningful. For example, is the group behind your NFT reliable? Has it released other collections previously? What are the credentials it has? 

And when you can’t research the project itself, turn to the creators and their goals with the NFT collection, credentials, and past activities in the NFT-verse. Review their transaction histories.

Even in the NFT’s short market history, a group of well-known creators already exists.


4. Use 2FA and a suitable password

You will get new public and private encryption keys every time you set up a new crypto wallet for the first time. However, a password is unavoidable. So you’ll need to create one. Ensure to create a high-quality password that is both secure and unique.

Using two-factor authentication (2FA) whenever possible is also a good idea. It ensures that even if your password is compromised, it won’t be enough to grant criminal access to your wallet. 


5. Use cybersecurity programs

We can’t exaggerate the importance of a good cybersecurity suite. It keeps you safe from malware, spyware, and other malicious code while you are online. And even when you are offline.

Start with a good antivirus suite. Pick a top-notch vendor, download it and install it. Ensure it’s active at all times, especially if you’re online. Then, choose a top-notch VPN service for your crypto activities so your traffic remains encrypted, and your IP never leaks to the internet. We like ExpressVPN, NordVPN and Surfshark.


6. Keep your seed phrases and private keys safe

Your wallet’s public key is the data that allows you to send and receive crypto and NFTs. This public key is visible to other users, and it’s stored in the blockchain with every transaction you perform. Your private encryption key, however, is supposed to remain private and known to you alone. The bit of data proves you are the wallet’s owner.

You will most likely get a see phrase or a backup phrase. The phrase lets you restore your private key if you should need it.

Also, consider “cold storage,” which means you will store your private key in a device with no internet connection. This reduces convenience but increases security.


7. Check verification marks

In major NFT marketplaces like OpenSea, the most legitimate sellers have a blue checkmark beside their usernames. Also, their collections are clearly listed. Ensure the artist you buy from has a verified account and is the legitimate owner. Go to their social media profiles and visit their website to determine their legitimacy. You can even contact them directly for any queries or to confirm their identity.


8. Use burner wallets

A burner wallet comes in handy when you want to limit the number of funds you want to commit to a transaction – including crypto for transaction fees. This helps reduce the damages you can suffer in the event of a scam.


9. Confirm the NFT project price

Always confirm the NFT project price from official trading platforms like OpenSea. Be cautious if the project cost is lower than that listed on a legitimate platform as it could be a scam.


10. Avoid visiting untrustworthy sites

Verified websites are the best when conducting any crypto transaction. Stay away from links and pop-ups requesting you to enter your wallet’s key information. Also, avoid being lured into the so-called bargains because they can lead you to fraudulent blockchain websites.


11. Verify the creators behind a project

Do a background check of the creators of an NFT project you are interested in before completing the payment. Verify their contact information and social media profiles to ensure you deal with transparent and honest creators. If there is insufficient information about a creator, opt out because you could be dealing with a scammer.


12. Be cautious with giveaways

An NFT is contract-based and anything that can be done with it is included in the contract. Therefore, you should be cautious with free giveaway NFTs because some may be attached to authorizations to sell your assets or even monitor your wallet. Never accept free NFTs from people you do not know.


13. Avoid opening files from unknown senders.

Today, hackers use sophisticated phishing and social engineering techniques to target your crypto wallet. Clicking random links and opening attachments from unknown senders can download crypto spyware or redirect you to fraudulent exchange sites.


Examples of NFT scams

Frosties (2022)

This was a rug pull scam that resulted in an estimated loss of $1.2 million. NFT creators called Frosties disappeared with investors’ funds without a trace. The project promised various rewards to a community of 4000 thousand members, only for them to disappear and deactivate all communication channels.


Fractal (2021)

Fraudsters shared a fraudulent link about the NFT giveaway, leading to a cryptocurrency loss estimated at $150,000. The hackers sent the link through the platform’s discord and successfully attracted many members who were hoping to get a limited edition NFT.

Instead of getting a limited edition NFT,  the link connected to the users’ crypto wallets and transferred their crypto to the scammer’s account


Evolved Apes (2021)

A developer known as Evil-Ape disappeared with 798 Ether ($2.7 million) of investor funds without a trace. The project involved 10,000 ‘evolved apes’, and buyers were supposed to receive unique apes and fight them against each other in a vaporware fighting game. The project sought investor funding and after accumulating 798 Ether, the creators ghosted everyone and disappeared with the funds.


FAQs

Reach out to your customer support center and report any fraudulent people or activities on your trading platform. Some trading platforms have scam reporting systems, which you can use directly.

Some NFT giveaways are meant to bait you into a larger organized scam and are designed to dupe you into revealing your account details. However, some are legit, and you should always verify the seller’s identity before agreeing to participate in NFT giveaway campaigns.

NTF scams are prevalent today, and anyone can be a victim. Whether you are an experienced or amateur, scammers have sophisticated strategies to steal from you. You only have to be extra cautious when conducting your transaction to avoid being duped.

Screenshotting is not illegal, but creating a copy and claiming ownership is illegal. Therefore, screenshotting an NFT becomes illegal when you try to sell or pass them on your own.

NFT is a relatively new field, and its regulations are still evolving. There are no comprehensive laws describing the consequences of selling NFTs that do not belong to you.

Originally, the idea of NFT was to create a unique digital file that could not be copied. However, there have been cases of plagiarized scams where copies of original NFTs are minted and sold.

Share this article

About the Author

Jorge Felix

Jorge Felix

Cybersecurity Expert
236 Posts

Jorge Félix (Mexico City, 1975). Theoretical physicist specialized in Cosmology and Superstring Theory. He's been a writer on scientific and technological issues for more than 23 years. Has ample experience and expertise in computer technology and a keen interest in digital security issues.

More from Jorge Felix

Comments

No comments.