How to stay safe from NFT scams
The NFT market exploded in 2021, growing to around $22 billion and attracting an estimated 280,000 buyers and sellers and about 185,000 unique wallets. But as the market has grown, so too has the scope for cybercrime, with eye-catching reports of NFT fraud, NFT art scams, and NFT games scams. Read on to learn more about NFTs and how to avoid NFT scams.
What is an NFT?
NFT stands for ‘non-fungible token’. Fungible essentially means interchangeable – for example, bitcoins are fungible since you can exchange one bitcoin for another bitcoin, and you still have something which has the same value. An NFT is non-fungible because it’s unique and can’t be directly replaced by another NFT. NFTs can be anything digital – photos, videos, audio files, and so on. They have generated a lot of excitement because of their potential to use technology to sell and collect digital art.
Essentially, NFTs are digital assets – this is where the 'token' part of non-fungible token comes into play. When you buy an NFT attached to a digital asset, you're not taking ownership of the asset itself. You can’t reproduce it or use it commercially. Instead, you’re taking ownership of a record of purchase in the blockchain, which you can keep or sell on to someone else.
How do NFTs work?
NFTs are layered on top of a blockchain – a ledger of transactions stored over multiple computer systems – and point to a web link, such as an image file. Usually, NFTs are held on the Ethereum blockchain, though other blockchains support them as well.
NFTs are created from digital objects that represent both tangible and intangible items. These include:
- Gifs and memes
- Virtual avatars
This list isn’t exhaustive. NFTs can be almost anything: Jack Dorsey, the founder of Twitter, famously sold his first Tweet as an NFT for over $2.9million.
NFTs are the digital equivalent to collector's items. Instead of getting artwork to display, the purchaser receives a digital file. This gives them exclusive ownership rights because NFTs can only have one owner at a time. The unique data associated with each NFT allows ownership to be verified. It is also possible for owners or creators to store specific information inside of them – for example, articles can include their signature within an NFT’s metadata.
To collect NFTs, you need a digital wallet that can store both cryptocurrency and NFTs. You also need cryptocurrency to make your NFT purchases. There are NFT marketplaces where you can browse NFTs – some of the best known include OpenSea, Rarible, and Foundation. Many argue that NFTs are a way to support digital artists, while others argue that there's a resource cost involved in any blockchain transaction. If you are interested in NFTs, it's essential to be aware of the risks involved, including NFTs scams and fraud.
Types of NFT scams
Both cryptocurrency and NFTs are relatively unregulated spaces. This means there is potential for criminals to exploit loopholes and carry out scams. That’s why there has been news coverage of NFT Ponzi schemes, OpenSea scams, NFT art finance scams, and more. Some of the best known NFT frauds include:
Third-party marketplaces like OpenSea exist to facilitate NFT transactions and provide security that underpins each sale. But criminals can set up imitation marketplaces with similar URLs to deceive users. An NFT’s visible component is an image that can be easily copied plus some plaintext information, which means these websites can look very similar to legitimate marketplaces.
A rug pull is a scam where the promoters of a scheme deliberately hype it up through social media to drive up the price. Once they have taken investors' money, they stop backing it, which leads to the value of the asset crashing, and investors incurring losses. A variation on this theme is when developers of an NFT remove the ability to sell the token – by adding code that prevents this – leaving the purchasers with an unsaleable asset.
Pump and dump schemes
A pump and dump scheme is when a group deliberately buys up NFTs to drive up demand artificially. Believing the NFTs to have value, unsuspecting buyers join the auction and start bidding. Once the bids increase, the perpetrators sell off the NFTs for a profit, leaving buyers with worthless assets.
Before buying an NFT, you need to sign up for a crypto wallet. NFT phishing scams typically target customers with fake ads – for example, on Discord, Telegram, and other public forums – which ask for their private wallet keys and 12-word security phrase. Or scammers may impersonate MetaMask and send you fake alert emails saying your wallet will be suspended for security issues, prompting you to click a link in the email to verify your account. An NFT phishing scam is designed to obtain your personal information and drain your digital wallet.
Customer support scams
Similar to phishing scams, hackers pose as technical or customer support staff for blockchain marketplaces and contact unsuspecting targets on Telegram or Discord. Under the guise of attempting to resolve issues, the scammers send links to fake but official-looking websites – intending to gain personal information and access to cryptocurrency wallets. Alternatively, they may ask you to share your screen to resolve the issue – in reality, they want to see and screenshot your cryptocurrency wallet’s credentials.
Bidding scams occur when investors want to re-sell their purchased NFTs in a secondary market. Bidders might switch your preferred currency with lower-valued cryptocurrencies without telling you after you have listed your NFT sales. This can lead to potential losses for the seller if they don't double-check the currency before agreeing on the sale.
Scammers can plagiarize an artist’s work and list the fake version on an NFT marketplace. Unsuspecting buyers can end up buying a counterfeit NFT that has no value.
NFT giveaway or NFT airdrop scams
Scammers can pose as genuine NFT trading platforms on social media to promote NFT giveaways. They usually offer a free NFT if you spread their message and sign up via their website. Once you have signed up, you're prompted to link your wallet credentials to receive your 'prize'. Once they have your credentials, they can access your account and steal from you.
Because of the anonymity associated with dealing in cryptocurrency, investor scams can be common with NFTs. Scammers exploit the anonymity by creating projects that appear to be viable investments, then disappearing with funds they have collected from prospects without a trace.
Examples of NFT scams
2021: Evolved Apes
An example of an NFT rug pull took place in October 2021. A collection of 10,000 'Evolved Apes' went on the market. Buyers were supposed to receive a unique ape made of component elements that could be battled against other apes in a vaporware fighting game, where the prizes were cryptocurrency rewards. The initial NFT offering was to raise funding for the game. However, once the developer – known as ‘Evil Ape’ – had raised 798 Ether (equivalent to about $2.7 million at the time), he disappeared – leaving investors with nothing but a jpeg to show for their investment.
Fractal is a marketplace for game item NTFs. In 2021, scammers created and promoted a fraudulent NFT giveaway that resulted in users losing over $150,000 in cryptocurrency. Buyers were hoping to receive a limited edition NFT. Instead, they received an unpleasant surprise when they discovered that a link sent through the project’s official Discord channel was a scam set up to steal cryptocurrency. Users who followed the link and connected their crypto wallets in the hope of receiving an NFT found instead that their crypto holdings had been transferred to the scammer’s account.
The Frosties NFT scam was an example of a rug pull scam, which led to the theft of at least $1.2 million. The creators of an NFT collection called Frosties absconded with investors' funds. They deactivated all communication channels with members – leaving a community, which numbered about 40,000 at its peak, and who had been promised various rewards – stunned.
How to avoid NFT scams
Do your research
Check the details of any transaction before agreeing to it. Is the marketplace you’re using reputable and well-known? Can you view the buyer or seller’s transaction history? Read reviews and look at creators’ level of engagement to see if there are previous complaints about their transactions. If you’re investing in a project, check the developers behind it to see if they are genuine.
Don’t open files from senders you don’t know well
Hackers have created viruses that explicitly target cryptocurrency wallets. Avoid clicking links on unsolicited emails, as they can also lead to fraudulent exchange sites. Never click on links or attachments from unknown sources.
Watch out for giveaways
Although common within the NFT space, giveaways or ‘free drops’ can often carry security risks. Each NFT is tied to a contract that determines what can be done with it – this means that hackers can attach authorizations to access your wallet, sell your holdings, and more. Never accept an NFT from someone you don’t know and trust.
Never share the private key or seed phrase to your crypto wallet with anyone
Keep your private key and seed phrase safe. If anyone has these details, they can access your wallet and untraceably remove any NFTs or cryptocurrency. Use strong passwords for your cryptocurrency wallet and other NFT accounts. Where you can, use two-factor authentication for all your NFT accounts.
Verify the creator behind the project
Before transferring money, find and verify contact information for the NFT creator you want to purchase from. Check that the project creators are honest and transparent about who they are. If you find can’t clear information about the entities behind a project, this is a red flag.
Deal with official sites
Always go directly to verified websites for crypto transactions and avoid using links or pop-ups to enter your wallet’s key information. Resist the lure of so-called bargains, which could lead you to questionable blockchain networks.
Avoid visiting untrustworthy sites
It’s easy to misspell things – but sometimes typing a wrong URL by one letter or two can take you to the wrong site. In the NFT world, scam sites can be extremely dangerous. Always double-check the URL to ensure you are visiting the correct site and avoid doing anything you don’t feel comfortable doing. Remember: if something seems too good to be true, it probably is.
Double-check the NFT project price
Before making any NFT purchase, check the price on an official trading platform like OpenSea or others. If the price appears lower than what is listed on the legitimate trading site, tread carefully – it could be a scam.
Use burner wallets
A burner wallet will allow you to limit the number of funds you want to commit to a particular purchase – including crypto for transaction fees. This reduces your exposure to risk in the event of a scam.
Check verification marks
Most legitimate NFT sellers will have a blue checkmark beside their usernames on OpenSea and other NFT marketplaces, and the properties of the collection will be listed clearly. Check that the artist you are buying has a verified account and is the legitimate artist. Look for the artist on social media channels or via their website. You may want to ask them directly if the artwork you want to buy is theirs and if you have the correct user profile.
- Kaspersky Total Security
- Kaspersky Password Manager
- Kaspersky Secure Connection