Last year was no doubt the year of the NFT. In 2021, the trading volume in the NFT market was over $ 23 billion, with some NFTs selling for tens of thousands of dollars. From established artists to celebrities and iconic brands, we’ve seen people from a wide variety of industries come into the world. Unfortunately, as the industry continues to take giant strides, NFT scammers are popping up more and more. Driven by the lack of regulations and the ability to make quick money, an increasing number of scammers have begun to appear in the industry.
The biggest NFT scams and how to avoid them
As NFTs become more popular, scammers are also getting smarter and better at stealing NFTs and cryptocurrencies. This has led to the fact that even veterans in the field become victims of scammers. Take the famous rapper Waka Flocka Flame, who just a few days ago lost $ 19,000 in an NFT scam. Apparently, the hackers sent several malicious NFTs to one of his wallets. When he clicked on these funds in an attempt to remove them, his funds were automatically transferred to the attackers.
Obviously, in the NFT space, you should never be too careful. You never know when and from where a scammer might attack you. The only way to keep your cryptocurrencies and NFTs safe is to take all the necessary precautions. And it goes without saying – always remain vigilant and be extremely careful with who and with what you communicate on the Internet. An important way to avoid NFT scams is to stay on top of what’s happening online.
Let’s take a look at some of the biggest NFT scams and find out how to defend against them.
NFT phishing scams
Basically, phishing is a common online scam where scammers impersonate real organizations in order to steal sensitive information through emails, texts, and other means. The same thing happens in the NFT world, where scammers try to steal your private key or seed phrase.
The initial phrase is a list of 12-24 words that is generated by the crypto wallet to gain access to the wallet, that is, the cryptocurrencies and NFTs stored in it. This key cannot be reset by anyone, including your wallet provider. Thanks to the blockchain technology that underlies this technology, once a wallet is hacked and funds are stolen, no one will be able to reverse transactions. Simply put, if your funds are stolen, they are gone forever.
A typical example of an NFT phishing scam is the tempting NFT giveaway that gets unsuspecting NFT enthusiasts to share their opening phrase. Stazie, co-founder of Play to Make Money, Hedgie, is one of the victims of this phishing giveaway. In August, he lost nearly a million in digital assets, including 16 CryptoPunks and a significant amount of ETH.
After Stazie followed the link for a giveaway organized by the CryptoPunks bot on Discord, he ended up on a site very similar to the CryptoPunks site. It also got a popup similar to MetaMask. This was followed by a message stating that “the security was breached” and asking for an initial phrase to restore the wallet, which, unfortunately, he did. Before he could do anything, the fraudster (or scammers) fled with his assets.
Likewise, scammers posing as security agents or support personnel may contact you for help with some issues. Some may even send fake emails with wallet security warnings or OpenSea suggestions for your NFT. All of this will most likely be accompanied by phishing links to steal your initial phrase.
We cannot stress this enough: NEVER share your start phrase!
Remember, you never have to enter your start phrase to complete any transaction. Neither NFT marketplaces nor wallet providers will ask for your private key. If someone asks you about this, it is a scam and leave immediately. Also, make sure you store your password securely and offline so that hackers cannot gain access to it.
Fake NFT projects and sites
As we mentioned in the case of phishing attacks, there are many fake websites out there. Even if you Google the NFT site yourself, a simple typo can lead you to a fake site. Since most of these sites look very similar in appearance to the originals, you probably won’t understand what happened until it’s too late.
Consider the NFT Trader, a site commonly used by NFT traders. Although the official domain is “nfttrader.io”, there are several scam sites that use domains such as “ntftrader.io” or “nfttrader.link”. In one such scam, @shanterpster lost a $ 281,000 Bored Ape. Thus, every time you use the NFT site dApp, double check that you are using the correct site.
The same is true for NFT projects on marketplaces – scammers create dozens of copies of NFT projects on the Internet. Here are some ways to avoid being scammed with fake projects:
Marketplaces such as OpenSea validate collections and creators for authenticity and add a verified project badge to accounts. Buying from trusted collections is a good way to avoid falling into NFT scams.
Look out for signs of fake NFTs. These include extremely low price, small collection size and low sales.
Another way to identify a fake NFT is to check its individual description and properties. More often than not, fraudulent NFTs have neither description nor properties.
Also, if someone sends you free NFTs, don’t interact with them in any way. Remember what happened to Waka Flocka Flame? Therefore, do not try to delete them, ship them anywhere, or sell them.
Beware of rugpulls!
For the uninitiated, this is when the creators do not complete the project and hide with all the money. Typically, scammers create a legal-looking project with illustrations, website, social media accounts, etc. However, after the launch of the project, when collectors minted the NFT, the developers run away with all the money, leaving investors empty-handed.
From Iconics and Bored Cat Club to Tokyo Ten and Crazy Lemur club, several scams have rocked the NFT industry lately. A particularly striking scam of this kind is the NFT Evolved Apes scam, where developers stole $ 2.7 million worth of ETH.
Discord hacks are on the rise
We’ve already talked about phishing, and now you should know that you should never click on unknown links you receive, be they emails or Discord DM messages. But links posted by genuine NFT projects on their Discord servers should surely be safe, shouldn’t they? Well, not always. Unfortunately, there have been a series of hacks on NFT’s Discord servers where scammers hacked into their bots.
Basically, after hacking a bot, attackers publish a message on the channel. Often, hackers will advertise a “stealth launch” with a link to a fake site. As soon as people go to the site, the scammers will leave with all the money. This is exactly what happened recently with the Boss Beauties NFT project. This project is one of many that have been spotted with similar Discord scams in the recent past.
As the industry matures, NFT fraud will only grow. While we have listed some of the more common types of scams, this is not an exhaustive list and new methods will only appear. As a general rule, always be extremely careful when planning to NFT. Also, be sure to take extra precautions like using two-factor authentication for your accounts and a password manager. You can also use a dedicated wallet to store your assets offline, which makes them more secure.