Social media scams have become so common in the NFT space that even the most popular Ethereum wallet, MetaMask, is taking steps to improve the security of the crypto wallet. Twitter and Discord users get tricked into linking their cryptocurrency wallets to malicious smart contracts, which has resulted in the theft of their NFTs and other crypto tokens. Metamask has recently redesigned its user interface to aid users in identifying and avoiding such scams.
A recent cyberattack on the NFT drop registration platform Premint on Sunday, July 17th last month, exploited the setApprovalForAll function to steal many valuable NFTs and other crypto tokens from the users’ wallets that got hacked. Ultimately, the Premint team had to purchase and restore two expensive NFT pieces and reimburse affected users for approximately $500,000 worth of ETH.
The hackers infiltrated Premint's website with malicious JavaScript code. They created pop-up asking users to sign and verify their wallet ownership, allegedly for extra safety. The hackers then compromised the wallets of the scammed consumers, stealing about 321 NFTs, the majority of which sold for nearly $400,000 at the time.
The attack on July 17th was not the first scam to target the NFT market, which has a long history of scams and cyber-attacks due to its unprecedented market potential for generating high revenue. In 2021 alone, the NFT market generated $25 billion in sales. The great market potential has attracted many bad players to take advantage of the security inefficiencies around NFT platforms and wallets. In February, nearly $1.7 million worth of NFTs got stolen in a phishing scam on OpenSea. Whereas in April, $2.8 million worth of NFTs got stolen when the Instagram account of Bored Ape Yacht Club got hacked.
This article explores the top 10 NFT scams of all time and how you can avoid such scams. It also highlights good safety practices to protect your NFT and crypto assets.
Top 10 NFT Scams:
NFT scams have been around since the rise of the NFTs, much like the cryptocurrency scams that were very common during the cryptocurrency boom. Unfortunately, many have fallen victim to such tactics since almost all these scammers use sophisticated strategies to trick their victims. Not only are novice NFT investors tricked and scammed, but such NFT scams have also impacted famous actors and artists. For example, the Asian artist Jay Chou recently became a victim of one of these scam tricks and lost almost $560,000.
Similarly, the famous American actor Seth Green spent almost $300,000 last month to retrieve a stolen Bored Ape NFT that he intended to include in a forthcoming television series.
Despite various anti-fraud restrictions, this dynamic market relies on user conduct. The absence of regulation on the NFT market renders it vulnerable to all forms of scams. Several firms, including Adobe, are now attempting to develop authentication stamps that will make it simpler to confirm the authenticity of a token.
Here are the top 10 NFT scams that are posing a threat to NFT investors and buyers on different NFT marketplaces, wallets, and other similar platforms:
Phishing Scams and Suspicious Pop-ups:
Phishing scams trick NFT investors into signing up on compromised or hack pop-ups on NFT marketplaces and platforms using their NFT wallets. As mentioned earlier, the Premint NFT Drop registration platform scam is an example of a phishing scam where hackers infect the platform with malicious JavaScript code that results in suspicious pop-ups. These pop-ups pretend to enable extra security on the platform once you sign up with your wallet. However, these pop-ups are a gateway for stealing your NFT wallet’s private keys or approval for transferring your NFT assets that the hackers then exploit to steal all your crypto or NFT assets without your knowledge.
Many NFT collections offer their early investors an NFT drop where investors can benefit from discounted prices and exclusive initial offerings. NFT investors register via the NFT drop registration platform such as Premint, using their NFT wallets that transact on the Ethereum network. For NFT collectors, MetaMask may be the most widely utilized Ethereum wallet. However, MetaMask users were recently the subject of a phishing scam involving fake sign-up pop-ups requesting private wallet keys or the 12-words security seed phrases for alleged extra security of their NFT assets (this is a big red flag). Additionally, harmful counterfeit pop-ups that connect to legitimate-looking login pages, like those for MetaMask or other well-known websites, are active on Discord, Telegram, and other public forums, which may also scam NFT investors and steal their tokens.
Your entire digital wallet's cryptocurrency might be lost if a criminal manages to get your personal information via phishing.
NFT Phishing Scam Example (Source: @DylanMayoral_)
How to Avoid Phishing and Suspicious Pop-up Scams:
To avoid getting scammed by phishing and pop-up scams, you must be vigilant and watch out for them because they can seem like the original email, websites, and pop-ups. If you are not very observant, you can quickly become scammed and lose your NFT assets. To avoid phishing and suspicious pop-up scams requiring NFT wallet sign-ups, you must be meticulous about the source or web address of the NFT platform you are using. For example, in the case above, the email was sent from [email protected]; it would be a scammer.
Rug Pull NFT Scam:
Rug pull scams, when developers flee with investors’ money after quitting the project, are prevalent in the NFT and crypto space. A rug pull scam occurs when a dishonest team develops a brand-new NFT collection or NFT project and markets it on social media to naïve investors before abruptly vanishing with the money once enough people have invested in it.
For multiple reasons, team anonymity is quite common in the NFT space, where most projects or NFT collections prefer to keep their project team anonymous. However, this increases the chances of rug pull scams.
When the creators of an NFT include a code that prevents the buyer from selling the token, this is another variation on the rug pull scam.
Frosties’ NFT Series Creators Arrested in US Over ‘Rug Pull’ Scam (Source: Anand Market)
How to Avoid NFT Rug Pull Scams:
Rug pull scams are common in NFT projects and may occur in three ways: when developers remove liquidity, sell all of their shares, or render it impossible to sell.
To avoid rug pull scams, it's a good practice to engage with NFT collections where you trust and know the project team and have faith in them. Even better, if the project exposed the team members' identities, they are less inclined to try similar scams in the future.
Fake NFT Marketplaces:
Finding a platform that allows you to purchase and sell NFTs is the first step when investing in NFTs. A fast Google search can provide millions of search results; regretfully, many are scam NFT marketplaces. These online scam sites don't offer genuine NFTs. Therefore, if you purchase one, the website will record your login information from your transaction details. Additionally, these websites may request your private keys or 12-word safety seed phrases and utilize them to drain your NFT wallets of all your NFT or crypto assets.
How to Avoid Fake NFT Marketplaces:
To avoid fake NFT marketplace scams, conduct NFT transactions on genuine NFT trading platforms, such as the OpenSea and Solana NFT marketplace, and never submit your information on counterfeit links, pop-ups, or emails.
You will only need to use your seed phrase to create a physical backup of your crypto wallet or restore it. If you get asked otherwise, that is a red flag.
NFT Bidding Scams:
In the resale market, bidding scams frequently occur when traders try to resell NFT that they have previously purchased.
Once you put your NFT up for sale, a bidder might replace your chosen cryptocurrency with a higher value without your knowledge, thus incurring losses. Multiple cryptocurrencies are compatible for bidding on NFTs on marketplaces like OpenSea.
For example, if the bidder replaces 5 USDT with 5 ETH without your knowledge and you buy the NFT for 5 ETH, then that's a bidding scam.
How to Avoid NFT Bidding Scams:
To avoid an NFT bidding scam, double-check the transaction details for every trade so the scammer may not trick you into the wrong bid.
Pump and Dump NFT Scam:
In the NFT space, pump-and-dump scams are regrettably becoming more common. Pump and Dump describes a situation in which a group of NFT investors acquires many NFTs from a single collection, artificially inflating demand. Once they are successful, the scammer gets a high-priced payout, leaving others who didn't participate with worthless NFTs.
Avoid Pump and Dump NFT Scams:
To avoid Pump and Dump NFT scams, you must research the background and trading activity of any NFT project you are considering. The transparency of blockchain technology is beneficial in this regard. It is a good practice to check the volume of transactions and buyers for the NFT collection on OpenSea or any other NFT marketplace and their Etherscan transactions.
Counterfeit NFT Scam:
The act of creating a digital asset as an NFT does not grant you ownership of it or its IP rights. Instead, it just converts a digital file into a blockchain storage object. An artist’s work could get stolen by scammers, who then make a profile on an NFT marketplace and post the counterfeit NFTs for sale.
When the community finds that the NFTs bought are fake, they will become worthless, and there will be no way for the buyer to have their funds refunded.
How to Avoid Counterfeit NFT Scam:
Before placing a bid on an NFT, verify the seller's legitimacy by looking at their Discord or social media profiles.
Additionally, to prevent phishing, utilize the official link from the creator's social media account and save the website rather than looking for a collection straight on an NFT marketplace.
NFT Giveaway Scams:
Scammers often approach NFT investors and enthusiasts on social media and invite them to participate in an NFT giveaway contest while posing as officials from well-known NFT trading platforms. They promise to reward people with NFTs if they spread the competition and register their accounts on their website, which is a phishing website.
These scammers then ask such people to connect their NFT wallets to claim their NFT rewards, and once successful, they steal all NFTs of the connected wallets by accessing the misled user's accounts.
How to Avoid NFT Giveaways Scams:
To avoid such scams, do not trust accounts or emails that promote or invite you to participate in NFT giveaways. Instead, check and verify on official websites of NFT marketplaces that offer the NFT giveaways. Only use the official website to connect your wallet if the news is accurate.
NFT Technical Support Scam:
NFT technical support is another common type of NFT scam. A scammer acting as a customer service representative for NFT marketplaces or NFT collections is responsible for such scams.
These scams obtain personal information from naïve customers; this scam attempts to get in touch with them and steals their NFT wallet private key or seed phrase by tricking them into signing up on fake websites.
Technical support scams are most common on NFT projects discord, where many bots or scammers will text you as soon as you join.
How to Avoid NFT Technical Support Scams:
To avoid NFT technical support scams, only request assistance via the official NFT marketplaces, and double-check the site URL. Scammers may claim to be sending you security warnings regarding your account or NFT collection but never check or click anything before you verify its legitimacy.
Fake NFT Offers Scam:
Scammers impersonate reputable NFT trading sites and offer customers phishing emails saying that an individual has made an offer to purchase their NFT. These phishing emails aim to get users to click on the included link that leads to a fake NFT exchange.
And like many previous phishing scams, clicking the button will bring you to a false website asking you to connect your digital wallet and provide your seed phrase, enabling NFT scammers to access your wallet.
How to Avoid Fake NFT Offers Scams:
To avoid fake NFT offer scams, always validate the sender's identity of every email received from an NFT trading platform.
NFT Influencer Scams:
NFTs have gained popularity, leading to celebrity sponsorships that benefit the stars. Because NFTs are sold online and marketed on social media, public information about project marketing is restricted.
Popular NFT communities pay celebrities or influencers to promote projects, making it difficult to distinguish between genuine and fake NFT influencers.
Fake celebrity endorsements are another scam. Many consumers lose their funds participating in such NFT projects.
How to Avoid Fake NFT Offers Scams:
To avoid NFT influencer scams, understand and research the project in depth while checking the official social media of involved celebrities or influencers for verification before delving into the project.
The Takeaway – The Ultimate Guide to Avoid NFT Scams
The NFT space is common to new and old scamming techniques, which has resulted in many NFT scams sweeping the NFT space, so it's common for new users to come across NFT scams. The best guide to avoiding such NFT scams is to keep yourself, and your friends or family informed about all the different scams discussed above.
It's challenging to stay on top of these complex scams. NFT users can avoid these scams by keeping their private keys safe and secret, enhancing their NFT wallet security, double-checking, and only transacting with legitimate NFT platforms. You always do your research before engaging with any of these NFT projects.