NFT scams: top 10 threats to avoid & proven strategies to stay safe
Non-fungible tokens have been around for years but became remarkably prominent during the COVID-19 pandemic. Mainstream media reports of multi-million-dollar NFT transactions became regular headlines during this time.
Unsurprisingly, this led to a massive surge in interest for NFT projects. People from all walks of life – including those without any background in technology or digital art – began to speculate on this exciting new market.
But scammers and fraudsters entered the market, too. Many simply adapted existing crypto scams to the new NFT marketplace, while others invented entirely new NFT scams. Criminals are capitalizing on the fact that many people don’t understand exactly what NFTs are or how the NFT market works.
What are NFTs, exactly?
NFTs are unique tokens that can be bought and sold on specialized exchanges. They use blockchain technology to guarantee the uniqueness of the token. This makes it much harder to commit certain types of fraud and enables people to securely trade them for money, cryptocurrency, or other NFTs over the Internet.
At first glance, this makes NFTs broadly similar to cryptocurrencies like Bitcoin. The main difference is that cryptocurrency tokens are interchangeable – you can trade one Bitcoin for any other Bitcoin without losing or gaining anything.
NFTs are not interchangeable. Each individual token represents a unique asset and can’t be replicated. It can be helpful to think of NFTs as a digital “Certificate of Authenticity” you can attach to almost anything you create.
This makes them useful for buying and selling anything that derives its value from its authenticity or identity. Some of the things that people trade using NFTs include:
- Artwork. This is among the most popular use cases for NFTs. Artists attach them to their artwork so that anyone can instantly verify the authenticity of the work in the future.
- Intellectual and Property rights. NFTs can tokenize rights attached to assets, enabling a wide range of algorithmic transactions. For example, the creator of a song may use an NFT to receive royalties whenever anyone plays the recorded version.
- Digital identities. Social media profiles, video game characters, and metaverse real estate are all examples of digital identities that can be encoded into NFT format and traded between people.
- Memberships. Digital groups and brick-and-mortar businesses can use NFTs to verify members while allowing them to trade membership with one another. A business might use this to extend special offers or discounts to NFT-holding members.
- Event tickets. NFT technology can replace paper tickets and QR codes. This might allow people to trade concert tickets on a secondary market without the risk of being scammed by scalpers.
In general, NFTs exist to improve the security of trading digital and physical assets. They’re supposed to reduce scams and make it harder to counterfeit unique goods. It’s true that the technology makes some scams nearly impossible to pull off. However, hackers are resourceful and they have come up with a variety of clever NFT scams.
How do NFT scams work?
While NFTs are nearly impossible to replicate, that doesn’t mean they are impervious to scams.
There are many scams that bypass the security features that NFTs enable for the assets they protect.
This is where it’s helpful to think of NFTs as certificates. Thieves can steal priceless works of art without bothering to steal the certificates of authenticity that accompany them. Archaeological looters can sell valuable antique artifacts for huge sums of money without bothering to certify them first.
But many NFT scams take a different route entirely. They use the fact that NFTs are a new and misunderstood technology and trick people into buying things they don’t understand. Other NFT scams focus on breaking into the accounts of NFT owners and transferring ownership to themselves.
None of the scams compromise the underlying technology that NFTs rely on. Blockchain security is remarkably difficult to break. Instead, they focus on social engineering tricks that deceive people into giving up important information (like their private wallet key or NFT market login credentials). Instead of trying to hack the system, these scammers are trying to hack you.
10 types of NFT scams to watch out for
1. NFT phishing scams
One of the easiest ways to steal from an NFT owner is to gain access to their account. If a scammer can use stolen digital wallet credentials to access your account, they can easily lock you out and wire all your money to themselves. If you have NFTs on your account, they can simply sell them, transfer the earnings to other NFT accounts, and go on their way.
Phishing scams use a variety of deceptive messages to trick you into giving up your login credentials or other sensitive data. Spoofed emails are among the most common methods hackers use to launch phishing attacks.
In this scam, you might receive an urgent email from the NFT platform you signed up for. It tells you that someone is trying to break into your account, so you have to urgently log in and change your password. You click on the link in the email, input your login information, and receive a message telling you everything is now okay.
But neither the email nor the login webpage you visited belonged to the NFT exchange. They were lookalikes designed to trick you into sending your login information directly to scammers. Now they can access your account, sell any NFT collections you own, and profit directly.
2. Bidding scams
Bidding scams are a kind of bait-and-switch scam. However, instead of switching the asset you’re trying to buy – the NFT – scammers switch the currency bid at the last minute.
Most legitimate NFT sellers allow buyers to select the currency they wish to pay in. The platform will deposit the appropriate currency in your crypto wallet once the auction is complete. Since cryptocurrencies vary widely in price, you may end up with much less than you expected.
Imagine you’re auctioning an NFT for sale and someone bids 25 Ether for it. When the auction closes, you expect to have tens of thousands of dollars’ worth of cryptocurrency deposited into your digital wallet. But at the last second, the scammer switches their bid to 25 dogecoin. Instead of buying a new car with your earnings, you’ll be lucky to buy a cup of coffee.
To avoid this scam, pay close attention to the bidding price and currency whenever auctioning NFTs online. Don’t rely on NFT marketplaces to warn you about last-minute currency changes.
3. Rug pull scams
The rug pull scam is common in the world of cryptocurrencies, NFTs, and other blockchain technologies. This is where scammers spend time and money building a reputable brand and attracting investment in a project only to defraud investors and shut down before paying out any returns.
This scam takes multiple forms. The most obvious one is when developers lure investors into a project, accept their money, and then simply disappear with the funds. However, there are also versions where developers don’t “abandon” the project per se, but they do sell off all their pre-generated holdings, draining funds away from investors in the process.
Not all rug pulls are illegal. To convict scammers of NFT fraud, investors must prove scammers conspired to commit fraud or money laundering. This can be hard to do when developers keep promising results while legally selling their tokens and devaluing the project.
To protect yourself from this NFT scam, you must conduct due diligence before investing. Is the project backed by reputable people in the NFT space? Is there a clear road map for where the project is headed? How responsive are their investor and customer support channels?
4. Airdrop scams
Airdrop scams are similar to giveaway scams. They start with the victim receiving an unsolicited free “gift” from a stranger. It’s an NFT that contains instructions directing the victim towards a website. These instructions may be part of the artwork image, or embedded in the NFT’s description or other data.
In either case, the instructions promise free assets with high returns to anyone who visits the website. However, the website itself is malicious, and will either conduct a phishing attack to gain access to your cryptocurrency wallet, or prompt a malicious transaction that will drain your funds through questionable blockchain networks.
Hackers can easily encode these actions into scam websites. As soon as you interact with the website by clicking (or tapping) on it, it can run this code on your device.
Like all NFT giveaway scams, you can avoid this by ignoring free gifts and offers from people you don’t know. Don’t trust website links embedded in emails, social media messages, or NFTs. If you want to participate in an NFT giveaway, pay close attention to the people behind it and research the project before signing up.
5. Investor scams
Investor scams are common in every secondary market, from stocks and bonds to cryptocurrencies and NFTs. Many classic con men like George C. Parker essentially ran variants of this scam for decades at a time, selling bridges, buildings, and public parks that did not belong to them.
In most cases, the scam follows a predictable path. Scammers start by reaching out to unsuspecting buyers with a tempting offer. It’s always some kind of investment opportunity that promises enormous returns. In the NFT space, they may claim to be NFT issuers or people who came into ownership of high-value NFTs.
In this scam, the underlying asset is legitimate – but the person claiming to represent it is not. Even though NFT technology lets people follow the chain of ownership stemming from the original creator of the NFT, it’s not always easy to match an owner’s identity with their place in the chain.
This is because NFT issuers, owners, and traders often use pseudonyms. It takes considerable research to avoid NFT scams and check the transaction history to find out if an NFT is legitimate or just another worthless asset – but doing it protects you from common scams like this one.
6. Giveaway scams
Like many other NFT scams, giveaway scams spread through social media, email, and other platforms. Scammers start by offering a free NFT to anyone who signs up to their service or website. But before you can receive your prize, you must provide some data about yourself. Alongside normal questions about your name and email address, you may also be asked for your private data or passwords.
In some versions of the giveaway scam, the website itself is malicious. It may trick unsuspecting investors into clicking on suspicious links that download malware. It may sponsor counterfeit NFTs or fake NFT projects. Some fake websites do all of the above and more.
The main difference between giveaway scams and airdrop scams is the method scammers use to contact their targets. These scams can happen through any communication channel, while airdrop scams are limited to Apple’s Airdrop service.
Like airdrop scams, the best way to protect yourself is by securing all your NFT accounts and never giving away information about your NFT collection. Avoid doing business with anyone other than legitimate NFT sellers or people responsible for legitimate NFT projects. Don’t trust people who promote NFT giveaways that seem too good to be true.
7. Pump-and-dump NFT scams
This scam is also well-known outside the NFT space. It was a common scam in the stock market before regulators began cracking down on penny stock scammers in the 1990s. In the world of cryptocurrency and NFT trading, however, the scam is alive and well.
In this case, scammers generate interest in an obscure and little-known asset that trades at a very low price. They might claim this NFT project will become the “next big thing” and try to convince as many people to buy in as possible. The scammers will buy the asset at a low price and then sell it after other investors cause the price to surge upwards.
Scammers use social media campaigns, celebrity endorsements, and other techniques to give their scheme the appearance of legitimacy. With obscure NFTs that aren’t yet popular, it doesn’t take more than a few big investors to push the price up. Ultimately, the scammer sells, stops promoting the NFT, and lets the price crash back down.
It can be very hard to detect pump-and-dump schemes. Sometimes, a legitimate NFT project (or a stock, or any other asset) suddenly becomes very popular, creating a surge in investor interest. The key to identifying pump-and-dump scams is knowing exactly what caused the sudden surge of interest. If you can’t identify why the price is moving, it’s safer to stay away.
8. Counterfeit NFT scams
Even though NFT technology allows buyers and sellers to verify the authenticity of artwork and other digital assets, counterfeit NFTs are surprisingly common. Scammers rely on the fact that many people don’t know exactly how NFTs work, or how to use NFT protocols to authenticate digital assets.
This is understandable because there are many different protocols, each with their own verification mechanism. The important thing to keep in mind is that nothing stops a scammer from copying a famous piece of NFT art and using it to mint an NFT. The artwork will be identical, but the NFT will be different.
If you buy an NFT without verifying the authenticity of the protocol used to mint it, you are essentially taking the seller’s word that it is genuine. This would be like buying a famous painting and neglecting to check the certificate of authenticity included with it – or if it even exists. You wouldn’t know if you bought a fake version or not.
If you’re considering spending any amount of money on purchasing NFTs, you should always check the protocol used to issue the NFT. On Ethereum-based networks, you can use a tool like EtherScan to do this. The NFT market exchange may also be able to perform this verification for you, too.
9. Spoofed NFT platforms
Although scammers may have a hard time spoofing individual NFTs, nothing stops them from spoofing the NFT marketplaces buyers and sellers use to conduct transactions. For a technically proficient hacker, copying the contents of a popular NFT marketplace and hosting an exact replica on a malicious website is relatively easy.
Lazy hackers may simply copy the image of the NFTs they want to fraudulently sell onto the new website. Sophisticated hackers may take the extra step of including NFT metadata and scanning features. They may even link to the original website and show you the real listing before taking you to a fake website when it’s time to make your purchase.
The best way to protect yourself against spoofed NFT marketplace scams is paying close attention to the URL of every webpage you visit when buying or selling NFTs. For example, someone could copy the popular platform OpenSea.io to a different top-level domain like OpenSea.deal or OpenSea.xyz – and you may never notice the difference.
Avoid NFT scams by learning how to spot spoof websites. Hackers may register a website with an intentional misspelling of a popular platform’s name, or use international characters from non-Latin alphabets to trick people into clicking onto fake websites.
10. NFT theft
As with any other valuable asset, theft is a serious risk for NFT owners. If you own a valuable NFT, scammers will come up with ingenious ways to trick you into giving up ownership over it. Phishing scams are among the most common methods criminals use to do this – but not the only one.
For example, hackers may instead focus on breaking into the social media accounts of trusted NFT issuers. They can then lead unsuspecting victims onto malicious websites that launch smart contracts issuing NFT transactions. These transactions place victims’ NFTs into the hackers’ digital wallets almost instantly.
This is the exact method one attacker used to steal extremely valuable Bored Ape Yacht Club NFTs worth millions. Even though the NFT protocol itself is incredibly secure, nothing prevents scammers from tricking NFT owners into transferring their digital assets away.
Preventing NFT theft requires the same kind of vigilance that people extend to precious artwork, real estate, and intellectual property. Never share information about your NFT collection with strangers, and make sure your login data always remains private. Only execute transactions on NFT marketplaces you know and trust.
Identifying an NFT scam
Here are some of the things you need to look out for in order to avoid NFT scams:
- Suspicious links from untrusted contacts. Whenever someone you don’t trust sends you a link, be cautious – it may be a phishing scam. If you click on a fake link, it may trick you into logging into a fake NFT account. Scammers will be able to access your cryptocurrency wallets, digital assets, and more.
- Fake NFT creator social media accounts. It’s true that NFT art creators often use social media to promote their work. However, well-known creators don’t typically reach out to strangers to boost their NFT project price. Be suspicious whenever talking to someone who claims to own a well-known NFT account or digital asset.
- Low volume transaction history. Most exchanges protect NFT buyers by letting them the transactions associated with NFT sales. This adds an additional layer of security and helps buyers identify stolen NFTs. There are many counterfeit NFTs scammers try to unload on unsuspecting buyers, hoping they won’t check the record of transactions.
- Unclear ownership records. Scammers may try to issue NFTs for valuable assets they do not actually own. These could be fake artworks or any other kind of fraudulent digital representation. If you’re not sure who owns the digital asset in question, you shouldn’t trust the seller enough to make an NFT purchase.
Is investing in NFTs risky?
NFTs are a speculative investment. Some of them will rise in value over time, while others will drop and eventually become worthless assets. Legitimate NFT projects with value-generating features may provide useful benefits to potential buyers, but everyone involved must practice due diligence and look for more than a blue checkmark next to their counterparty’s name.
While the blockchain technology that underlies NFTs does increase security and guarantee authenticity, it isn’t foolproof. Scammers can bypass these security controls by tricking NFT owners into giving away their valuable collections, their sensitive data, or both.
From a security perspective, investing in NFTs is risky because NFT marketplaces are not yet fully regulated. Scammers are rarely caught and serial offenders aren’t often prosecuted. This makes it easy for a career criminal to make a living defrauding unsuspecting investors from their NFT collections. It’s up to you to protect yourself from these risks.
How to protect yourself from NFT fraudulent activity
Owning a valuable NFT can add to your risk, for the same reason that professional art thieves target famous paintings. If you own a high-value NFT, you should take extra steps to secure yourself against fraud.
First, consider taking your personal information off of data broker and people-search websites. It’s the go-to place for scammers to get your sensitive data starting from home and email address to income and lawsuits. If someone connects your private details to your NFT collection, they could use that information to access your accounts, impersonate you, send you phishing links, and steal your NFTs.
Onerep protects your personal data by removing it from 208 data broker and people-search sites and, subsequently, Google. This will make it harder for scammers to find out who you are and use that information to steal your NFT collection.
Second, activate dual-factor authentication on every service that supports it. Your NFT marketplace should provide you with additional security features. You should enable them and make sure nobody has access to the devices you use to manage your NFT collection.
Third, you should make sure all of your passwords are strong and unique. Do not reuse passwords across multiple services. If your information is disclosed in a data breach, hackers may try to use your password on other accounts, hoping to gain access before you know your data is exposed.
The best way to protect yourself from NFT fraud is understanding how NFT scams work and what scammers hope to achieve through the most common NFT scams. If you protect yourself from different NFT scams and keep your crypto wallet secure, you should be able to prevent the majority of fraud and phishing scam attempts.
FAQ
How do NFT scams affect the NFT space?
NFT scams make it harder for legitimate NFT projects to gain recognition and prevent interested buyers from entering the marketplace. Fake NFT projects and NFT giveaway campaigns take valuable attention away from reputable NFT exchange markets, making it harder for people to conduct genuine NFT trades.
Can I recover lost funds from an NFT scam?
Sometimes. Your NFT marketplace may have security policies and controls designed to help users recover money lost to scammers. NFT marketplaces have intervened to block fraudulent transactions in the past, and yours may help you recover – but there is no guarantee.
Are all NFT platforms risky?
Some platforms are more risky than others. Highly reputable NFT platforms like OpenSea and Blur offer significantly less risk than less well-known alternatives. Always conduct due diligence and pay close attention to the platform you do business with. Look for information about where the platform’s headquarters is located, and what kind of customer support it offers to users.
How can I recognize fake crypto influencers?
Be suspicious of any popular social media account in the crypto or NFT space that sends you unsolicited messages with offers. Real influencers will rarely send unsolicited messages to people they don’t know, and don’t generally offer their visibility and reputation to third parties for free.
How can I tell if an NFT platform is legitimate?
Always verify the NFT website and URL to make sure it matches your expectations. Never click on links embedded in emails, direct messages, or NFT metadata. Take time to scrutinize the website and its data (such as NFT listings, prices, and sales volume) to make sure it matches with publicly available data on other exchanges. Don’t connect your wallet to any NFT platform you don’t trust.
How to Recognize NFT scam websites?
Be suspicious of any website that offers you a free NFT or money for signing up. Some NFT giveaways are legitimate, but they're frequently involved in common NFT scams, too. Don't trust any website with a URL that doesn't match its brand name, and don't connect your crypto wallet to any website until you know it's legitimate.
Where can I buy NFTs safely?
Two of the most trusted NFT marketplaces are OpenSea and Blur. Many well-known cryptocurrency exchanges also engage in NFT traffic as well. For example, Binance operates its own NFT market, and so does Coinbase. Even reputable fine arts brokers like Sotheby's have entered the NFT world.
What is the most expensive NFT ever sold?
The most expensive NFT ever sold is ‘Merge’, the creation of a digital artist called Pak. The artwork was sold for $91.8 million in 2021.
Mark is a Privacy Expert at Onerep. He comes from a strong background in the Identity Theft Protection and Consumer Credit world, having spent numerous years at Experian, including working on FreeCreditReport and ProtectMyID.