NFT Evening NFT Evening
    Facebook Twitter Instagram Reddit
    NFT Evening NFT Evening
    • News
      • Collectibles
      • Crypto Art
      • Blockchain games
      • Metaverse
      • Music
      • Interviews
    • Guides
      • Top NFT Projects
      • Top Blockchain Games
      • NFT Marketplaces and Tools
    • Learn here!
      • What is an NFT?
      • How to keep your NFTs safe
      • NFT Glossary
    • NFT Calendar
      • NFT Drops
      • NFT Conferences
      • NFT Launchpad
    • Newsletter
    NFT Evening NFT Evening
    Guides

    Home » Guides » NFT Scams: How to Keep Your Crypto Safe and Protect Your NFT

    NFT Scams: How to Keep Your Crypto Safe and Protect Your NFT

    By Reethu RaviJanuary 3, 2022Updated:February 14, 202314 Mins Read
    Contents hide
    The biggest NFT scams and how to avoid them
    NFT Phishing scams
    Fake NFT projects and websites
    Do not interact with NFTs and tokens sent to your wallet!
    Beware of rugpulls!
    Stolen artworks and NFT artist impersonation
    Discord hacks are on the rise

    Last year, without a doubt, was the year of NFTs. The NFT market generated more than $23 billion in trading volume in 2021, with some NFTs selling for tens of thousands of dollars. From acclaimed artists to celebrities and iconic brands, we witnessed the who’s who of numerous industries foraying into the space. Unfortunately, as the industry continues to take giant strides, NFT scams are increasingly plaguing the industry. Driven by a lack of regulations and the chance to make a quick buck, a growing number of scammers have now hit the industry. 

    With NFT scams on the rise, it is essential to take precautions.

    The biggest NFT scams and how to avoid them

    As NFTs become more mainstream, scammers are also becoming smarter and better at stealing NFTs and crypto. This has led to even veterans in the space getting scammed. Take the famous rapper, Waka Flocka Flame for example, who lost $19,000 in an NFT scam just days back. Apparently, hackers sent some malicious NFTs to one of his wallets. When he clicked on the assets in an attempt to delete them, his funds were automatically transferred to the attackers. 

    According to a survey, by PrivacyHQ, nine out of 10 respondents reported being victims of an NFT scam. Besides, 16% of respondents said their accounts had already been hacked.

    Clearly, you can never be too careful in the NFT space. You never know what scam may hit you, when, and from where. The only way to keep your crypto and NFTs safe is to take all the necessary precautions. And it goes without saying—always keep your guard up and be extremely wary of who and what you interact with online. An important way to avoid NFT scams is to be aware of what’s happening out there. 

    Let’s take a look at some of the biggest NFT scams and learn how to protect yourself from them.

    NFT Phishing scams

    Basically, phishing is a common online scam where scammers impersonate real organizations to steal sensitive information through emails, texts, and other means. The same has been widely happening in the NFT world, where impersonators try to steal your private key or seed phrase. 

    Now, a seed phrase is a list of 12 to 24 words generated by a crypto wallet to give you access to the wallet, meaning, to the crypto and NFTs stored there. This key cannot be reset by anyone, including your wallet provider. Due to the underlying blockchain technology, once a wallet is compromised and the funds are stolen, no one can reverse the transactions. Put simply, once your assets are stolen, they are gone forever.

    A typical example of an NFT phishing scam is a tempting NFT giveaway that leads unsuspecting NFT enthusiasts to share their seed phrase. Stazie, the co-founder of the play-to-earn game, Hedgie, is one such phishing giveaway victim. In August, he lost nearly a million worth of digital assets, including 16 CryptoPunks, and a substantial amount of ETH.

    Tweet from stazie on NFT scam
    Tweet from stazie via @stazie

    After clicking the link for a giveaway by a CryptoPunks bot on Discord, Stazie was taken to a site very similar to that of CryptoPunks. He also got a pop-up for what looked like MetaMask. This was followed by a message stating that the “security was compromised” and asked him to enter the seed phrase to restore the wallet—which, unfortunately, he did. Before he could do anything, the scammer (or scammers) got away with his assets. 

    Similarly, fraudsters pretending to be security agents or support staff members can reach out to you to help with some issues. Some may even send fake wallet security alert emails or OpenSea offers for your NFT. All of these will likely come with phishing links to steal your seed phrase. 

    This brings us to—

    We cannot stress this enough: NEVER share your seed phrase!

    Remember, you won’t ever have to enter your seed phrase to complete any transaction. Neither NFT marketplaces nor wallet providers will ask for your private key. If anyone asks you this, it is a scam and quit immediately. In addition, make sure to store your password securely and offline so that hackers do not get access to it. 

    Stay wary of phishing emails

    Malicious actors pretending to be real companies and reaching out via emails are also extremely common in phishing scams in the NFT space. Unfortunately, even experienced crypto users fall prey to these scams. Take for example the case of Arthur, a crypto investor and founder of the crypto venture fund, DeFiance Capital.

    A hacker accessed Arthur’s wallet via a “targeted social engineering attack”. To explain, they sent Arthur a phishing mail seemingly from one of their portfolio companies. Moreover, the e-mail featured “general industry-relevant content” from two “seemingly legitimate sources”.

    The e-mail was from “Azure Information Protection” and included a document titled: “A huge risk of stablecoin”. When Arthur clicked the file, the hacker was able to gain access to their hot wallets in the system. Eventually, they took a range of NFTs, including several Azuki NFTs, from arthur’s wallet.

    Azuki NFTs
    Arthur lost several Azuki NFTs.

    As a matter of fact, Kaspersky researchers have identified an APT (advanced persistent threat ) group—which they call BlueNoroff. BlueNoroff is a large group of Lazarus attackers involved in malware implants, exploits, and more on the banking sector. Reportedly, the group is now targeting cryptocurrency businesses.

    Essentially, the group develops fake cryptocurrency software development companies to lure individuals into installing seemingly authentic applications, which can eventually compromise the users’ accounts. The group goes even a step further. BlueNoroff operators have been found to track existing cryptocurrency startups, identify interactions between individuals, and send “social engineering attacks” that look like your everyday conversations.

    “A document sent from one colleague to another on a topic, which is currently being discussed, is unlikely to trigger any suspicion,” explained Secure List. “BlueNoroff compromises companies through precise identification of the necessary people and the topics they are discussing at a given time.”

    This is likely what happened in Arthur’s case.

    Use hardware wallets

    In the examples above, it is clear that it’s not easy to avoid such elaborate schemes. As long as your crypto wallet is connected to the internet, it is at risk of an attack. Therefore, a good safety measure is to use a hardware wallet, like Ledger. A hardware wallet stores your digital assets offline, in what is referred to as “cold storage”.

    Think of these like your external drives. In other words, you have to plug them into your device to access your currency. As your NFTs won’t be stored on online servers, these are more secure than software wallets like MetaMask. Even if a hacker hacks your device or someone steals your wallet, they will still need your private key to access and transfer your NFTs.

    However, even while using hardware wallets, you must be careful. Hardware wallets allow you to install a certain number of apps. Some crypto apps in the hardware wallet have a ‘Blind Signing’ option, wherein, you can sign a transaction blindly without being able to see the details of the message and the sender. This is extremely risky and you may end up approving malicious transactions.

    Fake NFT projects and websites 

    As we mentioned in the case of phishing attacks, there are plenty of fake websites out there. Even if you are Googling an NFT website yourself, a simple typo could land you on a fake website. Since most of these sites look strikingly similar to the original, you probably won’t realise what happened until it’s too late. 

    Consider NFT Trader—a website commonly used by NFT traders. While the official domain is ‘nfttrader.io’, there are several bogus websites that go by domains such as “ntftrader.io” or “nfttrader.link”. In one such scam, @shanterpster lost a Bored Ape worth $281,000. Hence, every time you use an NFT website dApp, double-check to ensure that you are using the right one.

    OpenSea marketplace showing Axie Infinity
    Buy from verified accounts, especially if it’s already a well-established NFT project. Credits: OpenSea

    The same goes for NFT projects within marketplaces—scammers create scores of replicas of NFT projects online. Here are some ways to avoid getting scammed by a fake project: 

    • Marketplaces like OpenSea verify collections and creators as authentic and add a verified badge to the accounts. Buying from verified collections is a good way to avoid getting into NFT scams.
    • Look for the tell-tale signs of fake NFTs. This includes an exceptionally low price, small collection size, and low sales volume. 
    • Another way to spot a fake NFT is by checking its individual description and properties. Most often, scam NFTs won’t have any description or property.

    Do not interact with NFTs and tokens sent to your wallet!

    Connecting your wallets on websites, in itself, is safe. The only drawback is that as the website has your wallet address, it could be used for any attacks. For example, some websites use unsafe methods like ‘eth_sign’, which will allow even transaction messages to get signed (check the below example from fabdarice.eth). There is a common misconception that disconnecting your wallet once connected will help—it won’t. To protect your wallet, you must never interact with an unknown contract. If the contract has any malicious functions, it can steal your wallet’s contents when triggered. 

    Tweet from fabdarice.eth on NFT scams
    Tweet from fabdarice.eth via @fabdaRice

    Follow the golden rule: if it’s free, it’s probably bad news for you. If someone sends you free NFTs, do not interact with them in any way. Remember what happened with Waka Flocka Flame? So, do not try to delete them, send them elsewhere, or sell them—simply ignoring them is the best course of action. 

    Beware of rugpulls!

    For the uninitiated, a rugpull happens when creators fail to deliver on a project and abscond with all the money. Typically, the scammers will create a legit-looking project with artwork sneak peeks, a website, social media accounts, and more. However, post-launch, when the collectors have minted NFTs, the developers flee with all the money, leaving the investors empty-handed.

    According to PrivacyHQ, this is the most common scam people have experienced—the NFT provider shutting down entirely. Apparently, around 43.8% of respondents claimed to have purchased an NFT that eventually disappeared. 

    From Iconics and Bored Cat Club to Tokyo Ten and Crazy Lemur club, several rugpulls have riled the NFT industry recently. A particularly jarring NFT scam of this kind is that of the Evolved Apes rugpull, where the developers stole $2.7 million worth of ETH. 

    A collection of emojis left during an NFT scam
    In the Iconics rugpull, investors were left with a collection of emojis as NFTs. Credits: @0x_DRIP/Twitter

    Unlike the NFT scams mentioned above, rugpulls are more difficult to identify. So, be extremely wary of new NFT projects and do enough research, especially on the developers, before investing. 

    Here are a few red flags to keep an eye on before investing in new NFT projects:

    Red flags to watch in new NFT projects

    • Naturally, developers who have doxxed themselves are slightly more trustworthy. A doxxed team reaffirms that there are real, trustable people behind the project. 
    • Projects with tonnes of fake followers, especially those with Discord invite contests, are mostly using bots. Even if it’s a legit project, this is not authentic community building, which is important for staying in the space in the long run.
    • Another tell-tale sign of a suspicious project is artificial hype and celebrity endorsements. Oftentimes, people don’t realise that projects can buy celebrity endorsements for cheap to create fake hype. Thus, before falling for celebrity endorsements, double-check to make sure it is an official partnerhsip.
    • Several shady projects also tend to have exorbitant mint prices. Usually, they create fake hype to sell the NFTs for upwards of 1.5 ETH per mint. As opposed, genuine projects tend to keep a reasonable starting mint price to build a real community.
    • Projects that use tactics like floor sweeps or ban members who list below set prices to keep the floor high, are another red flag.

    At the end of the day, there’s no foolproof way to ensure the authenticity of a project. The best you can do is to keep an eye out for the above red flags (which is in no way exhaustive) and look for projects that are building a community more organically. Projects with a proper, innovative roadmap, effective tokenomics, adequate security measures, and transparent functioning, are more trustworthy.

    Stolen artworks and NFT artist impersonation

    Another increasingly common scam in the NFT market is art forgeries.  A slew of artists like Derek Laufman, RJ Palmer, Trevor Henderson, Liam Sharp, and more have had their works stolen and sold as NFTs. As the scammers often impersonate the artist, complete with their profile picture and bio, unsuspecting fans end up buying the NFTs. In one instance, acclaimed graffiti artist Banksy’s website got hacked, with the hacker adding a link to a fake NFT auction site. None other than Pranksy fell for the scam, shelling out $336,000 for the piece.

    Banksy’s fake NFT featuring a Punk
    Banksy’s fake NFT. Credits: Pranksy/Twitter

    While it’s easy to fall prey to such scams, here are some steps to ensure you don’t end up buying a stolen NFT:

    • Buying from verified artists on marketplaces is an easy step of confirming the NFT’s authenticity. Alternatively, you can choose highly curated websites like Foundation, SuperRare, and KnownOrigin.
    • If it’s a famous artist, they are likely to post about the drop on their social media accounts as well. So make sure to look for any official announcements from them. Just to be sure, you could always ask the artist directly.
    • If it’s a relatively unknown artist, carefully look at their social media sites to see how legit they are. 
    • Use Google’s reverse image search to know about the origins of the artwork and the versions that exist online.

    Discord hacks are on the rise

    We have already discussed phishing and by now you should know that you must never click on unknown links you receive, whether on emails or Discord DMs. But, links posted by authentic NFT projects in their Discord servers must surely be safe, right? Well, not always. Unfortunately, a series of hacks have been transpiring on NFT Discord servers where fraudsters hack their bots. 

    Basically, after hacking the bot, the malicious actors will post a message on the channel. Often, the hackers will announce a “stealth launch” with a link to a fake website. Once people mint through the website, the scammers will walk away with all the money. This is what happened recently with the Boss Beauties NFT project. The project is one among many that have been privy to such Discord scams in the recent past. 

    Zeneca's tweet on Discord NFT scams
    NFT scams through Discord hacks are also increasing. Credits: @Zeneca_33

    If a project’s allowlist process requires you to bookmark a URL in your browser and sign in to your Discord using the same browser, it is most definitely a scam. This URL will most likely be a malicious JavaScript code that can compromise your Discord account.

    Again, Discord hacks are difficult to spot, especially if the dubious links are posted on the official Discord channel. All you can do is double-check any links before spending any amount. Alternately, confirming with the project founders before minting can also help. 

    As the industry evolves, the NFT scams are only going to increase. While we have listed some of the most common scams, it is not an exhaustive list and new methods are only going to come up. As a rule of thumb, always be extra cautious every time you plan to mint any NFT. Additionally, make sure to take extra precautions such as using two-factor authentication for your accounts and a password manager. You can also use a cold wallet to store your assets offline, making it more secure. 

    Join Our New "To The Moon" daily Newsletter

    Get our free, 5 minutes daily newsletter. Join 25,000+ NFT enthusiasts & stay on top 👊🌚

    Thank you!

    You have successfully joined our subscriber list.

    .

     


    All investment/financial opinions expressed by NFTevening.com are not recommendations.

    This article is educational material.

    As always, make your own research prior to making any kind of investment.

    NFT Scam
    Previous ArticleEntrepreneur Gary Vee Just Got Involved With The CryptoMories NFT Collection
    Next Article Dave Chapelle Joins Eminem and Snoop in the Bored Ape Yacht Club?
    Reethu Ravi
    • Twitter
    • LinkedIn

    Reethu Ravi is a journalist currently based in the UK, covering environment, sustainability, tech and innovation. When not found between the pages of a book, she can be seen catching up on the latest developments in the tech world. A naval architect-turned-journalist, she loves bringing stories of change and innovation to the limelight.

    More great NFT Evening content:

    Animoca Brands: Everything You Need to Know

    March 28, 2023

    Ordinal Punks: All You Need to Know About the Bitcoin NFT Collection

    March 16, 2023

    How to Successfully Invest in Digital Real Estate

    March 16, 2023

    Manifold Studio Guide: From No-Code NFTs to Open Edition NFT Minting

    March 14, 2023

    NFT Tattoo Art You Wish You Got Inked…Or Not!

    March 6, 2023

    Navigating The Metaverse: A Decentraland Map Guide

    March 6, 2023

    Romantic NFT Gift Guide: Sweep Your Valentine Off Their Feet With These Must-Have NFT Gift Ideas!

    February 13, 2023

    Everything to Know About the MekaVerse NFT Collection

    February 9, 2023
    Latest NFT News

    Trevor Jones and MakersPlace Pay Tribute to Alotta Money Through NFT Art Auction

    March 31, 2023

    Unstoppable Domains Introduces AI Avatars for Digital Identity

    March 31, 2023

    Fetch.ai’s $40M Funding To Accelerate AI & Blockchain Integration

    March 30, 2023

    Art Blocks Launches Creator-Friendly NFT Marketplace

    March 30, 2023

    NFT Art Lands Pussy Riot Founder Nadya Tolokonnikova on Russia’s Wanted List

    March 30, 2023

    NFTb Welcomes My Neighbor Alice Token, ALICE, As First Native Token

    March 30, 2023

    Metamask Airdrop Rumors Dismissed by Metamask: Stay Safe!

    March 30, 2023

    Royal Mint Ditches NFT Project Amid Consultations With UK Government

    March 29, 2023
    Get The FREE Exclusive Report
    CLICK HERE

    NFTevening is the biggest website for NFT news. We cover; breaking news, upcoming mints, plus, interviews with top NFT artists and projects. Put simply, we are the best place for new and experienced non-fungible token fans — making content fun & accessible

    Privacy policy
    Terms and conditions

    Article Categories
    • Blockchain games
    • Collectibles
    • Columns
    • Crypto Art
    • Guides
    • Interviews
    • Metaverse
    • Music
    • News
    • NFT Marketplaces and Tools
    • Sponsored Content
    • Top Blockchain Games
    • Top NFT Projects
    NFT Calendar
    • Today’s NFT Drops
    • Upcoming NFT Drops
    • Solana NFT Drops
    • NFT Calendar
    • NFT Calendar : Add Your NFT Event
    Get In Touch
    • Advertise (Media Kit)
    • Job Opportunities
    • About Us
    • Contact Us
    • Newsletter
    NFT Beginners Guides
    • How to Sell NFT Art
    • How to Create NFT Art
    • How to Display NFT Art
    • How To Make Passive Income With NFTs
    • Best Crypto Wallet
    • Best NFT Coins
    • Best NFT Rarity Tools
    • What is a DAO ?
    • What Are Crypto Gas Fees ?

    Type above and press Enter to search. Press Esc to cancel.