As non-fungible tokens (NFTs) exploded in popularity, scammers also jumped on the hype. Watch out for counterfeit NFTs, rug pulls, pump-and-dumps and other common scams plaguing the industry.
Looking back at 2012, colored coins were the first hint of what we now call non-fungible tokens (NFTs), or nifties for some. Ten years later, these blockhain-based assets that can represent pretty much anything are on everyone’s lips, especially in the worlds of arts, sports and videogames.
The NFT market began to pick up steam in 2020, having grown by more than 300% from the previous year and moving millions of dollars’ worth of cryptocurrency. By the first week of May 2022, however, the sale of these tokens plunged 92% to 19,000 from its high of 225,000 last September. The number of active wallets fell about 88% to about 14,000 from 119,000 in November.
Even so, the market is still driving thousands to millions of dollars’ worth of cryptocurrencies, offering plenty of opportunities for scammers and bringing a lot of concerns over the safety of this asset. To steal an art piece, a thief would previously have to go through several barriers and cameras inside a museum; now, a digital wallet can be cracked open using malware or social engineering techniques.
When digital artist Qing Han died in 2020, scammers took advantage of the moment to sell her artwork as NFTs, on her behalf. Last September, renowned graffiti artist Banksy got his website hacked, showing an ad for the sale of what was supposed to be his first NFT; a collector paid $336.000.
The lack of regulation of the NFT market makes it a place of opportunity for all types of scams. Several companies, such as Adobe, are trying to create authentication stamps that will make it easier to verify the legitimacy of a token. Despite some anti-fraud barriers, this is a fast-paced space heavily dependent on users’ behavior.
Here are some common scams involving NFTs you should be aware of and how you can avoid falling victim.
Direct messages on Discord
Discord holds quite some allure for cybercriminals and there are various ways of scamming users. The platform is divided into communities called servers where people can talk, stream and play games together.
Last December alone, 373 members of a Discord server run by the recently launched gaming NFT marketplace Fractal saw their digital wallet authentication compromised, losing a total of $150.000 worth of Solana.
Other ways of being scammed on Discord involve sending direct messages (DMs) duping users into believing that they’re actually being contacted by a brand, artist or influencer. Essentially, the larger a Discord network, the higher the chances of receiving scam messages. You should be wary of clicking on links sent by strangers or answering any requests for money. By the same token, don’t let yourself be caught out by new NFT opportunities or projects without checking that the offer is legitimate.
Fake profiles on social media
Social media users, be it on Twitter or any other social media platform, need to be constantly aware of potential fake profiles. Often, these are copies of real profiles, and a little attention to detail might be enough to distinguish them – sometimes one letter is all it takes to tip you off to a scammer.
At the same time, bots that prompt users to react to messages or tech support scammers use social media to interact with users and request information that can give them access to crypto wallets. While the bad actors may not always succeed, a small percentage of scammed users might mean big payouts.
Additionally, cybercriminals might try to reach users by sending messages where they act as if they wanted to chat or sought advice. Some red flags might help spot a fraudster, including the number of followers, the number of tweets and retweets, or whether the account lacks original content.
Another common tactic is copying websites and apps of perfectly legitimate brands. Replicas of NFT marketplaces or fake crypto wallets are shared on Discord, Twitter and forums, as well as via email. The level of resemblance with the real companies is impressive, and it takes a keen eye to spot small differences in the URL or general layout.
For this reason, it is always essential to check the URL of a link before clicking, especially when websites require personal information. We should always remember the golden rule and never give seed phrases or passwords to anyone outside our NFT wallets.
Once you confirm the website is genuine, the next step is to confirm the veracity of an NFT. Check the background of the seller and previous sales, but also check if the NFT is original and not being sold in other markets, especially when buying expensive crypto art in high demand. Speaking of expensive, suspiciously low prices should always raise eyebrows as scammers tend to sell copies on the cheap.
Apart from Banksy and his scammed website story, other artists have been through similar situations. Tyler Hobbs, the artist behind the Art Blocks project “Fidenza”, denounced the platform SolBlocks for using his code to sell replicas of his works. The artwork of Derek Laufman was also being sold by a fake account using the artist’s name, getting even a verified icon.
The list of similar scams is long, prompting artists to act by commenting, reviewing and denouncing fake profiles for the unauthorized sale of their art.
The closest to NFT speculation, this kind of scam involves a person or a group of individuals buying a large number of NFTs (or cryptocurrency) and selling them back to themselves in order to artificially create a false sense of the asset being in high demand. This way, market forces will increase the reselling profits.
On the buyer’s side, this scheme seems to be validated by influencers who share the NFT on their profiles, making it seem like a great opportunity. Ultimately, these buyers expect to resell at a higher price, which never happens as the scammers clean up their footprints after getting their money.
Rug pull scams
A typical crypto scam inherited by the NFT market. Rug pulls have been quite common, benefiting from its main feature: when the scam is revealed, it is generally too late.
Like pump-and-dump scams, the scammers will hype up a project, solicit investment and, without notice, abandon it. This usually happens once they believe they have ‘drained the investors’ to the full, withdrawing all funds from an NFT wallet and deleting their profiles from marketplaces and social media.
One of the most famous cases dates back to “Squid Game” and the cryptocurrency inspired by the TV show Squid. This token went up in value to $2,800 within just a few weeks when, suddenly, it vanished. All its social media accounts and its website disappeared with no trace. The scammers, meanwhile, are believed to have stolen $3.3 million.
Fake bids in NFT auctions are one of the most common scams. These occur when a real seller tries to auction off an NFT. The seller indicates the cryptocurrency in which they want to be paid, but a scammer can manage to change the currency of their offer to one with a lower value.
Another way this can work is by adding and removing an NFT listing from a market, moving the decimal one number to the right. Without noticing the change, a buyer might end up paying much more than the amount they looked at initially. Just like in real life, looking at the price before paying is a must.
Social media account hijacking
Fake offers and giveaways are a great way to pique users’ interest (not just) on social media. Surprisingly, they may even come from well-established user accounts. The reality, however, is that often enough, these accounts have been hijacked by scammers to promote fraudulent schemes.
Once a user tries to access the fake offer, they are requested to insert their passwords or personal information, giving away their details and getting nothing in return.
In these schemes, fraudsters airdrop NFTs to the wallets of influencers, making it appear as though the celebrities had actually minted the NFTs on the blockchain. This is because many buyers monitor specific wallets for new activity in order to anticipate mass interest and a spike in the value of an NFT.
These scams involve elements from most techniques mentioned earlier, including artist impersonation to pump-and-dump fraud. According to OpenSea, the biggest NFT marketplace, more than 80% of NFTs created for free on its platform were fake, plagiarized from other artists, or spam.
NFT safety tips
There are many scams to be aware of when diving into the NFT world and, as usual, scammers never pass up a golden money-making opportunity. It’s, therefore, important to always be attentive – a healthy dose of skepticism will save you some headaches further down the road.
Here are a few quick tips for how to stay safe while using NFTs:
- Never share your seed phrase or password with anyone.
- Use strong and unique passwords along with multi-factor authentication whenever it’s available.
- Always check that the DM you’ve received is legitimate.
- Never click a link that promises freebies or requires you to answer quickly. And if you’re tempted to do so, check first the origin of the link. This applies even more on Discord.
- Keep your tokens in a cold-storage hardware wallet, rather than in a software (aka ‘hot’) wallet.
written by Mario Micucci, ESET