Common NFT scams and how to avoid them | WeLiveSecurity

As
NFTs
exploded
in
popularity,
scammers
also
jumped
on
the
hype.
Watch
out
for
counterfeit
NFTs,
rug
pulls,
pump-and-dumps
and
other
common
scams
plaguing
the
industry.

Common NFT scams and how to avoid them | WeLiveSecurity

As
NFTs
exploded
in
popularity,
scammers
also
jumped
on
the
hype.
Watch
out
for
counterfeit
NFTs,
rug
pulls,
pump-and-dumps
and
other
common
scams
plaguing
the
industry.

Looking
back
at
2012,

colored
coins

were
the
first
hint
of
what
we
now
call
non-fungible
tokens
(NFTs),
or
nifties
for
some.
Ten
years
later,
these

blockhain-based
assets

that
can
represent
pretty
much
anything
are
on
everyone’s
lips,
especially
in
the
worlds
of
arts,
sports
and
videogames.

The
NFT
market
began
to
pick
up
steam
in
2020,
having
grown
by
more
than
300%
from
the
previous
year
and
moving
millions
of
dollars’
worth
of
cryptocurrency.
By
the
first
week
of
May
2022,
however,
the
sale
of
these
tokens

plunged
92%

to
19,000
from
its
high
of
225,000
last
September.
The
number
of
active
wallets
fell
about
88%
to
about
14,000
from
119,000
in
November.

Even
so,
the
market
is
still
driving
thousands
to
millions
of
dollars’
worth
of
cryptocurrencies,
offering
plenty
of
opportunities
for
scammers
and
bringing
a
lot
of
concerns
over
the
safety
of
this
asset.
To
steal
an
art
piece,
a
thief
would
previously
have
to
go
through
several
barriers
and
cameras
inside
a
museum;
now,
a
digital
wallet
can
be
cracked
open
using
malware
or
social
engineering
techniques.

When
digital
artist
Qing
Han
died
in
2020,
scammers

took
advantage

of
the
moment
to
sell
her
artwork
as
NFTs,
on
her
behalf.
Last
September,
renowned
graffiti
artist
Banksy
got
his
website
hacked,
showing
an
ad
for
the
sale
of
what
was
supposed
to
be
his
first
NFT;
a
collector
paid
$336.000.

The
lack
of
regulation
of
the
NFT
market
makes
it
a
place
of
opportunity
for
all
types
of

scams
.
Several
companies,
such
as
Adobe,
are
trying
to
create
authentication
stamps
that
will
make
it
easier
to
verify
the
legitimacy
of
a
token.
Despite
some
anti-fraud
barriers,
this
is
a
fast-paced
space
heavily
dependent
on
users’
behavior.

Here
are
some
common
scams
involving
NFTs
you
should
be
aware
of
and
how
you
can
avoid
falling
victim.

Direct
messages
on
Discord

Discord

holds
quite
some
allure

for
cybercriminals
and
there
are
various
ways
of
scamming
users.
The
platform
is
divided
into
communities
called
servers
where
people
can
talk,
stream
and
play
games
together.

Last
December
alone,
373
members
of
a
Discord
server
run
by
the
recently
launched
gaming
NFT
marketplace
Fractal
saw
their
digital
wallet
authentication

compromised
,
losing
a
total
of
$150.000
worth
of
Solana.

Other
ways
of
being
scammed
on
Discord
involve
sending
direct
messages
(DMs)
duping
users
into
believing
that
they’re
actually
being
contacted
by
a
brand,
artist
or
influencer.
Essentially,
the
larger
a
Discord
network,
the
higher
the
chances
of
receiving
scam
messages.
You
should
be
wary
of
clicking
on
links
sent
by
strangers
or
answering
any
requests
for
money.
By
the
same
token,
don’t
let
yourself
be
caught
out
by
new
NFT
opportunities
or
projects
without
checking
that
the
offer
is
legitimate.

Fake
profiles
on
social
media



Fake
social
media
profiles
looking
to
attract
NFT
creators

Social
media
users,
be
it
on
Twitter
or
any
other
social
media
platform,
need
to
be
constantly
aware
of
potential
fake
profiles.
Often,
these
are
copies
of
real
profiles,
and
a
little
attention
to
detail
might
be
enough
to
distinguish
them

sometimes
one
letter
is
all
it
takes
to
tip
you
off
to
a
scammer.

At
the
same
time,
bots
that
prompt
users
to
react
to
messages
or
tech
support
scammers
use
social
media
to
interact
with
users
and
request
information
that
can
give
them
access
to
crypto
wallets.
While
the
bad
actors
may
not
always
succeed,
a
small
percentage
of
scammed
users
might
mean
big
payouts.

Additionally,
cybercriminals
might
try
to
reach
users
by
sending
messages
where
they
act
as
if
they
wanted
to
chat
or
sought
advice.
Some
red
flags
might
help
spot
a
fraudster,
including
the
number
of
followers,
the
number
of
tweets
and
retweets,
or
whether
the
account
lacks
original
content.

Phishing
fraud



Website
impersonating
the
OpenSea
NFT
marketplace



Fake
website
preying
on
NFT
wallets



Another
fake
site
posing
as
OpenSea



Another
attempt
taking
aim
at
a
crypto
wallet


Another
common
tactic
is
copying
websites
and
apps
of
perfectly
legitimate
brands.
Replicas
of
NFT
marketplaces
or
fake
crypto
wallets
are
shared
on
Discord,
Twitter
and
forums,
as
well
as
via
email.
The
level
of
resemblance
with
the
real
companies
is
impressive,
and
it
takes
a
keen
eye
to


spot
small
differences
in
the
URL


or
general
layout.

For
this
reason,
it
is
always
essential
to
check
the
URL
of
a
link
before
clicking,
especially
when
websites
require
personal
information.
We
should
always
remember
the
golden
rule
and
never
give
seed
phrases
or
passwords
to
anyone
outside
our
NFT
wallets.

Once
you
confirm
the
website
is
genuine,
the
next
step
is
to
confirm
the
veracity
of
an
NFT.
Check
the
background
of
the
seller
and
previous
sales,
but
also
check
if
the
NFT
is
original
and
not
being
sold
in
other
markets,
especially
when
buying
expensive
crypto
art
in
high
demand.
Speaking
of
expensive,
suspiciously
low
prices
should
always
raise
eyebrows
as
scammers
tend
to
sell
copies
on
the
cheap.

Artist
impersonation

Apart
from
Banksy
and
his
scammed
website
story,
other
artists
have
been
through
similar
situations.
Tyler
Hobbs,
the
artist
behind
the
Art
Blocks
project
“Fidenza”,
denounced
the
platform
SolBlocks
for
using
his
code
to
sell
replicas
of
his
works.
The
artwork
of
Derek
Laufman
was
also
being
sold
by
a
fake
account
using
the
artist’s
name,
getting
even
a
verified
icon.

The
list
of
similar
scams
is
long,
prompting
artists
to
act
by
commenting,
reviewing
and
denouncing
fake
profiles
for
the
unauthorized
sale
of
their
art.

Pump-and-dump
scams

The
closest
to
NFT
speculation,
this
kind
of
scam
involves
a
person
or
a
group
of
individuals
buying
a
large
number
of
NFTs
(or
cryptocurrency)
and
selling
them
back
to
themselves
in
order
to
artificially
create
a
false
sense
of
the
asset
being
in
high
demand.
This
way,
market
forces
will
increase
the
reselling
profits.

On
the
buyer’s
side,
this
scheme
seems
to
be
validated
by
influencers
who
share
the
NFT
on
their
profiles,
making
it
seem
like
a
great
opportunity.
Ultimately,
these
buyers
expect
to
resell
at
a
higher
price,
which
never
happens
as
the
scammers
clean
up
their
footprints
after
getting
their
money.

Rug
pull
scams

A
typical
crypto
scam
inherited
by
the
NFT
market.
Rug
pulls
have
been
quite
common,
benefiting
from
its
main
feature:
when
the
scam
is
revealed,
it
is
generally
too
late.

Like
pump-and-dump
scams,
the
scammers
will
hype
up
a
project,
solicit
investment
and,
without
notice,
abandon
it.
This
usually
happens
once
they
believe
they
have
‘drained
the
investors’
to
the
full,
withdrawing
all
funds
from
an
NFT
wallet
and
deleting
their
profiles
from
marketplaces
and
social
media.

One
of
the
most
famous
cases
dates
back
to
“Squid
Game”
and
the
cryptocurrency
inspired
by
the
TV
show
Squid.
This
token
went
up
in
value
to
$2,800
within
just
a
few
weeks
when,

suddenly
,
it
vanished.
All
its
social
media
accounts
and
its
website
disappeared
with
no
trace.
The
scammers,
meanwhile,
are
believed
to
have
stolen
$3.3
million.

Bidding
scams

Fake
bids
in
NFT
auctions
are
one
of
the
most
common
scams.
These
occur
when
a
real
seller
tries
to
auction
off
an
NFT.
The
seller
indicates
the
cryptocurrency
in
which
they
want
to
be
paid,
but
a
scammer
can
manage
to
change
the
currency
of
their
offer
to
one
with
a
lower
value.

Another
way
this
can
work
is
by
adding
and
removing
an
NFT
listing
from
a
market,
moving
the
decimal
one
number
to
the
right.
Without
noticing
the
change,
a
buyer
might
end
up
paying
much
more
than
the
amount
they
looked
at
initially.
Just
like
in
real
life,
looking
at
the
price
before
paying
is
a
must.

Social
media
account
hijacking

Fake
offers
and
giveaways
are
a
great
way
to
pique
users’
interest
(not
just)
on
social
media.
Surprisingly,
they
may
even
come
from
well-established
user
accounts.
The
reality,
however,
is
that
often
enough,
these
accounts
have
been
hijacked
by
scammers
to
promote
fraudulent
schemes.

Once
a
user
tries
to
access
the
fake
offer,
they
are
requested
to
insert
their
passwords
or
personal
information,
giving
away
their
details
and
getting
nothing
in
return.

Fake
mints

In
these
schemes,
fraudsters
airdrop
NFTs
to
the
wallets
of
influencers,
making
it
appear
as
though
the
celebrities
had
actually
minted
the
NFTs
on
the
blockchain.
This
is
because
many
buyers
monitor
specific
wallets
for
new
activity
in
order
to
anticipate
mass
interest
and
a
spike
in
the
value
of
an
NFT.

These
scams
involve
elements
from
most
techniques
mentioned
earlier,
including
artist
impersonation
to
pump-and-dump
fraud.
According
to

OpenSea
,
the
biggest
NFT
marketplace,
more
than
80%
of
NFTs
created
for
free
on
its
platform
were
fake,
plagiarized
from
other
artists,
or
spam.

NFT
safety
tips

There
are
many
scams
to
be
aware
of
when
diving
into
the
NFT
world
and,
as
usual,
scammers
never
pass
up
a
golden
money-making
opportunity.
It’s,
therefore,
important
to
always
be
attentive

a
healthy
dose
of
skepticism
will
save
you
some
headaches
further
down
the
road.

Here
are
a
few
quick
tips
for
how
to
stay
safe
while
using
NFTs:

  • Never
    share
    your
    seed
    phrase
    or
    password
    with
    anyone.
  • Use
    strong
    and
    unique
    passwords
    along
    with
    multi-factor
    authentication
    whenever
    it’s
    available.
  • Always
    check
    that
    the
    DM
    you’ve
    received
    is
    legitimate.
  • Never
    click
    a
    link
    that
    promises
    freebies
    or
    requires
    you
    to
    answer
    quickly.
    And
    if
    you’re
    tempted
    to
    do
    so,
    check
    first
    the
    origin
    of
    the
    link.
    This
    applies
    even
    more
    on
    Discord.
  • Keep
    your
    tokens
    in
    a
    cold-storage
    hardware
    wallet,
    rather
    than
    in
    a
    software
    (aka
    ‘hot’)
    wallet.

Subscribe To InfoSec Today News

You have successfully subscribed to the newsletter

There was an error while trying to send your request. Please try again.

World Wide Crypto will use the information you provide on this form to be in touch with you and to provide updates and marketing.