NFT scams are on the rise. Cybercriminals are taking advantage of vulnerabilities in the NFT marketplace to swindle people of their digital assets. If you’re looking to get involved in buying or selling NFTs, it pays to know about these threats and how to avoid them.
The most common NFT scams include:
Fake NFT marketplaces
Phishing NFT scams
Malicious actors posing as customer support
“Rug pull” scams
“Pump and dump” schemes
Cybercriminals employ incredibly creative techniques to scam unsuspecting people. Thankfully, there are ways to protect yourself from falling for NFT scams.
Here are some safety tips:
Set up your crypto wallet on a reputable platform with advanced security features.
Research about NFTs before investing in them.
Use cybersecurity software like NordVPN to protect your data and ensure you’re safe online.
Store your private keys and seed phrases properly.
In this article, we do a deep dive into the risks of NFTs and the most common NFT scams. We also highlight some tips to protect your digital assets.
You’ll find more information in the article below.
Non-fungible tokens (NFTs) are one of the latest trends to hit the internet. While some of these assets look like simple designs that could’ve been put together with Photoshop, artists and collectors make a lot of money buying and selling NFTs. Much like cryptocurrencies and other valuable digital assets, cybercriminals are ever-present in the world of NFTs.
Whether you’re involved in trading NFTs or intend to dip your toe in the NFT market, you need to know about the risks involved. In this article, we’ll explain what an NFT is, the risks of NFTs in 2024, some of the most common NFT scams to look out for, and how to avoid them.
What Is an NFT?
We all know that the acronym, NFT, stands for non-fungible token, but what does non-fungible mean? Well, non-fungible refers to something that is unique and can’t be replicated.
NFTs are essentially unique tokens that correspond to specific positions on a blockchain. These tokens are often attributed to digital art, music, video games, and other forms of digital media.
Think of a blockchain as a decentralized database for logging transactions, and NFTs represent a line in that database. You are probably familiar with NFTs that appear to be simple digital art. However, an NFT can also prove ownership of real-world, physical items, including real estate.
While NFTs are relatively new, they’re already attracting a lot of money. According to Dexerto, the most expensive NFT ever sold fetched around $91.8m in December 2021. Almost 30,000 NFT collectors banded together to make the purchase.
Prices of NFTs are largely speculative right now, as collectors begin to hoard these digital assets in the hopes that their value will grow.
What Are the Risks of NFTs?
NFTs are stored in cryptocurrency wallets and are traded using blockchain technology. As a result, NFT investors are exposed to the same online threats as everyone who uses cryptocurrencies.
In February this year, hackers made away with $1.7 million worth of NFTs after a phishing attack on the NFT trading platform, OpenSea. More recently, in March, the NFT gaming platform, Axie Infinity, which has seen more than $4 billion in sales, was breached. Due to the cyber attack, Ronin, an Ethereum-linked blockchain service for processing transactions in the Axie Infinity ecosystem, lost over $600 million.
While blockchain security is relatively strong, users are still exposed to various threats including malware infections and phishing attacks. There is also a possibility that your NFT wallet could be hacked or the NFT platform you use may be compromised.
We’ve put together a list of some of the most common NFT scams to help you identify potential risks and adopt the best cybersecurity practices.
The Most Common NFT Scams
Cryptocurrency and NFT scams are more common than ever today. NFTs are increasingly being targeted as the market grows and gains momentum.
So, read the tips below, and be sure to triple-check your approach to cybersecurity.
1. Malicious or fake NFT marketplaces
When shopping online, you probably search for a product and pick from one of the hundreds of retailers available. But how do you know if a particular seller is trustworthy? Most of us stick to tried-and-tested brands and websites to avoid falling victim to scammers.
The same applies to any NFT marketplace you come across. Always do your research before using an NFT platform. Hackers often set up fake NFT trading platforms to access the wallets of unsuspecting victims.
If you make the mistake of putting your security seed phrase or private keys on a dubious NFT marketplace, your entire digital wallet could be emptied.
2. Phishing NFT scams
It is not uncommon for cybercriminals to use phishing attacks to snare NFT investors and sellers. Phishing usually involves an email suggesting that someone has made an offer to buy your NFT or that you have received a free NFT. The email may contain a link that looks legitimate but will take you to a fake NFT platform.
If you fall victim to an NFT phishing scam, you may inadvertently give away your seed phrase or private keys. We recommend typing the URL of any NFT platform you want to visit into your browser to check if the address is legitimate. Never click on links in emails unless you are certain that the sender is trustworthy. Remember, scammers can easily disguise a link to appear genuine.
3. Cybercriminals posing as customer support
Some crypto and NFT platforms are known for their awful customer support service. As a result, you will find people asking for help on community forums.
The problem with asking for help on public forums is that it may leave you open to attacks from unscrupulous people. Posing as technical support staff, these cybercriminals might talk you into doing something that you wouldn’t ordinarily do. For example, they may ask for permission to connect remotely to your computer and take screenshots of your credentials to hack your wallet.
4. “Rug pull” NFT scams
This is one of the newest threats to NFT buyers. As the name suggests, this scam involves having the rug pulled from beneath your feet after you are lulled into a false sense of security. Typically, with rug pull NFT scams, a new NFT collection is released and the creator announces future events, giveaways, and other grand NFT projects.
Once a lot of people buy into the scam, they’ll simply scarper with all of the cash that has been invested in the project.
One of the most recent rug pull scams involved an NFT collection known as Frosties. A lot of people lost their investment after the NFT creator’s official Discord channel disappeared overnight. One user in Singapore, identified only as Kerry, lost around $45,000 due to the NFT scam.
In 2021, rug pull scams reportedly led to a loss of around $2.8 billion collectively in the NFT world. Before investing in any NFT — new or old — do some research. Find out who is behind the project, their credentials, and what plans they have for the collection.
While there is no guaranteed way to avoid falling victim to this scam, these indicators should help you determine the legitimacy of an NFT.
5. “Pump and dump” schemes
Pump and dump schemes are usually orchestrated by a malicious group. This NFT scam involves raising the value of a cryptocurrency or NFT in a short space of time and absconding with the money people invest in it.
To carry out pump and dump schemes, scammers may purchase a lot of NFTs from a collection to artificially inflate the price. When gullible investors see the NFT collection suddenly grow in popularity and buy into the hype, they drive the price even higher.
At this point, the people behind the scam quickly sell off their NFTs for a profit, which causes the price to nosedive. As a result, other investors can be left with a worthless asset.
Again, do your research on any NFT that you’re interested in before purchasing it. Most NFTs will show steady growth over time. If there’s a sudden spike in value or transaction volume, you could be dealing with a pump and dump scheme.
Other NFT Scams and Risks
The NFT scams highlighted above are some of the most common threats in the NFT world, but there are others to be wary of.
Malware infections
You must be vigilant of potential malware infections. We recommend using the best cybersecurity tools to protect yourself. NFT platforms are susceptible to malware attacks as the technology is new and potentially has several undiscovered vulnerabilities.
Cybercriminals have adopted a process known as “airdropping” to spread malware. Airdropping involves sending an NFT directly to a crypto wallet without any charge. NFT creators do this sometimes to promote new or upcoming projects. However, cybercriminals can also airdrop malware disguised as an NFT to unsuspecting victims.
If you accept an NFT airdrop without knowing who sent it, you could be opening your wallet to malicious software designed to steal your private keys, seed phrases, and other information. Cybersecurity software such as antivirus can help safeguard you from malware attacks. Educating yourself on the risks of malware and how to avoid it should be your first line of defense.
Social engineering attacks
Social engineering attacks rely primarily on data harvesting. Scammers learn all about you, your habits, hobbies, and other information. Armed with this knowledge, they’ll try to win your trust before asking you to do something that you wouldn’t normally do.
Social engineering attacks rely on human nature — your desire to help out a trusted friend or colleague — and they aren’t limited to NFT users.
This scam has been used to target individuals and businesses around the world. Be on guard when you receive messages from unknown parties who are unusually friendly or make out-of-the-ordinary requests.
Fake NFTs
One of the glaring cons of NFTs, particularly NFT artworks, is that they can be easily copied. The sale of knock-off products isn’t a new tactic used by unscrupulous people. Criminals have been selling knock-off designer clothing, accessories, concert tickets, and more, for many years.
Thankfully, some telltale signs can help you work out whether an NFT is fake:
Is it priced lower than the original?
Does it seem too good to be true?
Is the NFT listed independently from the collection that it is supposedly part of?
Is the trading volume very low or non-existent?
Is the seller’s contact information different from that of the registered owner?
Fake NFTs don’t have the same value as the original thing. So, if you part ways with your cash for a fake NFT, you’ll be left with a worthless asset.
How to Stay Safe When Buying or Selling NFTs
Many of the safety tips for buying or selling NFTs apply to other digital assets. Below, we’ve highlighted some tips to help protect your NFTs and crypto assets.
1. Set up your cryptocurrency wallet on a reputable platform
Create your crypto wallet on a platform that is well-known and reputable. Also, ensure that the wallet is compatible with the NFT platform you’re looking to use. We recommend doing some research to find a platform that appeals to you.
Here is a list of some of the top crypto wallets:
Coinbase
Ledger
Public
Electrum
Mycelium
Exodus
Trezor
2. Enable the security settings on your new crypto wallet
If you’re using a reputable crypto wallet, there would be security protocols in place to protect your funds. However, these settings are not always enabled by default. Some wallets offer two-factor authentication and protection against phishing attacks.
Spend time getting familiar with the new wallet and the security features it offers.
3. Properly research potential NFT investments
Before you put your money into any NFT, do your homework. Spend as much time as you need learning about the creators of the NFT collection, their goals, and their credentials. Also, review the transaction history of the NFT creators.
There are many well-known NFT creators. Be cautious of buying from new creators or traders who have little to no social presence and credentials.
4. Protect your wallet with a unique, secure password and 2FA
You are automatically assigned a public and private key when you set up a crypto wallet. However, you still need to create a password for your wallet. Use a unique, secure password for every account.
We also recommend usingtwo-factor authentication (2FA) wherever possible. This is one of the strongest forms of authentication, as hackers would need to have your password and access your mobile phone to log into your wallet.
5. Protect your devices with cybersecurity software
The importance of using powerful cybersecurity software can’t be overstated. It is easy to encounter malware, spyware, and other malicious software while browsing online. So, it is essential to always protect your personal information.
The public key of your wallet is essential for sending and receiving crypto. While your public key is visible in blockchain transactions, your private key should never be shared. Your private key is the key to all of your digital assets, allowing you to trade or prove ownership of them.
You’ll usually get a seed phrase or backup phrase, which can be used to restore your private key when you misplace it. Most wallets will store your private key within your wallet. But, this is a security risk.
This is why some traders choose “cold storage.” Cold storing involves saving your private keys on a computer without an internet connection, on an external hard drive, written down on a piece of paper, or even memorized.
Final Thoughts
Hopefully, now you have a fair idea of some common NFT scams and how to protect yourself against them. If you’re just getting started in the NFT space, it is important to exercise caution. Never share your seed phrases or private keys, and avoid visiting unknown NFT marketplaces or clicking on suspicious links.
Many basic cybersecurity precautions hold true in the NFT space. Stay alert and ensure you’re on the lookout for cyber threats. As long as you’re exercising caution and protecting yourself with the best cybersecurity software, your NFTs and other digital assets should be safe.
How to Avoid NFT Scams: Frequently Asked Questions
If you have some questions about the safety and risks of NFTs that we didn’t cover in the article above, check out the FAQ section below!
Are NFTs scams?
No, NFTs are not a scam. This doesn’t mean that you can’t be scammed while buying or selling NFTs. Cybercriminals are known to create fake NFTs to fleece people out of their money. If you don’t know how to identify a fake NFT, then you could easily fall victim to an NFT scam.
There are numerous NFT scams to look out for, including phishing attacks, social engineering attacks, and malware attacks. Some common NFT scams include:
Fake NFT marketplaces that steal user information.
Cybercriminals posing as customer support agents.
“Rug pull” scams, where the creators of an NFT abscond with the money of investors.
“Pump and dump” schemes, where cybercriminals artificially inflate the value of an NFT collection.
Check out our NFT article for more information about each of these scams and how to protect your digital assets.
How do I know if my NFT is real?
You should always do your homework on an NFT and its origins before parting with your cash. If you want to check whether an NFT is real, there are some tips you can follow to verify its authenticity:
Review the credentials of the seller. Check out their social media and find out what other people have to say about them.
See if the same NFT or an NFT from the same collection is available on other marketplaces. Most fake NFTs are listed on multiple platforms simultaneously.
If the price tag seems too good to be true, it probably is.
Consider using Google’s reverse image search to see what you can dig up to prove its authenticity or otherwise.
Chris is a tech journalist with many years’ experience covering online privacy and cybersecurity. He’s also a published author and works as a Product Manager for some of the most innovative software development companies.