Kraken Cryptocurrency Exchange
Nonfungible tokens (NFTs) are one-of-a-kind digital assets that live on a blockchain with unique identifiers and data. Blockchains — public ledgers on a network — verify NFT transactions, and may have smart contracts built into them so NFT creators earn royalties from sales.
However, NFT scams are rampant since they are easy to create and exist solely online. In fact, 90%of NFT owners have experienced an NFT scam, according to a survey conducted by PrivacyHQ. That same survey revealed that half of the respondents have lost access to owned NFTs at some point.
From old-school email phishing to malicious rug pulls, there are quite a few categories of crypto and NFT scams.
Many scammers go to great lengths to get their hands on someone else’s digital assets. These scams are often sophisticated, difficult to spot and could take place over the course of months or longer.
NFT scams take many forms, so here are seven common scams to be aware of and how to avoid them.
Phishing scams aren’t new, but with NFTs, this tactic can cause a catastrophic loss.
A phishing scam is when a con artist tries to get information out of you, usually personally identifiable information (PII) such as your birthday, home address, driver’s license number, medical records, social security number or more. If the scammer gets this information, they may sell it or use it to open accounts in your name.
With NFTs, these scams often involve a fake representative of a wallet requesting you to verify your wallet’s private keys or passphrase. Your keys and passphrases protect your crypto wallets — if someone gets this information, they can access your wallet and steal your digital assets.
DeFiance Capital founder Arthur Cheong was a phishing victim on March 22, 2022 — just over $1.7 million worth of NFTs were stolen from his cryptocurrency wallet, as reported by Fortune.
Cheong states he was the victim of a spear-phishing email, disguised as a company on DeFiance’s portfolio. When he clicked a link in an email, he allowed a hacker to get his wallet passphrase. A few notable assets stolen include two Tsubasa, two Hedgies and 33 Second Self NFTs.
How to avoid:
It’s likely you’ve heard this term within dating apps and social networks, but catfishing isn’t limited to individuals looking for love under false pretenses.
Catfishing scams with crypto often involve scammers creating fake social media profiles, then contacting victims to get personal information, sending a malicious link or getting a user’s wallet passphrase to steal their assets.
There are reports of catfishers sending fake crypto wallet sites to victims, encouraging them to sign up and deposit funds. That’s when the scammer takes your assets. Scammers may use fake business or romantic relationship grooming tactics.
Around 39% of respondents in the PrivacyHQ survey reported following a fake NFT influencer account. As social media becomes more saturated with scammers and rising NFT creators alike, it’s vital to check for signs of legitimacy.
How to avoid:
An airdrop is a marketing stunt where a company or developer gives away free cryptocurrency or NFTs to users, mainly as a way to spread news of a new product or service. Airdrops are real, and participants get free NFTs or coins, but the key is to remember that they’re always free.
If someone contacts you and asks for payment before receiving an airdrop, it’s a scam. And often, airdrops are awarded to users for holding a specific coin, completing a task or scavenger hunt, or by scanning a QR code — but should never require a deposit or payment.
Recently, a fake Rarible site advertised an airdrop asking users to send between 500 to 25,000 RARI (Rarible’s native currency) to an address, and in exchange would receive 5X times the amount back. However, participants never receive anything back and instead are conned into paying the scammer.
Around 41% of respondents in the PrivacyHQ NFT survey reported that they had participated in a fake NFT giveaway.
If the airdrop asks for your wallet’s private key, it’s a scam, since receiving cryptocurrency or an NFT only requires your public key. These airdrop scams can be sneaky, often involving scammers creating counterfeit sites. Many of these classic scams use odd language including strange grammar, and promise victims an amount after sending a deposit. Avoid “airdrops” organized like this — it’s not real.
Image source: Security Boulevard, screenshot of counterfeit Rarible giveaway scam
How to avoid:
A rug pull scam is when a company or developer creates a new crypto project, pumps up their asset’s value then pulls out, taking the money and running while leaving their investors with a valueless asset. There are a few ways this can be done, and rug pulls aren’t always considered illegal.
Rug pulls also come in two forms: hard and soft. Hard pull scams involve developers planning on walking away from the get-go, or adding malicious code to a token from the start. A common hard rug pull is a liquidity pull, when the token creators take everything out of the liquidity pool making the price of the token zero.
A soft pull may involve the creators selling a large supply of tokens, or selling in increments, driving the price down so much that the investors have nearly worthless coins. A soft pull is harder to identify, because it may happen over a longer period of time than a hard pull, and it’s harder to prove that the developers had intended to do a rug pull. And developers selling their tokens isn’t illegal, since it’s a free market.
Another type of rug pull is when a developer of a specific project promises to donate the proceeds to organizations or charities, but instead takes the money and runs. This isn’t technically illegal, just unethical — so there isn’t much to do if you fall into one of these rug pulls.
A recent example of this is Doodled Dragons, a verified NFT collection that promised to donate proceeds to charitable organizations. The creator announced a donation of $30K to the World Wildlife Fund (WWF), but instead, the creator took the money and ran. They even announced the rug pull on X (formerlyTwitter) from the now-deleted account just two minutes after announcing the $30K donation.
Image source: Reddit, u/TheGreatCryptopo on r/CryptoCurrency
Rug pulls are devastating, since investors aren’t likely to get any reparations after the fact. And if there’s no evidence of ill intent, it may not even be classified as illegal.
In the PrivacyHQ survey, 43.8% of respondents reported investing in a crypto project that disappeared — so stay vigilant.
How to avoid:
A fake NFT involves a scammer taking someone else’s work, minting it and selling it on the marketplace under the guise of the original creator. Fake NFTs may include plagiarized work or fraudulent accounts pushing stolen content.
Bored Ape Yacht Club is one of the top NFT collections to date, so it’s not surprising that there are copycat and plagiarized collections rampant across NFT marketplaces.
Image source: Beincrypto.com
How to avoid:
A sitewide hack on a cryptocurrency exchange or NFT marketplace can hurt. Unfortunately, whether or not this happens to you largely depends on the site’s security. However, to minimize the risk of becoming the victim of a platform hack, choose a well-known site with proven security measures.
If a platform hack involves individual third-party wallets, there may not be anything the platform can do.
But, the good news with sitewide hacks is that you may be reimbursed if it’s proven that it was the platform’s fault, or if the hack affected the platform’s own content management systems.
For example, in January 2022, Crypto.com was hacked, but soon after the breach, affected customers were reimbursed and impacted accounts were fully restored, according to The Verge.
Social media accounts, Discord servers and subreddits are no exception to hacks, either. Fake accounts may spam forums and chats with malicious content or false information, or pretend to be customer service. If you’re suspicious of any recent activity on a site or server, contact the company directly.
How to avoid:
Sleepminting is when a scammer uses another artist or creator’s account or wallet to create a fake NFT. A scammer mints an NFT to the wallet of another creator, transfers ownership to themselves, then lists it for sale on a marketplace — giving the illusion that a legit developer created the NFT, thereby “proving” authenticity.
This scam is difficult to spot, especially if the NFT was minted to a verified creator’s account and listed for sale on a legitimate NFT marketplace.
How to avoid:
Many argue that verifying an NFT’s authenticity is easy, thanks to blockchain technology. However, in the case of sleepminting, NFTs are forged.
One way to verify an NFT’s authenticity is to use a blockchain explorer — like Etherscan.io — to look at an NFT’s metadata. This is done by entering the NFT’s hash: a unique string of letters and numbers that identifies it.
A blockchain explorer — sometimes called a block explorer — lets you view blocks, transactions, fees, mining activity and more. Using this wealth of information, you can see an NFT’s ownership history and how often it’s been traded to help you verify authenticity.
This may not be the answer you want to hear, but in the case of you personally getting burned by an NFT scammer, there may not be much recourse at all.
If you were scammed by using a major NFT marketplace or exchange — such as losing access to your account or your funds disappearing — the platform may be able to help you recover lost assets if the hack was determined to be the platform’s fault. Crypto.com, for example, has a policy that reimburses qualified users up to $250,000 in the event of sitewide hacks in specific circumstances.
But if you fell victim to a phishing scam and gave away your wallet’s private key, even the crypto wallet’s company probably can’t do anything to recover your lost assets or reimburse you.
If you suspect you’ve been scammed, or are in the middle of a scam, here are some things to try out:
Keep these fraud prevention tips in mind before heading out to the wild west of NFTs:
Follow your gut — if there’s a red flag, don’t ignore it. And if it sounds too good to be true, it probably is.
Whether products shown are available to you is subject to individual provider sole approval and discretion in accordance with the eligibility criteria and T&Cs on the provider website.
Are you visiting from outside the US?
Check out the top tastemakers for crypto, NFTs, DeFi, Bitcoin and blockchain technology, from NYT experts to published authors and YouTubers.
We compared over 30 NFT marketplaces to award the top platforms of 2022.
Crypto and NFTs are far from the same thing – learn the differences.
In this Town Star guide you’ll learn how Gala Games’ free-to-play NFT farming simulator with P2E potential puts fun first.
Is this augmented reality pet simulator NFT game Dogami going to be any fun?
Illuvium is an open-world RPG meets auto battler with an economy based on collectible NFTs and resource mining. Is it worth your ILV stake?
My DeFi Pet is a blockchain game with many ways to interact with your NFT pets.
The definitive ranking of the NFT adoption across 26 countries.
A deep dive into eBay’s foray into the NFT ecosystem, looking at everything from available categories to potential drawbacks.
