NFT investing is extremely niche. Because of that, there aren’t as many safeguards against scams. Scammers are walking away with millions of dollars worth of investor funds as NFTs grow in popularity.
Fortunately, understanding how the schemes work allows investors to safeguard their assets.
Common NFT Scams
The open nature of digital assets invites a host of scammers to the blockchain space. With NFTs trading for tens of thousands of dollars, the problem is only getting worse.
Below are common NFT scams to avoid.
Phishing
The ultimate goal of phishing is to elicit a strong emotional response in an investor to get them to click on a link to a fake site. The site may look and feel like one you’ve used before, but when you connect your wallet, the site may ask you to sign malicious transactions that drain your account. The links could also install keyloggers and other snooping tools on your system.
Hacked Social Media Accounts
Social media accounts are frequently sold or hacked. Scammers use these accounts to send out links to malicious websites. The public generally trusts influencers with large audiences, but without knowing the account is compromised, it is easy to fall for this scam.
Rug Pulls
Bad actors often boost projects using endorsements, fake engagement, bot followers, and unrealistic promises. An NFT collection might sell out entirely, and the team behind the project will shut the project down and leave after pocketing investor funds.
Compromised Discord Channels
Team member accounts in official Discord servers for a project may be compromised. Acting as an authorized team member, the scammer will make realistic posts with malicious links to unofficial websites.
NFT Swap Scams
Some marketplaces allow the trading of one or multiple NFTs with another person. A scammer may clone the site and inject malicious smart contracts that steal all the NFTs in a trade.
Site Mimicking
Scammers will build sites with a URL similar to the official website (i.e., tesla.com vs. tes1a.com). They will then pay for Google ads, which push the malicious website to the top of the search results when using a search engine.
Discord Bot Exploits
Discord server admins use bots in an attempt to thwart scams. Sometimes bugs in these bots are exploited and used to push malicious links within the server.
Slow Rugs
Unlike typical rug pulls, slow rugs attempt to act like a legitimate project that failed. The project team will not deliver on promises and keep giving excuses until they eventually claim they can no longer support development.
Job Offer Scams
Scammers will contact you via direct message or emails with a lucrative job offer in web3. They may give a URL to learn more about the opportunity at some point, and the link will lead back to a malicious website.
Discord Squatting
Using expired invite links from NFT Discord servers, scammers will build similar-looking fake servers that compromise your accounts through malicious verification bots or phishing links.
Invite Scams
A scammer may invite you to an invite-only NFT service, marketplace, or Discord group. All of which may compromise your wallet.
Trojan Horse Airdrops
NFTs can be programmed to include malicious code. Scammers will then airdrop these unsolicited NFTs into your wallet. When you interact with these NFTs, they may drain your account.
Support Staff Scams
A scammer may reach out to you on behalf of an NFT Discord, marketplace, or wallet provider pretending to be support staff. They may ask you to reveal the seed phrase to your wallet to assist you. Compliance means losing your assets.
Pump and Dumps
Scammers will artificially pump the price of an NFT to lure in investors. When they arrive, the scammer will “dump” all of the tokens on the investors and leave.
Bidding Scams
More common in secondary markets, a scammer may try to pay for an NFT with a token you weren’t expecting. For example, if you were hoping for 2 ETH for an NFT, a scammer may try to bid using 2 ETHYs (an ERC-20 token). The value received would be completely different than what you were expecting.
Stolen Property
NFT creators often plagiarize content and sell the content as NFTs. Once investors realize the NFTs are fakes, the value of the tokens plummets.
- Cryptography – A study of secure communications techniques in an adversarial environment
- Metadata – Data that describes some other data. Ex. the caption describing an image
- Whitepaper – Information document used to promote or highlight the features of a solution to a problem, product, or service
Mitigating Investment Risk In NFTs
There are many attack vectors when it comes to NFT investing. These are methods to use to avoid falling for such scams:
- Never click suspicious links
- Don’t ever disclose passwords or seed phrases
- Conduct thorough due diligence before interacting with any NFT project
- Consider storing your valuable NFTs offline using a cold storage solution
- Always double-check transaction details before confirmation
Next Steps
View additional articles in this series:
If you feel prepared, take our Introduction to Bitcoin and Blockchain quiz:
- OKHotshot. (2022, August 31). Over $100 million worth of nfts are reportedly stolen through scams here are 13 NFT scams you should know to protect yourself: Twitter. Retrieved November 3, 2022, from https://twitter.com/NFTherder/status/1565027695746027520
- Sablah, W. (2022, July 17). NFT scams in 2022 [the most common scams]. Cloudwards. Retrieved November 3, 2022, from https://www.cloudwards.net/nft-scams/