Browse Definitions :

Nabugu -

8 ways to avoid NFT scams

People and businesses are turning to NFTs to make money, trade collectibles and use as promotions. But scams are also trying to trick people and businesses out of money.

Nonfungible tokens are taking the digital world by storm with people making money and trading these digital assets. But there are also plenty of scams to dupe people and businesses out of money.

In March 2022, threat actors stole more than $600 million from Sky Mavis, developers of the popular NFT-based game Axie Infinity. The threat actors used hacked private keys to make withdrawals out of people's digital wallets.

Along with people trading and creating NFTs in marketplaces, businesses are using NFTs for the following:

  • domain name ownership;
  • customer promotions and loyalty programs;
  • identification and documentation;
  • supply chain and logistics;
  • art, sports, luxury brands or other forms of memorabilia; and
  • real estate transactions.

There are ways to be safe with NFT transactions and avoid falling victim to various scams.

What is an NFT?

A nonfungible token (NFT) is a unique form of digital asset on a blockchain. These digital assets are not interchangeable, unlike other types of cryptocurrency, and provide ownership authentication. All blockchain transactions appear in a digital ledger to record ownership.

Each NFT is unique and cannot be recreated or replaced. The following are examples of NFT types:

  • image
  • file
  • cartoon
  • virtual real estate
  • pet
  • video
  • trading card

People buy NFTs as unique investments and collectibles.

NFTs can sell for millions of dollars. For example, digital artist Beeple sold one piece of NFT artwork for more than $69 million. Other NFT collections, such as Bored Ape Yacht Club and CryptoPunks, are also selling for hundreds of thousands of dollars each.

The NFT market had $17.6 billion in sales in 2021.

Collage image of CryptoPunk NFTs
Collage of the CryptoPunk NFTs that are popular for collecting and trading

Common types of NFT scams

NFT scams either deceive people out of money directly or get credentials to access a person's digital wallet or cryptocurrency wallet. Unfortunately, it is hard to recover lost money or stolen digital wallet credentials after a scam.

Here are some of the more common types of NFT scams to watch for.

Rug pull

Scammers pull buyers in by promoting a fake NFT project or collection and promising them that they will make money. The scammers hype this asset on social media, but after it is purchased, all the promotion and any unfulfilled promises go away. This causes the value to drop drastically. The scammers also remove the ability to sell this NFT.


Phishing may be an old scam, but it's still popular. Typically, a phishing scam involves phony advertisements, emails and pop-ups taking people to a fake website. The fake website then requests users' private wallet keys to gain access to their digital wallets. Once scammers get a hold of this private information, they can deplete any NFT collections or cryptocurrency in the digital wallet.


Scammers use social media to promote NFT giveaways. The promotions typically offer a free NFT for spreading the word to friends or signing up on their websites. When it is time to collect the prize, the scammers ask for cryptocurrency wallet information to send the NFT, but instead, they gain access to the account and take any money or NFTs in the person's wallet.

Social media impersonation

Cybercriminals create online social media profiles to convince people to buy fake NFTs. They use social media to make their fake websites look legitimate.

Bidding scams

A bidding scam happens when someone tries to resell their NFT. After getting the highest bid, the scammer -- the highest bidder -- switches out the cryptocurrency to one of a lesser value. It may appear like the highest amount, but some cryptocurrency is worth less than others.

Click here to learn about cryptocurrency market prices.

Investor scams

When selling or buying NFTs, people remain anonymous, which makes it easier to create investment scams. With an investment scam, threat actors create a seemingly worthwhile project to invest in. After collecting money, they disappear without a trace.

A recent investor scam with the Evil Ape developer stole nearly $3 million in investments. Evil Ape appeared as part of the legitimate Evolved Apes project but vanished after collecting money.

Pump and dump

A pump-and-dump scam happens when a group buys a large amount of cryptocurrency or any other currency to drive the price up for demand. After the price increases -- or pumped up -- the group then sells -- or dumps -- the asset to cash in on the gains, and everyone else loses out.

Counterfeit NFTs

Scammers may steal or copy artwork and then list this counterfeit content on legitimate sites, such as OpenSea. Because it was stolen, copied or fake, the NFT has no value. The person has already made the purchase before realizing it is counterfeit.

Most NFT scams try to steal cryptocurrency wallet information or dupe people into purchasing a fake NFT.

8 tips to avoid scams

Most NFT scams try to steal cryptocurrency wallet information or dupe people into purchasing a fake NFT. Here are some ways to avoid these scams:

  1. Keep keys private. Never share cryptocurrency wallet information with anyone. These keys should be private, along with any recovery codes. No one needs to know these passcodes for any reason.
  2. Research the NFT seller. Before purchasing, look at the seller's NFT marketplace account, and check for the blue check verification mark. Also, research the seller's social media accounts, check other listings from this seller and look for any online reviews.
  3. Review transaction history of NFT. Be wary of NFTs with transactions on one day.
  4. Do not click on suspicious attachments or links. Even if the link looks to go to a real site, it can still be fake. It's best to always visit the site directly and not click on any links.
  5. Cross-check NFT prices. Before buying an NFT, go to trading platforms, such as Axie Marketplace, Mintable or OpenSea, to see if the prices are similar. If the price seems much lower or higher than those on these legitimate trading sites, it's most likely a scam.
  6. Watch the bids. Before accepting any bid, be sure to double-check the currency. Don't accept anything lower than expected.
  7. Create strong passwords. Be sure to create strong passwords for NFT accounts and cryptocurrency wallets. Two-factor authentication is another way to keep NFTs safe. Using facial recognition or fingerprints makes it more difficult for someone to steal an identity.
  8. Use reputable NFT exchange markets. Don't believe offers that sound too good to be true. New marketplaces are popping up all over and offer minimal security. Stick to reputable exchange markets, such as OpenSea, Rarible, Mintable, Foundation, MakersPlace and Axie Marketplace.

How to secure an NFT

After purchasing an NFT, it's best to move it to cold storage or hardware, such as Trezor or Ledger, and away from the marketplace account, which can be hacked by scammers. Cold storage options are safer because all the key information is in the device itself and not easy for threat actors to gain access to.

Another common way to store NFTs is in a software wallet, such as Coinbase or MetaMask. However, the access information of these wallets is stored online, so it can be found easier than those on a cold storage device.

Next Steps

9 common cryptocurrency scams in 2022

How is cryptocurrency valued?

FTX scam explained: Everything you need to know

Dig Deeper on Authentication and access control

  • local area network (LAN)

    A local area network (LAN) is a group of computers and peripheral devices that are connected together within a distinct ...

  • TCP/IP

    TCP/IP stands for Transmission Control Protocol/Internet Protocol and is a suite of communication protocols used to interconnect ...

  • firewall as a service (FWaaS)

    Firewall as a service (FWaaS), also known as a cloud firewall, is a service that provides cloud-based network traffic analysis ...

  • identity management (ID management)

    Identity management (ID management) is the organizational process for ensuring individuals have the appropriate access to ...

  • single sign-on (SSO)

    Single sign-on (SSO) is a session and user authentication service that permits a user to use one set of login credentials -- for ...

  • fraud detection

    Fraud detection is a set of activities undertaken to prevent money or property from being obtained through false pretenses.

  • project scope

    Project scope is the part of project planning that involves determining and documenting a list of specific project goals, ...

  • core competencies

    For any organization, its core competencies refer to the capabilities, knowledge, skills and resources that constitute its '...

  • change management

    Change management is a systematic approach to dealing with the transition or transformation of an organization's goals, processes...

  • recruitment management system (RMS)

    A recruitment management system (RMS) is a set of tools designed to manage the employee recruiting and hiring process. It might ...

  • core HR (core human resources)

    Core HR (core human resources) is an umbrella term that refers to the basic tasks and functions of an HR department as it manages...

  • HR service delivery

    HR service delivery is a term used to explain how an organization's human resources department offers services to and interacts ...

Customer Experience
  • martech (marketing technology)

    Martech (marketing technology) refers to the integration of software tools, platforms, and applications designed to streamline ...

  • transactional marketing

    Transactional marketing is a business strategy that focuses on single, point-of-sale transactions.

  • customer profiling

    Customer profiling is the detailed and systematic process of constructing a clear portrait of a company's ideal customer by ...