Browse Definitions :

Nabugu -

8 ways to avoid NFT scams

People and businesses are turning to NFTs to make money, trade collectibles and use as promotions. But scams are also trying to trick people and businesses out of money.

Nonfungible tokens are taking the digital world by storm with people making money and trading these digital assets. But there are also plenty of scams to dupe people and businesses out of money.

In March 2022, threat actors stole more than $600 million from Sky Mavis, developers of the popular NFT-based game Axie Infinity. The threat actors used hacked private keys to make withdrawals out of people's digital wallets.

Along with people trading and creating NFTs in marketplaces, businesses are using NFTs for the following:

  • domain name ownership;
  • customer promotions and loyalty programs;
  • identification and documentation;
  • supply chain and logistics;
  • art, sports, luxury brands or other forms of memorabilia; and
  • real estate transactions.

There are ways to be safe with NFT transactions and avoid falling victim to various scams.

What is an NFT?

A nonfungible token (NFT) is a unique form of digital asset on a blockchain. These digital assets are not interchangeable, unlike other types of cryptocurrency, and provide ownership authentication. All blockchain transactions appear in a digital ledger to record ownership.

Each NFT is unique and cannot be recreated or replaced. The following are examples of NFT types:

  • image
  • file
  • cartoon
  • virtual real estate
  • pet
  • video
  • trading card

People buy NFTs as unique investments and collectibles.

NFTs can sell for millions of dollars. For example, digital artist Beeple sold one piece of NFT artwork for more than $69 million. Other NFT collections, such as Bored Ape Yacht Club and CryptoPunks, are also selling for hundreds of thousands of dollars each.

The NFT market had $17.6 billion in sales in 2021.

Collage image of CryptoPunk NFTs
Collage of the CryptoPunk NFTs that are popular for collecting and trading

Common types of NFT scams

NFT scams either deceive people out of money directly or get credentials to access a person's digital wallet or cryptocurrency wallet. Unfortunately, it is hard to recover lost money or stolen digital wallet credentials after a scam.

Here are some of the more common types of NFT scams to watch for.

Rug pull

Scammers pull buyers in by promoting a fake NFT project or collection and promising them that they will make money. The scammers hype this asset on social media, but after it is purchased, all the promotion and any unfulfilled promises go away. This causes the value to drop drastically. The scammers also remove the ability to sell this NFT.


Phishing may be an old scam, but it's still popular. Typically, a phishing scam involves phony advertisements, emails and pop-ups taking people to a fake website. The fake website then requests users' private wallet keys to gain access to their digital wallets. Once scammers get a hold of this private information, they can deplete any NFT collections or cryptocurrency in the digital wallet.


Scammers use social media to promote NFT giveaways. The promotions typically offer a free NFT for spreading the word to friends or signing up on their websites. When it is time to collect the prize, the scammers ask for cryptocurrency wallet information to send the NFT, but instead, they gain access to the account and take any money or NFTs in the person's wallet.

Social media impersonation

Cybercriminals create online social media profiles to convince people to buy fake NFTs. They use social media to make their fake websites look legitimate.

Bidding scams

A bidding scam happens when someone tries to resell their NFT. After getting the highest bid, the scammer -- the highest bidder -- switches out the cryptocurrency to one of a lesser value. It may appear like the highest amount, but some cryptocurrency is worth less than others.

Click here to learn about cryptocurrency market prices.

Investor scams

When selling or buying NFTs, people remain anonymous, which makes it easier to create investment scams. With an investment scam, threat actors create a seemingly worthwhile project to invest in. After collecting money, they disappear without a trace.

A recent investor scam with the Evil Ape developer stole nearly $3 million in investments. Evil Ape appeared as part of the legitimate Evolved Apes project but vanished after collecting money.

Pump and dump

A pump-and-dump scam happens when a group buys a large amount of cryptocurrency or any other currency to drive the price up for demand. After the price increases -- or pumped up -- the group then sells -- or dumps -- the asset to cash in on the gains, and everyone else loses out.

Counterfeit NFTs

Scammers may steal or copy artwork and then list this counterfeit content on legitimate sites, such as OpenSea. Because it was stolen, copied or fake, the NFT has no value. The person has already made the purchase before realizing it is counterfeit.

Most NFT scams try to steal cryptocurrency wallet information or dupe people into purchasing a fake NFT.

8 tips to avoid scams

Most NFT scams try to steal cryptocurrency wallet information or dupe people into purchasing a fake NFT. Here are some ways to avoid these scams:

  1. Keep keys private. Never share cryptocurrency wallet information with anyone. These keys should be private, along with any recovery codes. No one needs to know these passcodes for any reason.
  2. Research the NFT seller. Before purchasing, look at the seller's NFT marketplace account, and check for the blue check verification mark. Also, research the seller's social media accounts, check other listings from this seller and look for any online reviews.
  3. Review transaction history of NFT. Be wary of NFTs with transactions on one day.
  4. Do not click on suspicious attachments or links. Even if the link looks to go to a real site, it can still be fake. It's best to always visit the site directly and not click on any links.
  5. Cross-check NFT prices. Before buying an NFT, go to trading platforms, such as Axie Marketplace, Mintable or OpenSea, to see if the prices are similar. If the price seems much lower or higher than those on these legitimate trading sites, it's most likely a scam.
  6. Watch the bids. Before accepting any bid, be sure to double-check the currency. Don't accept anything lower than expected.
  7. Create strong passwords. Be sure to create strong passwords for NFT accounts and cryptocurrency wallets. Two-factor authentication is another way to keep NFTs safe. Using facial recognition or fingerprints makes it more difficult for someone to steal an identity.
  8. Use reputable NFT exchange markets. Don't believe offers that sound too good to be true. New marketplaces are popping up all over and offer minimal security. Stick to reputable exchange markets, such as OpenSea, Rarible, Mintable, Foundation, MakersPlace and Axie Marketplace.

How to secure an NFT

After purchasing an NFT, it's best to move it to cold storage or hardware, such as Trezor or Ledger, and away from the marketplace account, which can be hacked by scammers. Cold storage options are safer because all the key information is in the device itself and not easy for threat actors to gain access to.

Another common way to store NFTs is in a software wallet, such as Coinbase or MetaMask. However, the access information of these wallets is stored online, so it can be found easier than those on a cold storage device.

Next Steps

9 common cryptocurrency scams in 2022

How is cryptocurrency valued?

FTX scam explained: Everything you need to know

Dig Deeper on Authentication and access control

  • cardholder data (CD)

    Cardholder data (CD) is any personally identifiable information (PII) associated with a person who has a credit or debit card.

  • PCI DSS merchant levels

    Payment Card Industry Data Security Standard (PCI DSS) merchant levels rank merchants based on their number of transactions per ...

  • CSR (Certificate Signing Request)

    A Certificate Signing Request (CSR) is a specially formatted encrypted message sent from a Secure Sockets Layer (SSL) digital ...

  • corporate social responsibility (CSR)

    Corporate social responsibility (CSR) is a strategy undertaken by companies to not just grow profits, but also to take an active ...

  • knowledge-based systems (KBSes)

    Knowledge-based systems (KBSes) are computer programs that use a centralized repository of data known as a knowledge base to ...

  • Sarbanes-Oxley Act

    The Sarbanes-Oxley Act of 2002 is a federal law that established sweeping auditing and financial regulations for public companies.

  • employee engagement

    Employee engagement is the emotional and professional connection an employee feels toward their organization, colleagues and work.

  • talent pool

    A talent pool is a database of job candidates who have the potential to meet an organization's immediate and long-term needs.

  • diversity, equity and inclusion (DEI)

    Diversity, equity and inclusion is a term used to describe policies and programs that promote the representation and ...

Customer Experience
  • customer touchpoint

    A customer touchpoint is any direct or indirect contact a customer has with a brand.

  • customer service charter

    A customer service charter is a document that outlines how an organization promises to work with its customers along with ...

  • sales development representative (SDR)

    A sales development representative (SDR) is an individual who focuses on prospecting, moving and qualifying leads through the ...