Browse Definitions :

Nabugu - stock.adobe.com

8 ways to avoid NFT scams

People and businesses are turning to NFTs to make money, trade collectibles and use as promotions. But scams are also trying to trick people and businesses out of money.

Nonfungible tokens are taking the digital world by storm with people making money and trading these digital assets. But there are also plenty of scams to dupe people and businesses out of money.

In March 2022, threat actors stole more than $600 million from Sky Mavis, developers of the popular NFT-based game Axie Infinity. The threat actors used hacked private keys to make withdrawals out of people's digital wallets.

Along with people trading and creating NFTs in marketplaces, businesses are using NFTs for the following:

  • domain name ownership;
  • customer promotions and loyalty programs;
  • identification and documentation;
  • supply chain and logistics;
  • art, sports, luxury brands or other forms of memorabilia; and
  • real estate transactions.

There are ways to be safe with NFT transactions and avoid falling victim to various scams.

What is an NFT?

A nonfungible token (NFT) is a unique form of digital asset on a blockchain. These digital assets are not interchangeable, unlike other types of cryptocurrency, and provide ownership authentication. All blockchain transactions appear in a digital ledger to record ownership.

Each NFT is unique and cannot be recreated or replaced. The following are examples of NFT types:

  • image
  • file
  • cartoon
  • virtual real estate
  • pet
  • video
  • trading card

People buy NFTs as unique investments and collectibles.

NFTs can sell for millions of dollars. For example, digital artist Beeple sold one piece of NFT artwork for more than $69 million. Other NFT collections, such as Bored Ape Yacht Club and CryptoPunks, are also selling for hundreds of thousands of dollars each.

The NFT market had $17.6 billion in sales in 2021.

Collage image of CryptoPunk NFTs
Collage of the CryptoPunk NFTs that are popular for collecting and trading

Common types of NFT scams

NFT scams either deceive people out of money directly or get credentials to access a person's digital wallet or cryptocurrency wallet. Unfortunately, it is hard to recover lost money or stolen digital wallet credentials after a scam.

Here are some of the more common types of NFT scams to watch for.

Rug pull

Scammers pull buyers in by promoting a fake NFT project or collection and promising them that they will make money. The scammers hype this asset on social media, but after it is purchased, all the promotion and any unfulfilled promises go away. This causes the value to drop drastically. The scammers also remove the ability to sell this NFT.

Phishing

Phishing may be an old scam, but it's still popular. Typically, a phishing scam involves phony advertisements, emails and pop-ups taking people to a fake website. The fake website then requests users' private wallet keys to gain access to their digital wallets. Once scammers get a hold of this private information, they can deplete any NFT collections or cryptocurrency in the digital wallet.

Airdrop

Scammers use social media to promote NFT giveaways. The promotions typically offer a free NFT for spreading the word to friends or signing up on their websites. When it is time to collect the prize, the scammers ask for cryptocurrency wallet information to send the NFT, but instead, they gain access to the account and take any money or NFTs in the person's wallet.

Social media impersonation

Cybercriminals create online social media profiles to convince people to buy fake NFTs. They use social media to make their fake websites look legitimate.

Bidding scams

A bidding scam happens when someone tries to resell their NFT. After getting the highest bid, the scammer -- the highest bidder -- switches out the cryptocurrency to one of a lesser value. It may appear like the highest amount, but some cryptocurrency is worth less than others.

Click here to learn about cryptocurrency market prices.

Investor scams

When selling or buying NFTs, people remain anonymous, which makes it easier to create investment scams. With an investment scam, threat actors create a seemingly worthwhile project to invest in. After collecting money, they disappear without a trace.

A recent investor scam with the Evil Ape developer stole nearly $3 million in investments. Evil Ape appeared as part of the legitimate Evolved Apes project but vanished after collecting money.

Pump and dump

A pump-and-dump scam happens when a group buys a large amount of cryptocurrency or any other currency to drive the price up for demand. After the price increases -- or pumped up -- the group then sells -- or dumps -- the asset to cash in on the gains, and everyone else loses out.

Counterfeit NFTs

Scammers may steal or copy artwork and then list this counterfeit content on legitimate sites, such as OpenSea. Because it was stolen, copied or fake, the NFT has no value. The person has already made the purchase before realizing it is counterfeit.

Most NFT scams try to steal cryptocurrency wallet information or dupe people into purchasing a fake NFT.

8 tips to avoid scams

Most NFT scams try to steal cryptocurrency wallet information or dupe people into purchasing a fake NFT. Here are some ways to avoid these scams:

  1. Keep keys private. Never share cryptocurrency wallet information with anyone. These keys should be private, along with any recovery codes. No one needs to know these passcodes for any reason.
  2. Research the NFT seller. Before purchasing, look at the seller's NFT marketplace account, and check for the blue check verification mark. Also, research the seller's social media accounts, check other listings from this seller and look for any online reviews.
  3. Review transaction history of NFT. Be wary of NFTs with transactions on one day.
  4. Do not click on suspicious attachments or links. Even if the link looks to go to a real site, it can still be fake. It's best to always visit the site directly and not click on any links.
  5. Cross-check NFT prices. Before buying an NFT, go to trading platforms, such as Axie Marketplace, Mintable or OpenSea, to see if the prices are similar. If the price seems much lower or higher than those on these legitimate trading sites, it's most likely a scam.
  6. Watch the bids. Before accepting any bid, be sure to double-check the currency. Don't accept anything lower than expected.
  7. Create strong passwords. Be sure to create strong passwords for NFT accounts and cryptocurrency wallets. Two-factor authentication is another way to keep NFTs safe. Using facial recognition or fingerprints makes it more difficult for someone to steal an identity.
  8. Use reputable NFT exchange markets. Don't believe offers that sound too good to be true. New marketplaces are popping up all over and offer minimal security. Stick to reputable exchange markets, such as OpenSea, Rarible, Mintable, Foundation, MakersPlace and Axie Marketplace.

How to secure an NFT

After purchasing an NFT, it's best to move it to cold storage or hardware, such as Trezor or Ledger, and away from the marketplace account, which can be hacked by scammers. Cold storage options are safer because all the key information is in the device itself and not easy for threat actors to gain access to.

Another common way to store NFTs is in a software wallet, such as Coinbase or MetaMask. However, the access information of these wallets is stored online, so it can be found easier than those on a cold storage device.

Next Steps

9 common cryptocurrency scams in 2022

How is cryptocurrency valued?

Dig Deeper on Authentication and access control

SearchNetworking
  • virtual network functions (VNFs)

    Virtual network functions (VNFs) are virtualized tasks formerly carried out by proprietary, dedicated hardware.

  • network functions virtualization (NFV)

    Network functions virtualization (NFV) is a network architecture model designed to virtualize network services that have ...

  • overlay network

    An overlay network is a virtual or logical network that is created on top of an existing physical network.

SearchSecurity
  • encryption

    Encryption is the method by which information is converted into secret code that hides the information's true meaning.

  • X.509 certificate

    An X.509 certificate is a digital certificate that uses the widely accepted international X.509 public key infrastructure (PKI) ...

  • directory traversal

    Directory traversal is a type of HTTP exploit in which a hacker uses the software on a web server to access data in a directory ...

SearchCIO
  • security audit

    A security audit is a systematic evaluation of the security of a company's information system by measuring how well it conforms ...

  • chief transformation officer (CTO)

    Chief transformation officer is an executive role, often in the C-suite, that focuses on bringing about change as well as growth ...

  • data latency

    Data latency is the time it takes for data packets to be stored or retrieved. In business intelligence (BI), data latency is how ...

SearchHRSoftware
SearchCustomerExperience
  • implementation

    Implementation is the execution or practice of a plan, a method or any design, idea, model, specification, standard or policy for...

  • first call resolution (FCR)

    First call resolution (FCR) is when customer service agents properly address a customer's needs the first time they call.

  • customer intelligence (CI)

    Customer intelligence (CI) is the process of collecting and analyzing detailed customer data from internal and external sources ...

Close