Browse Definitions :

Nabugu -

8 ways to avoid NFT scams

People and businesses are turning to NFTs to make money, trade collectibles and use as promotions. But scams are also trying to trick people and businesses out of money.

Nonfungible tokens are taking the digital world by storm with people making money and trading these digital assets. But there are also plenty of scams to dupe people and businesses out of money.

In March 2022, threat actors stole more than $600 million from Sky Mavis, developers of the popular NFT-based game Axie Infinity. The threat actors used hacked private keys to make withdrawals out of people's digital wallets.

Along with people trading and creating NFTs in marketplaces, businesses are using NFTs for the following:

  • domain name ownership;
  • customer promotions and loyalty programs;
  • identification and documentation;
  • supply chain and logistics;
  • art, sports, luxury brands or other forms of memorabilia; and
  • real estate transactions.

There are ways to be safe with NFT transactions and avoid falling victim to various scams.

What is an NFT?

A nonfungible token (NFT) is a unique form of digital asset on a blockchain. These digital assets are not interchangeable, unlike other types of cryptocurrency, and provide ownership authentication. All blockchain transactions appear in a digital ledger to record ownership.

Each NFT is unique and cannot be recreated or replaced. The following are examples of NFT types:

  • image
  • file
  • cartoon
  • virtual real estate
  • pet
  • video
  • trading card

People buy NFTs as unique investments and collectibles.

NFTs can sell for millions of dollars. For example, digital artist Beeple sold one piece of NFT artwork for more than $69 million. Other NFT collections, such as Bored Ape Yacht Club and CryptoPunks, are also selling for hundreds of thousands of dollars each.

The NFT market had $17.6 billion in sales in 2021.

Collage image of CryptoPunk NFTs
Collage of the CryptoPunk NFTs that are popular for collecting and trading

Common types of NFT scams

NFT scams either deceive people out of money directly or get credentials to access a person's digital wallet or cryptocurrency wallet. Unfortunately, it is hard to recover lost money or stolen digital wallet credentials after a scam.

Here are some of the more common types of NFT scams to watch for.

Rug pull

Scammers pull buyers in by promoting a fake NFT project or collection and promising them that they will make money. The scammers hype this asset on social media, but after it is purchased, all the promotion and any unfulfilled promises go away. This causes the value to drop drastically. The scammers also remove the ability to sell this NFT.


Phishing may be an old scam, but it's still popular. Typically, a phishing scam involves phony advertisements, emails and pop-ups taking people to a fake website. The fake website then requests users' private wallet keys to gain access to their digital wallets. Once scammers get a hold of this private information, they can deplete any NFT collections or cryptocurrency in the digital wallet.


Scammers use social media to promote NFT giveaways. The promotions typically offer a free NFT for spreading the word to friends or signing up on their websites. When it is time to collect the prize, the scammers ask for cryptocurrency wallet information to send the NFT, but instead, they gain access to the account and take any money or NFTs in the person's wallet.

Social media impersonation

Cybercriminals create online social media profiles to convince people to buy fake NFTs. They use social media to make their fake websites look legitimate.

Bidding scams

A bidding scam happens when someone tries to resell their NFT. After getting the highest bid, the scammer -- the highest bidder -- switches out the cryptocurrency to one of a lesser value. It may appear like the highest amount, but some cryptocurrency is worth less than others.

Click here to learn about cryptocurrency market prices.

Investor scams

When selling or buying NFTs, people remain anonymous, which makes it easier to create investment scams. With an investment scam, threat actors create a seemingly worthwhile project to invest in. After collecting money, they disappear without a trace.

A recent investor scam with the Evil Ape developer stole nearly $3 million in investments. Evil Ape appeared as part of the legitimate Evolved Apes project but vanished after collecting money.

Pump and dump

A pump-and-dump scam happens when a group buys a large amount of cryptocurrency or any other currency to drive the price up for demand. After the price increases -- or pumped up -- the group then sells -- or dumps -- the asset to cash in on the gains, and everyone else loses out.

Counterfeit NFTs

Scammers may steal or copy artwork and then list this counterfeit content on legitimate sites, such as OpenSea. Because it was stolen, copied or fake, the NFT has no value. The person has already made the purchase before realizing it is counterfeit.

Most NFT scams try to steal cryptocurrency wallet information or dupe people into purchasing a fake NFT.

8 tips to avoid scams

Most NFT scams try to steal cryptocurrency wallet information or dupe people into purchasing a fake NFT. Here are some ways to avoid these scams:

  1. Keep keys private. Never share cryptocurrency wallet information with anyone. These keys should be private, along with any recovery codes. No one needs to know these passcodes for any reason.
  2. Research the NFT seller. Before purchasing, look at the seller's NFT marketplace account, and check for the blue check verification mark. Also, research the seller's social media accounts, check other listings from this seller and look for any online reviews.
  3. Review transaction history of NFT. Be wary of NFTs with transactions on one day.
  4. Do not click on suspicious attachments or links. Even if the link looks to go to a real site, it can still be fake. It's best to always visit the site directly and not click on any links.
  5. Cross-check NFT prices. Before buying an NFT, go to trading platforms, such as Axie Marketplace, Mintable or OpenSea, to see if the prices are similar. If the price seems much lower or higher than those on these legitimate trading sites, it's most likely a scam.
  6. Watch the bids. Before accepting any bid, be sure to double-check the currency. Don't accept anything lower than expected.
  7. Create strong passwords. Be sure to create strong passwords for NFT accounts and cryptocurrency wallets. Two-factor authentication is another way to keep NFTs safe. Using facial recognition or fingerprints makes it more difficult for someone to steal an identity.
  8. Use reputable NFT exchange markets. Don't believe offers that sound too good to be true. New marketplaces are popping up all over and offer minimal security. Stick to reputable exchange markets, such as OpenSea, Rarible, Mintable, Foundation, MakersPlace and Axie Marketplace.

How to secure an NFT

After purchasing an NFT, it's best to move it to cold storage or hardware, such as Trezor or Ledger, and away from the marketplace account, which can be hacked by scammers. Cold storage options are safer because all the key information is in the device itself and not easy for threat actors to gain access to.

Another common way to store NFTs is in a software wallet, such as Coinbase or MetaMask. However, the access information of these wallets is stored online, so it can be found easier than those on a cold storage device.

Next Steps

9 common cryptocurrency scams in 2022

How is cryptocurrency valued?

Dig Deeper on Authentication and access control

  • network traffic

    Network traffic is the amount of data that moves across a network during any given time.

  • dynamic and static

    In general, dynamic means 'energetic, capable of action and/or change, or forceful,' while static means 'stationary or fixed.'

  • MAC address (media access control address)

    A MAC address (media access control address) is a 12-digit hexadecimal number assigned to each device connected to the network.

  • Evil Corp

    Evil Corp is an international cybercrime network that uses malicious software to steal money from victims' bank accounts and to ...

  • Trojan horse

    In computing, a Trojan horse is a program downloaded and installed on a computer that appears harmless, but is, in fact, ...

  • quantum key distribution (QKD)

    Quantum key distribution (QKD) is a secure communication method for exchanging encryption keys only known between shared parties.

  • green IT (green information technology)

    Green IT (green information technology) is the practice of creating and using environmentally sustainable computing.

  • benchmark

    A benchmark is a standard or point of reference people can use to measure something else.

  • spatial computing

    Spatial computing broadly characterizes the processes and tools used to capture, process and interact with 3D data.

  • talent acquisition

    Talent acquisition is the strategic process employers use to analyze their long-term talent needs in the context of business ...

  • employee retention

    Employee retention is the organizational goal of keeping productive and talented workers and reducing turnover by fostering a ...

  • hybrid work model

    A hybrid work model is a workforce structure that includes employees who work remotely and those who work on site, in a company's...

Customer Experience
  • BOPIS (buy online, pick up in-store)

    BOPIS (buy online, pick up in-store) is a business model that allows consumers to shop and place orders online and then pick up ...

  • real-time analytics

    Real-time analytics is the use of data and related resources for analysis as soon as it enters the system.

  • database marketing

    Database marketing is a systematic approach to the gathering, consolidation and processing of consumer data.