The Top 5 NFT Scams to Avoid
Despite the recent NFT crash, con artists are still around. Here are the top 5 NFT scams to be avoided.
Non-fungible tokens (NFTs) were an overnight sensation, and it certainly made a few people wealthy in 2021. But as the hype died down, so did NFT prices. The year 2022 produced the biggest crash. The market fell from $12.6 billion down to about $1 billion.1
If you can believe it, the NFT market has been making steady progress since that crash. NFT sales in 2023 were back up to $8.70 billion. So if you’re looking to get in on NFTs, the market now presents a buying opportunity while prices are still lower than the peak prices from 2019 to 2021.
But buyer beware: Some NFT projects are actually scams. There are NFT phishing sites, fake NFTs, rug pulls, and other scams that take advantage of new NFT collectors.
In this article, I’ll go over the top five NFT scams to avoid. Staying away from these swindles will go a long way toward protecting your hard-earned cash from the worst types of NFT grifters.
Now here are the five NFT scams to avoid at all costs.
#1: Phishing Sites
Some obscure websites claim to sell popular NFTs like Bored Apes or CryptoPunks. Most of these sites are engaged in “phishing,” a scam used to get sensitive information from you, although a few may be legitimate.
NFT and cryptocurrency phishing sites are most interested in their victims’ seed words and private keys. You’ll know it’s a scam if the site you’re dealing with asks for that information; you don’t need to provide your seed words and private keys to buy or sell NFTs. Most likely, once the site gets ahold of that information, they’ll access your crypto wallet and transfer your funds to themselves.
NFT phishing sites will often produce popup windows that look like they came from your wallet, so it can be easy to get confused and accidentally give them your info.
But avoiding these scams is actually fairly simple. Just remember that your wallet will never ask for your seed words unless you have just installed it or reinstalled it. If you’re browsing a site on the web and get asked to enter your seed words, this is probably a scam!
FYI: It’s not just NFT holders that sometimes fall victim to phishing. There are also regular crypto phishing sites that try to get users to give away their seed words or private keys.
#2: Counterfeit NFTs
Another common NFT scam is to produce counterfeit NFTs. A completely worthless NFT may look exactly like one that is worth thousands of dollars. This is because the author of the item may have violated the copyright of the original creator by producing unauthorized copies.
So how do you know if an NFT is counterfeit?
- Do a reverse image search of the NFT’s image. This should bring up the official website for the project.
- Look for a page called “provenance” or “contracts,” which should show you the official contract address.
- Check the contract address of the NFT being sold to you. If it matches the official contract address, it’s definitely legitimate. If it doesn’t, it’s most likely counterfeit.
For example, the following image shows the provenance page for Bored Ape Yacht Club (BAYC). You can see BAYC’s official contract address.
And here is the “details” box for an authentic BAYC item on the popular NFT marketplace, OpenSea.
Of course, that only works if the marketplace you are using is itself not fake, which brings us to the next NFT scam – fake marketplaces.
#3: Fake Marketplaces
Some NFT marketplaces are made to look exactly like real ones. But in fact, they are scam websites that trigger malicious smart contracts.
Did You Know? A “smart contract” is a file that runs on a blockchain network. The term gets its name from an essay called “The Idea of Smart Contracts,” written by Nick Szabo. Auditing a smart contract is often an effective way to make sure that a crypto coin is safe.
For example, over 250 NFTs were stolen from users who went to a fake version of OpenSea.2 This site looked exactly like the real OpenSea, but it had a slightly different spelling in its URL. The users were led to the site through emails sent from the scammers. They were told to “migrate” their auctions in order to prevent them from being canceled. But when they pushed buttons and approved transactions to complete the “migrations,” it triggered malicious contracts that stole all of their NFTs.
To help avoid a malicious or phony marketplace, start by checking the URL. A phony site may look similar but have a slightly different spelling compared to the real one. For example, it might say “opensee.com” instead of “opensea.io.” If the URL is different from the official one, you’ll know right away that you’re on the wrong site.
Next, take a look at the lock symbol in the address bar. If the site has been hacked, this should show up in red. Your browser may even warn you that the site “failed its security certificate.” In this case, you’ll probably want to wait until the security breach is dealt with and the site returns to normal before using it.
Finally, take a look at the contracts that are being called when you push buttons. Your wallet will require you to confirm each button-push, and it will tell you which contracts are being triggered. If you call a contract that you’ve never called before, your wallet should alert you that you’re dealing with a new address.
Pro Tip: Before you can use an NFT marketplace, you’ll need some cryptocurrency and a wallet to hold it in. And in order to get cryptocurrency, you’ll need an exchange.
For example, here is a Metamask wallet confirmation that pops up when you try to submit a bid on SuperRare.com. The address is circled in red.
If the address is different from the one listed in the developer’s docs, you may be dealing with a phony website. Other red flags to look out for are contracts with an unusually small number of transactions or with code that isn’t human-readable (as with the earlier example, you can click the link to go to an Etherscan page with more information).
If you can’t determine whether the contract being called is the correct one, you may want to contact the developer’s Discord or Telegram channel and talk to an admin before using the contract.
But be sure to watch out for fake customer service agents.
#4: Impersonating Customer Support
Some scammers on Discord or Telegram will pose as “customer support” for a crypto project. They’ll tell you to click on a URL that will send you to either a phishing site or a site with malicious contracts.
These scammers are often caught quickly if they post directly to the Discord group for a project. So to avoid getting caught, they will send direct messages (DMs) to unsuspecting users.
To help avoid getting ensnared by these scams, be extra suspicious of any DMs that you receive. You might want to avoid clicking Discord or Telegram links to marketplaces unless they are sent from an admin. On Discord, you can click on a user’s name within a group to find out what that user’s “role” is. The admins will usually have roles like “admin” or “moderator,” and they may also have a “MOD” tag in their names.
For example, here is what an admin for the Avalanche (AVAX) Discord group looks like:
If a user is posing as customer support but doesn’t have any special role within the group, they might be trying to scam you.
But fake customer agents and phony marketplaces are not the only NFT scams to worry about. Some NFT projects are themselves a scam. In the next section, I’ll discuss the most widespread form of scam NFT projects.
Rug Pulls
One of the most common ways that people get scammed with NFTs is through “rug pulls.”
A rug pull occurs when a developer markets a new NFT project that offers some type of future reward, such as a giveaway or a game that will be developed, then disappears once the money comes in.
For example, in a case called United States v. Le Ahn Tuan, a man has been charged with defrauding collectors of over $2 million through a project called “Baller Apes.”3
According to the Justice Department, the man promised various rewards to holders of Baller Apes NFTs, including random drops of rare Baller Apes, Solana (SOL) prizes, and a “VIP Lounge” where holders could meet each other.4 But once he sold the collection, he disappeared, taking down his website and closing all of the project’s Discord and Telegram servers, and he never provided the promised rewards.
How to avoid a rug pull
The easiest way to avoid these types of scams is to invest only in reputable NFT projects that have been around for a while. Most rug pulls occur immediately after a project’s initial sale. So if a project has been around for at least a few months after launch, it’s a lot less likely to be a rug pull.
If you really want to invest in completely new projects, another option to limit risk is to spread your investments across multiple projects. This way, if one project turns out to be a scam, you’ll limit your losses.
Pro Tip: Some NFT rug pulls will promise Metaverse content to be released in the future. Of course, legitimate projects also sometimes make these promises, so it’s not always easy to know which Metaverse NFT projects are legit and which are not. But diversification can help with this problem.
Wrapping Up
NFTs have been around since 2014. But before 2021, they were mostly known as video game items. The idea that a person could collect NFTs simply for their artistic value was virtually unheard of.
But today, digital art NFTs have become more accepted than ever. Still, collectors should be aware that there are a lot of scammers trying to take advantage of new NFT holders. Awareness of these five NFT scams can help to protect your collection and your crypto from the worst types of NFT cons so that you can enjoy your collection in peace — and maybe even profit if/when the market recovers in the future.
In this article, we covered only the most common NFT scams. So be sure to check out our comprehensive guide to investing in crypto safely for a more systematic explanation of crypto and NFT security.
Citations
- The Guardian. (2022). NFT sales hit 12-month low after cryptocurrency crash.
theguardian.com/technology/2022/jul/02/nft-sales-hit-12-month-low-after-cryptocurrency-crash - Blockworks. (2022). OpenSea Scammers Went Phishing and Caught Over 250 NFTs From 17 Users.
blockworks.co/opensea-scammers-went-phishing-and-caught-over-250-nfts-from-17-users/ - The United States Department of Justice. (2022). Justice Department Announces Enforcement Action Charging Six Individuals with Cryptocurrency Fraud Offenses in Cases Involving Over $100 Million in Intended Losses.
justice.gov/opa/pr/justice-department-announces-enforcement-action-charging-six-individuals-cryptocurrency-fraud - Wayback Machine. (2021). Baller Ape Club.
web.archive.org/web/20211001184455/https://ballerapeclub.com/