NFT scams: how to keep your crypto safe and protect your NFT

2021 was the year of NFTs as they tranisitioned from being an obscure technology and broke into the mainstream. However, the industry was also marred by scams and bad news surrounding it. Maybe you’re hesitant to invest in NFTs because of this.

In the same year, the NFT marketplace generated more than $24 billion in trading volume with the most expensive sale of $69,346,250 (38,525 ETH), acquired from Beeple - Everydays: The First 5000 Days. Unfortunately, as the industry continues to run its course, it reached its nadir in late March 2022, declining almost 50% to 2.4 billion from January, according to NFT data tracker CryptoSlam.

Motivated by a lack of regulations and the prospect of making a quick buck, a growing number of scammers are making their presence felt in the industry. 

The biggest NFT scams and how to avoid them

The Ronin bridge attack that occurred last month on the biggest GameFi platform Axie Infinity resulted in a loss of 173,600 Ethereum and 25.5 USDC, or over US$ 600 million, became the second largest crypto hack.

NFT scams also happen to any individual engaged in the Web3 space. Famous rapper, Waka Flocka Flame lost $19,000 when hackers sent malicious NFTs to one of his wallets. He clicked on an NFT intending only to delete them but realized that his funds were automatically transferred to the hackers.

NFT scams come in many different forms and are difficult to detect to the unknowing eye. Let’s look at a few examples and how to protect yourself from them.

NFT phishing scams 

A phishing scam is when a hacker tries to steal information from you through email, texts or other ways, usually your personal identifiable information, such as your birthday, address, driver’s license number, credit card information or more. Once obtained, they may sell your information or open accounts with your name.

The same applies to NFT phishing scams, where scammers carry out hacks by using a fake wallet to request its target victim to hand over his wallet’s private key or seed phrase so they can access his wallet. A seed phrase is a series of 12 to 24 words you use to access your wallet and store digital assets. When a scammer obtains your seed phrase, they can take your assets from your wallet. Once stolen, the funds cannot be recovered.

This is most commonly seen in NFT Giveaways, where scammers pose as legitimate NFT trading platforms to promote fake NFT airdrops or giveaways. In exchange for signing up with your personal information.

To avoid this, never enter your seed phrase on any pop-ups, online applications, suspicious websites, any internet-connected interface without your due diligence. Instead, store your seed phrase offline (such as on a piece of paper, a steel backup plate, cold wallet, or splitting your seed phrase to store in multiple locations), to prevent it from falling into the wrong hands.  

Rug pull NFT projects

A rug pull is when a project’s developers create a new token, pump up the price and pull all the liquidity out of the project before abandoning it completely and absconding with the investors’ fees. After which losses are often permanent.

In late 2021, SQUID coin was created, riding on the hype of the popular Netflix series. The token rose by 23,000,000% in a week, according to data from CoinMarketCap. It peaked at around US$2,862 before falling to a fraction of a cent in a matter of minutes. Investors were duped into believing SQUID was a play-to-earn gaming currency. In this rug pull, the anonymous scammers made off with around US$3.4 million.

To avoid this, we need to identify red flags: 

• Projects that are only listed on DEX and no other trustworthy exchanges

• Projects with a large amount of fake followers

• Urgent mint immediately after the project’s Discord launch (around 2 -3 weeks) with an unrealistic growth rate of followers

• Projects that have no roadmap or the NFT artworks

• Projects with excessive promotions that is aimed at manipulating people into investing out of FOMO

• Project’s background information of the company’s name, founders, track records on cryptocurrency etc are unavailable or not public 

Counterfeit NFTs

Counterfeit NFTs are copycat artworks created by scammers to sell on an NFT marketplace where they list the counterfeit piece for auction. Once users purchase the NFT, they would realize it’s not original and has no value.

In one such scam, acclaimed street artist and political activist Banksy’s website was hacked and a hacker opened a link to create a fake NFT auction, scamming a fan out of US$ 336,000.

To avoid this scam, before bidding on an NFT, do your research. Conduct a background check on the creator’s Discord, social media profile to make sure they have a verification tick to indicate credibility.

As the NFT market evolves, NFT scams are likely to increase. All the hype surrounding this space makes it hard for us to discern trustworthy NFT creators from malicious scammers. The takeaway from this article is to always DYOR before investing and only when you’re certain the information is authentic, store your personal information securely offline, same goes for your crypto assets.  

Photo: CryptoSlate