The booming NFT market is a new target for scammers. So, last year, a scammer sold fake NFTs from a famous artist Banksy for $338,000. A scammer later returned the money to the victim, but the story could have ended badly. Today, we have compiled a selection of the most common types of scams in the NFT market, as well as considered key ways to avoid them. Let’s get started!
#1 Fake Customer Support
Recently, there has been an increase in cases when NFT users encounter scammers and lose their assets. One of the most frequent cases in the NFT market is related to the support services of various marketplaces.
For example, attackers pretend to be employees of a popular NFT platform, such as OpenSea and try to gain access to the user’s private keys or sell them fake NFTs. To do this, scammers create accounts in instant messengers with a name like ‘OpenSea Support.’ As soon as a potential victim mentions their issues in the chat, pseudo-technical support representatives start a dialog with them.
Most of all, fake support is commonplace in profile chats and communities in Telegram, as well as on the Discord messaging platform. Still, some scammers create their own Telegram channels and pass them off as official marketplace channels.
In order not to fall for this trick, we recommend that you do not report your issues in chats — contact technical support directly through a ticket or accounts listed on the project page. But the most important thing is to never tell anyone your account details, private keys, or secret phrase — marketplace employees simply do not need them. Also, before joining the marketplace community, be sure to join the official channel of the project. Particularly popular platforms may have dozens of ‘twins.’
#2 MetaMask Crypto Wallet Scammers
Another fairly effective way of scam was to use a browser-based version of the MetaMask wallet.
So, scammers offer a user to share their screen, after which they direct the victim to a wallet section designed to connect MetaMask to various devices. By doing this, an attacker can set up a wallet on their own device, gaining full access to the user’s funds.
At the end of August 2021, Jeff Nicholas, creative director of Authentic AI, said on Twitter that scammers stole most of his NFT collection in this way. He was looking for the OpenSea marketplace support channel on Discord but ended up on a fake one.
The scammers asked him to share the screen so that it would be easier for support to help him with his issue. Further, they offered to synchronize the MetaMask browser wallet with a mobile app and asked to open the corresponding tab in wallet settings. The wallet generated a QR code, after which a synchronization message appeared. But in reality, scammers scanned the code and synchronized their mobile wallet with Nicholas’s account. After that, they simply withdrew all the assets from the hacked wallet.
#3 Fake Links to Create NFTs
Many opportunities for scammers arise during the initial sale of an NFT or during the creation of a new NFT. The process of issuing an NFT is not complicated, but if a user is inattentive or acts on a wave of hype, then they can make a mistake.
For example, scammers post fake links in chats and channels to websites where NFTs will supposedly be minted. By clicking on them, users synchronize their wallets with a scam site and lose all NFTs.
Experienced NFT investor Chase Devans, an analyst at Messari Research, became a victim of this fraudulent scheme at the end of August 2021. In an attempt to release his own NFT, he followed a link he copied from one of his Discord chats. When he tried to create tokens on a fake site, he lost $15,000 in SOL coins and all his NFTs. In the comments under Devance’s Twitter post, an investor @cryptolyfer said that he also fell victim to a similar scam but lost $250,000 in SOL coins.
To avoid this type of scam, do not follow links from chats and channels, as well as those sent in private messages. It is also better not to store all NFTs in one wallet and create a new one before each minting.
#4 Fake NFT Trades
If a user wants to buy or sell an NFT, they will most likely connect it to a marketplace, such as the most popular NFT platform, OpenSea. Recently, scammers have started to deceive victims during an auction for the purchase of a non-fungible token.
The essence of the scam is that the attacker offers a price for NFT not in the selected asset but in another, cheaper one. For example, in USDC, stablecoin instead of WETH or ETH. So, what’s the scam all about? Well, for example, a token costs 3 ETH ($11,270), and scammers offer 10 USDC ($10) at once. A delighted victim may not notice the trick and sell the asset for the specified amount.
#5 Phishing NFT Marketplaces
Another scam that is simple in its mechanics is fake NFT asset trading platforms. Attackers simply create their own sites that are copies of popular platforms that look exactly like real ones. By entering their data on a fake site, victims let scammers steal it in this way. Users also risk buying fake NFTs — copies of those arts sold on original platforms.
In a March study by Bolster, it was noted that in early spring, the number of domain registrations similar to popular NFT marketplaces (‘rarible’, ‘opensea,’ and ‘audius’) tripled compared to previous months. The number of domain registrations with the use of such words as ‘crypto,’ ‘nft,’’ market,’ and ‘trade’ has also increased.
Addresses of fake sites differ from real ones by one or two characters or a domain zone. For example, opensea.com instead of opensea.io, or rarbile.com instead of rarible.com. Therefore, by clicking on a fake link, the user does not always get to the marketplace clone. Most often, it is redirected to sites with malware.
#6 Copies of Original NFTs
Fraudsters also create replicas of original NFTs and sell them as original ones. Technically, this is not difficult since, in fact, an NFT is just a record on the blockchain that a digital file belongs to a specific address. Copies differ from the originals only in the address and in that one of them had a hand in the real author of the image or NFT, while the other did not. The scammer can copy the original GIF or JPEG image, create a new NFT and pass it off as the original.
Even on large marketplaces, there is still no strict verification of an NFT seller — anyone can upload a file and create an NFT based on it. Accounts of scammers trading on behalf of well-known artists are quickly blocked, but they can already sell several fake NFTs by this time.
Avoiding fake NFTs is more difficult than simply not clicking on unverified links. Even experienced investors are not immune from such a scam. The situation is aggravated by the fact that NFT platforms do not actually fight against NFT copying and the fact that anyone can impersonate a famous artist. For example, OpenSea states that buyers must ‘do their own research’ before purchasing a token.
#7 Copyright Violation
Scammers not only copy original NFTs and impersonate well-known artists but also create their own NFTs based on other people’s works forgetting about copyright.
This creates legal risks for buyers related to copyright violations and also reduces the value of the NFT itself. Indeed, when dealing with original non-fungible tokens, not the images themselves that are important but the confirmation of authorship provided by the NFT. Anyone can create an NFT for any image: it is enough to have an Ethereum wallet and some gas to pay fees. Most likely, many artists do not even suspect that someone is using their artwork to create NFTs.
In March last year, scammers created a fake Rarible account of an artist Derek Laufman and traded NFTs on his behalf. At the same time, the attackers passed the test — their account was verified by the platform as genuine. It was only after Laufman’s appeal and several Twitter posts about the situation that Rarible deleted the scammers’ account. But by this time, one of the artist’s followers had already bought some of his artworks.
Some major artists have taken their own steps to protect and certify their work sold online. Hannes Koch, the co-founder of Random International, told The Wall Street Journal that he and his staff have begun adding blockchain certificates from Verisart to their NFTs.
The NFT market is growing rapidly — and the number of scammers will also increase. Still, fortunately, you can protect yourself from most scam schemes by following the basic rules of crypto security.
The main thing to remember is that when buying an NFT, you must independently and carefully check its originality since the fact that the token is listed on a large platform does not guarantee its authenticity.