NFT scams are becoming increasingly common as hackers find new ways to infiltrate the blockchain and steal cryptocurrency or artwork. A recent report released by Elliptic shows that between July 2021 and July 2022, NFT-related scams accounted for approximately $100.6 million. One of the biggest scams to date was Aptos Chimp, an NFT built on the Aptos blockchain, which scammed investors out of 1.5 $APT (roughly $12.6 million) through a fake site drainer in October 2022.
It is crucial to have a deep understanding of how scammers operate to avoid becoming a victim of these ruthless operations. Here are some common NFT scams to be aware of:
Discord and Social Media Hack
In 2022, several projects, including Bored Ape Yacht Club, Squiggles, Doodles, and Kaiju Kingz experienced significant losses due to malicious attacks resulting from server breaches. Scammers have also targeted accounts on social media sites like Instagram and Twitter, in addition to Discord. For example, the Bored Ape Yacht Club’s Instagram account was compromised in addition to Discord, causing the project to suffer losses valued at 200 ETH. After a Twitter hacker posted a malicious link on the platform and targeted the project in January 2023, Azuki suffered losses totalling more than $750,000 USDC.
To prevent falling victim to such scams, always be on the lookout for the official Twitter announcement. You can also check their Telegram and Discord to confirm that the mint or airdrop update you saw on their other social media pages is genuine.
Another important red flag to watch out for is channel disorganization. Most times, when a Discord channel is hacked, scammers often disorganise the activities with posts that are financial-centric. They may spam the group with sudden mint information and sometimes, share irrelevant content.
Unsolicited Discord DMs
One of the common tactics used by scammers to steal NFTs from communities is to clone moderators’ profiles and offer fake assistance through unsolicited DMs. These scammers typically impersonate moderators on platforms like Discord, and they often target new members. Once they have gained the member’s trust, they ask for their seed phrase under the guise of offering help to wipe NFTs from their wallet or future items if they currently do not have one. In some cases, scammers can leverage this accessibility to easily access the user’s cryptocurrency wallet and steal their funds.
However, Discord allows you to prevent direct messages from people you don’t know. Therefore, lock your DMs from unknown Discord users or you can also choose to enable this security for a particular channel.
Mint Scams and Rug Pulls
Over the years, the NFT ecosystem has witnessed numerous instances of founder-perpetuated mint scams and rug pulls. For instance, the Ballonsville founders, having defrauded their investors previously, engaged in another fraudulent act by launching a new project, Reptilian Renegade, in 2022. However, as soon as the NFT community became aware of the team’s involvement, the project’s value dropped significantly due to the founders’ tarnished reputation. In 2023, Zkquads, which was highly anticipated on the ZkSync platform, executed a rug pull on their investors in April during the minting process and subsequently deactivated their Twitter account.
If a project’s founder conceals their identity, it is advisable to avoid such projects, as they frequently turn out to be fraudulent. As a result, ensure you conduct due diligence on the founders by posing pertinent queries during their Ask Me Anything (AMA) sessions, and scrutinizing their Discord and website for the founder’s identity.
Secondly, utilise a minimum of two NFT wallets, with one designated for minting purposes and the other exclusively for NFT purchases. Additionally, exercising caution when clicking on any mining links is crucial; it is best to wait for several individuals to initiate the minting process before proceeding.
Look-Alike Websites
Scammers employ imitation websites to perpetrate scams against unsuspecting victims, they often exploit project websites and online marketplaces to execute these activities. An instance of such fraudulent activities was the Google ad scam that targeted the X2Y2 NFT marketplace, resulting in the loss of 100 ETH. The scammer cloned the official website URL, https//:x2y2io and created https://www.x2y2.io which is a similar website to trick people for the purpose of clicking the fraudulent link.
Fake Twitter and Support Pages
One of the methods Web3 scammers use to deceive users and perpetrate fraud involves creating fraudulent Twitter accounts and support pages for upcoming or existing projects. They leverage the opportunity to scam unsuspecting victims while pretending to be helpful. To achieve this, the scammers request that users share their wallet details and seed phrases under the guise of confirming their accounts so they can transfer the NFTs to their personal wallets.
However, it is crucial that you don’t succumb to Twitter support pages and instead, use each project’s support or open ticket channel on Discord to make necessary complaints. Additionally, never share your seed phrase or any sensitive information with anyone offering to assist you on social media.
Phishing
Opensea disclosed a data breach event in 2022, stating that a contractor disclosed customer email data to an external entity, which subsequently resulted in a phishing attack. The perpetrator allegedly absconded with $1.7 million worth of ETH by liquidating a portion of the stolen NFTs from the victims’ wallets.
It is not uncommon for scammers to engage in email spoofing by replicating a trustworthy marketplace in order to defraud NFT investors. Therefore, it is crucial to verify the sender’s email address and exercise caution when clicking on hyperlinks, particularly if they arouse suspicion.
Fake Airdrops
NFT fraudsters employ counterfeit airdrops to entice their targets and subsequently defraud them by causing the depletion of their digital wallets. One such instance is the case of the Bored Ape Yacht Club, where the attacker circulated fake Otherside Land NFTs to several BAYC holders. The perpetrators devised a smart contract that enabled the transfer of the counterfeit NFT even after it had been moved to a distinct wallet. The scam airdrops were initially sent to the genuine BAYC Opensea account before being transferred to the targets, thereby creating an illusion of authenticity.
The potential of receiving low-value or worthless tokens is another significant risk associated with airdrops. In Web3, the distribution of tokens through an airdrop does not guarantee that the tokens will have substantial value in the future. However, some projects may attract massive hype due to their forthcoming airdrop, but while some airdrops may distribute valuable tokens, it is common for less reputable projects to distribute tokens that are unlikely to appreciate in value or have no value at all.
However, it is crucial to carefully evaluate the potential risks and rewards before you embark on participating in any airdrop. This will minimise your exposure to fraudulent activities and help you make informed decisions.
Influencer Scams
Influencer marketing has emerged as a prevalent method of reaching a target audience. However, its growing popularity has paved the way for an upsurge in fraudulent activities, posing a challenge to detect and avoid them in time. Nowadays, it can be difficult to differentiate between rug shilling and alpha calls among several NFT promoters, thereby making investors lose a fortune to rug pulls.
To prevent such occurrences, it is important to be equipped with the right knowledge and know how to recognise scam influencers to safeguard yourself from being ensnared in their dubious schemes. Some of the red flags you should be wary of in Shillers or NFT influencers include:
Huge Bot Followers
A significant indicator of a fraudulent influencer is the presence of a huge bot following. In order to attract remunerative influencing gigs for their fraudulent venture. Scammers frequently leverage bots to fabricate a facade of popularity. Moreover, these bots can be utilised to disseminate worthless investments among their followers, ultimately turning them into victims.
Bad Reputation
In the world of influencer marketing, a bad reputation can be a clear indication of a scammer. Scam influencers often have a history of promoting “rug” projects or other scams.
Some influencers leverage the naivety of their audience to shill scam projects or participate in pump-and-dump schemes. In such schemes, they may collectively urge their followers to purchase a particular asset or investment, artificially inflating the price before rapidly selling their own NFT items, leaving their followers with significant losses.
Mostly Giveaway Content
The primary focus of an influencer on NFT giveaways may suggest that they are not truly interested in the NFT space or adding value to the ecosystem. Rather, their primary objective could be to augment their follower base, attract paid opportunities, and potentially engage in fraudulent activities.
Fraudsters commonly employ giveaway and contest schemes to entice individuals to follow and interact with their content. Nevertheless, these actions do not necessarily reflect actual expertise or interest in Web3. In actuality, scammers prioritise personal benefit and expanding their reach, often at the expense of their followers.
Finally, it is advisable to exercise caution with influencers who label themselves as “promoters” in their Twitter bios or charge promotional fees. This behaviour may indicate a willingness to promote any project, regardless of its authenticity. On the other hand, good influencers prioritise cultivating enduring relationships with their followers and promoting projects that align with their beliefs.
Final Thoughts
The non-fungible token (NFT) has undergone significant development across multiple blockchains, including Ethereum, Arbitrum, Solana, Polygon, and Near. In recent times, the adoption of NFTs has increased tremendously in Bitcoin with Ordinals and ZkSync ecosystems.
However, as NFTs continue to penetrate different blockchains, scammers continuously lure investors into becoming victims. Therefore, it is best to be cautious of suspicious activities and report scams within the community channels to prevent others from falling victim.