Non fungible tokens or NFTs have been raking in millions of dollar in sales in the last few months. Be it Jack Dorsey’s tweet that went up for $2.3 million or a dog’s photo that garnered over $4.3 million in sales. Whether you like the concept of NFTs or not—these digital collectibles in the form of art, GIF, videos, music, etc, cannot be ignored. But NFTs are no exception to scams. It now seems like everyday an NFT collector is either defrauded or made the victim of theft.
Last week, in this column, we talked about how you can sell your NFTs easily. This week we focus on NFT scams, so that you don’t lose your digital collectible before making any profits.
Scams from the beginning
Classic rug pulls are quite common in the world of NFTs. In October 2021, a collection of 10,000 “Evolved Apes” went live on OpenSea NFT marketplace. The NFT project described itself as “a collection of 10,000 unique NFTs trapped inside a lawless land.” They are “fighting for survival, only the strongest ape will prevail,” it said, referring to the project’s much-hyped fighting game, which hasn’t materialised. The initial NFT offering was to raise funding to develop the NFT based game.
However, a week after the project was launched, the developer vanished with 798 Ether (around $2.7 million at the time). Apparently, there will be no Evolved Apes game, and the holders of those NFTs now have nothing but a JPG file to show for their investment.
As mentioned above, rug pulls are quite a common occurrence, take the recent case of SQUID token, inspired by the hit South Korean series Squid Game. The developers ghosted the entire community with $3.3 million (roughly Rs 22 crore) worth of cryptocurrency. The company’s social media handles as well as the website went offline in just a few days.
Social media is a popular place for these scammers to operate. They often hit up via direct messages, posing as sellers or buyers of people and make fraudulent promises of giveaways. In return, they gain access to your crypto wallet and then your funds.
Discord hacking has emerged as the newest threat to NFT buyers. A Discord server run by recently-launched gaming NFT marketplace Fractal was hacked, scamming 373 of its members out of a total of 800 in Solana cryptocurrency, worth $150,000.
Scammers are just waiting for the right chance to attack. Recently pop culture icon Ozzy Osbourne’s NFT collection CryptoBatz went live. “CryptoBatz” is a series of 9,666 digital bats that were opened for sale on January 20. Hours after its launch, Osborne’s supporters took to Twitter and complained about a phishing scam that was draining cryptocurrency from their wallets, after they clicked on a link shared by the project’s official Twitter account.
This link was changed by the NFT project and taking advantage of it, cyber criminals created a fake Discord server on the old URL. When the followers clicked the scam link, they were redirected to a fake Discord panel, and asked to verify their crypto assets, prompting them to connect their cryptocurrency wallets. At least 1,330 people visited the fake NFT project.
Malicious link scams have cost NFT collectors a fortune. New York based Todd Kramer said he owned an NFT collection of 16 Bored Ape Yacht Club (BAYC) worth $2.28 million (Rs 16.94 crore approx.) but was phished by an NFT DApp. Narrating his ordeal, he tweeted that he had clicked on a link that appeared to be a genuine NFT DApp (decentralised application). But it turned out to be a phishing attack and his entire collection was stolen.
NFT is a constantly growing space, so if you are a newbie or even familiar with the space, here are some key tips to reduce the possibility of getting ripped off.
Make sure to check the marketplace beforehand to list your NFTs. There are several marketplaces that promise very less gas fee (transaction fee to upload your NFTs), and even claim to rank your NFTs on its homepage, but in return they ask you to connect your crypto wallet.
Once you do that the game is over. Only trade NFTs from trusted marketplace like Rarible, Foundation and OpenSea. Do not download any DApp which claims to be an NFT marketplace.
Understand that hackers are behind your cryptocurrency wallets—that store your crypto tokens and NFTs, so avoid clicking on any links, as they can also lead to fraudulent exchange sites. Be smart with your wallet credentials and never share your seed phrase (recovery phrase) with anyone.
Watch out for fake giveaways. Although genuine platforms also tend to give free NFT giveaways as a part of their marketing schemes, check whether these are genuine or not. Ideally, if it is too good to be true, it probably is a hoax. Check whether an NFT website is secure or not, you can use tools like Trend Micro which is available for free.
Buy from a verified seller, most of the legitimate NFT sellers will have a blue checkmark beside their usernames, and the properties of the collection will be listed clearly. Stay away from romance scammers, they try to lure you into investing in some NFT projects. They might even send you links to fake NFT websites, or ask you to send them money. Be careful.
Even if you follow all the aforementioned tips, there’s still no guarantee that you will not be scammed. It should be noted that NFTs are still a relatively newer concept, so there is still a lot to happen yet.
NFT space is still relatively unregulated, this offers a lot of potential for cybercriminals to exploit loopholes. So stay alert, make educated decisions, and never invest more than you can afford to lose.
For more information related to cryptocurrency, NFTs, etc., check out our Crypto Knight column every Saturday.