Finder makes money from featured partners, but editorial opinions are our own. Advertiser Disclosure
7 NFT scams to look out for
NFT swindles can be particularly destructive. Here’s how to spot and avoid them.
Nonfungible tokens (NFTs) are one-of-a-kind digital assets that live on a blockchain with unique identifiers and data. Blockchains — public ledgers on a network — verify NFT transactions, and may have smart contracts built into them so NFT creators earn royalties from sales.
However, NFT scams are rampant since they are easy to create and exist solely online. In fact, 90%of NFT owners have experienced an NFT scam, according to a survey conducted by PrivacyHQ. That same survey revealed that half of the respondents have lost access to owned NFTs at some point.
From old-school email phishing to malicious rug pulls, there are quite a few categories of crypto and NFT scams.
7 NFT scams to watch out for
Many scammers go to great lengths to get their hands on someone else’s digital assets. These scams are often sophisticated, difficult to spot and could take place over the course of months or longer.
NFT scams take many forms, so here are seven common scams to be aware of and how to avoid them.
Phishing scams aren’t new, but with NFTs, this tactic can cause a catastrophic loss.
A phishing scam is when a con artist tries to get information out of you, usually personally identifiable information (PII) such as your birthday, home address, driver’s license number, medical records, social security number or more. If the scammer gets this information, they may sell it or use it to open accounts in your name.
With NFTs, these scams often involve a fake representative of a wallet requesting you to verify your wallet’s private keys or passphrase. Your keys and passphrases protect your crypto wallets — if someone gets this information, they can access your wallet and steal your digital assets.
DeFiance Capital founder Arthur Cheong was a phishing victim on March 22, 2022 — just over $1.7 million worth of NFTs were stolen from his cryptocurrency wallet, as reported by Fortune.
Cheong states he was the victim of a spear-phishing email, disguised as a company on DeFiance’s portfolio. When he clicked a link in an email, he allowed a hacker to get his wallet passphrase. A few notable assets stolen include two Tsubasa, two Hedgies and 33 Second Self NFTs.
How to avoid:
- Never give out your wallet’s private key or passphrase.
- Avoid strange links in emails sent from unfamiliar addresses.
- If you’re asked to verify your PII, do so with caution and be sure it’s a trusted source.
It’s likely you’ve heard this term within dating apps and social networks, but catfishing isn’t limited to individuals looking for love under false pretenses.
Catfishing scams with crypto often involve scammers creating fake social media profiles, then contacting victims to get personal information, sending a malicious link or getting a user’s wallet passphrase to steal their assets.
There are reports of catfishers sending fake crypto wallet sites to victims, encouraging them to sign up and deposit funds. That’s when the scammer takes your assets. Scammers may use fake business or romantic relationship grooming tactics.
Around 39% of respondents in the PrivacyHQ survey reported following a fake NFT influencer account. As social media becomes more saturated with scammers and rising NFT creators alike, it’s vital to check for signs of legitimacy.
How to avoid:
- Look for profile verification (such as the blue checkmark) if a company or brand messages you before continuing a conversation.
- Don’t click on links sent from users you don’t know.
- If a company or individual messages you, look at their page for followers, engagement and the age of the profile. A brand new user with few followers or friends may be a red flag.
- If an individual messages you and you’re suspicious, use Google’s reverse image search tool to see if the profile picture is stolen.
- If someone you don’t know wants to start a business or romantic relationship, do your best to verify their identity. Reculantance to meet over video calls is a telltale sign of catfishing.
3. Fake airdrops or giveaways
An airdrop is a marketing stunt where a company or developer gives away free cryptocurrency or NFTs to users, mainly as a way to spread news of a new product or service. Airdrops are real, and participants get free NFTs or coins, but the key is to remember that they’re always free.
If someone contacts you and asks for payment before receiving an airdrop, it’s a scam. And often, airdrops are awarded to users for holding a specific coin, completing a task or scavenger hunt, or by scanning a QR code — but should never require a deposit or payment.
Recently, a fake Rarible site advertised an airdrop asking users to send between 500 to 25,000 RARI (Rarible’s native currency) to an address, and in exchange would receive 5X times the amount back. However, participants never receive anything back and instead are conned into paying the scammer.
Around 41% of respondents in the PrivacyHQ NFT survey reported that they had participated in a fake NFT giveaway.
If the airdrop asks for your wallet’s private key, it’s a scam, since receiving cryptocurrency or an NFT only requires your public key. These airdrop scams can be sneaky, often involving scammers creating counterfeit sites. Many of these classic scams use odd language including strange grammar, and promise victims an amount after sending a deposit. Avoid “airdrops” organized like this — it’s not real.
Image source: Security Boulevard, screenshot of counterfeit Rarible giveaway scam
How to avoid:
- Disregard airdrops asking you to put up crypto as a deposit to “secure” your spot for an airdrop, it’s likely a scam.
- Avoid airdrops requiring you to provide your wallet’s private key or passphrase to receive an airdrop. Never give out this information. Your public key is your wallet’s address and is comparable to an account number, which can be shared — but never share your private key.
- Be wary of emails announcing an airdrop with spelling mistakes or grammar issues.
- If you’re contacted about an airdrop that advertises a large amount of free cryptocurrency, be wary. The coins handed out in airdrops are typically in very small amounts.
4. Rug pulls
A rug pull scam is when a company or developer creates a new crypto project, pumps up their asset’s value then pulls out, taking the money and running while leaving their investors with a valueless asset. There are a few ways this can be done, and rug pulls aren’t always considered illegal.
- Liquidity pulling or stealing. When the developers remove (steal) unlocked tokens from a liquidity pool, so the rug puller can sell them off.
- Limiting sell orders. Taking away an investor’s ability to sell tokens so they’re locked into their investment.
- Dumping. When the developers sell all their own tokens or slowly sell over time to cash out, dropping the price and leaving investors with worthless tokens.
Rug pulls also come in two forms: hard and soft. Hard pull scams involve developers planning on walking away from the get-go, or adding malicious code to a token from the start. A common hard rug pull is a liquidity pull, when the token creators take everything out of the liquidity pool making the price of the token zero.
A soft pull may involve the creators selling a large supply of tokens, or selling in increments, driving the price down so much that the investors have nearly worthless coins. A soft pull is harder to identify, because it may happen over a longer period of time than a hard pull, and it’s harder to prove that the developers had intended to do a rug pull. And developers selling their tokens isn’t illegal, since it’s a free market.
Another type of rug pull is when a developer of a specific project promises to donate the proceeds to organizations or charities, but instead takes the money and runs. This isn’t technically illegal, just unethical — so there isn’t much to do if you fall into one of these rug pulls.
A recent example of this is Doodled Dragons, a verified NFT collection that promised to donate proceeds to charitable organizations. The creator announced a donation of $30K to the World Wildlife Fund (WWF), but instead, the creator took the money and ran. They even announced the rug pull on Twitter from the now-deleted account just two minutes after announcing the $30K donation.
Image source: Reddit, u/TheGreatCryptopo on r/CryptoCurrency
Rug pulls are devastating, since investors aren’t likely to get any reparations after the fact. And if there’s no evidence of ill intent, it may not even be classified as illegal.
In the PrivacyHQ survey, 43.8% of respondents reported investing in a crypto project that disappeared — so stay vigilant.
How to avoid:
- Consider investing in long-standing projects with well-known tokens.
- If you have the skills, you may be able to identify code that disables an investor’s ability to sell, or identify other malicious code.
- If you want to put your tokens in a liquidity pool, read the terms and conditions. Avoid liquidity pools where the tokens aren’t locked, because the developers could sell everything whenever they want. Tokens are safer when locked in liquidity pools.
- Be wary of projects that appear suddenly. Legitimate developers take time to create new tokens, and many try to build hype with announcements, social media campaigns and possibly airdrops over the course of months or even years.
5. Fake NFTs
A fake NFT involves a scammer taking someone else’s work, minting it and selling it on the marketplace under the guise of the original creator. Fake NFTs may include plagiarized work or fraudulent accounts pushing stolen content.
Bored Ape Yacht Club is one of the top NFT collections to date, so it’s not surprising that there are copycat and plagiarized collections rampant across NFT marketplaces.
Image source: Beincrypto.com
How to avoid:
- Look for accounts that are verified on NFT marketplaces, or seek out official collections.
- Consider collections with a long-standing history.
- Compare suspicious NFTs to the official collection for differences in resolution, format, creator name and size to help determine if it’s legitimate.
- Accounts with few or only one NFT can be a red flag.
- Look at the metadata of the NFT you plan to purchase. Metadata can be used to verify an NFT’s authenticity using a blockchain explorer.
6. Hacks across platforms
A sitewide hack on a cryptocurrency exchange or NFT marketplace can hurt. Unfortunately, whether or not this happens to you largely depends on the site’s security. However, to minimize the risk of becoming the victim of a platform hack, choose a well-known site with proven security measures.
If a platform hack involves individual third-party wallets, there may not be anything the platform can do.
But, the good news with sitewide hacks is that you may be reimbursed if it’s proven that it was the platform’s fault, or if the hack affected the platform’s own content management systems.
For example, in January 2022, Crypto.com was hacked, but soon after the breach, affected customers were reimbursed and impacted accounts were fully restored, according to The Verge.
Social media accounts, Discord servers and subreddits are no exception to hacks, either. Fake accounts may spam forums and chats with malicious content or false information, or pretend to be customer service. If you’re suspicious of any recent activity on a site or server, contact the company directly.
How to avoid:
- Consider only signing up for exchanges or NFT marketplaces that have a long-standing experience in the industry. Their security measures may be more tried and true.
- If you’re an account holder on an exchange with multiple high-value NFTs, consider keeping the majority of your assets stored offline in a cold wallet. Cold wallets are only online while plugged in vs. hot wallets, which are always online.
- Read a platform’s terms and conditions to see how it handles major security breaches, and how it plans to reimburse victims of theft.
7. Sleepminting scams
Sleepminting is when a scammer uses another artist or creator’s account or wallet to create a fake NFT. A scammer mints an NFT to the wallet of another creator, transfers ownership to themselves, then lists it for sale on a marketplace — giving the illusion that a legit developer created the NFT, thereby “proving” authenticity.
This scam is difficult to spot, especially if the NFT was minted to a verified creator’s account and listed for sale on a legitimate NFT marketplace.
How to avoid:
- Consider following NFT creators on social media and look for news signaling official drops. NFT creators are often on Discord, Twitter and Reddit.
- Consider direct-messaging a creator about authenticity if you’re suspicious of a sudden listing.
- Look at your NFT metadata and read the transaction and ownership history. Consider it a red flag if an especially famous NFT creator is giving away valuable NFTs to wallets for free, or a seller lists to other users at very low prices.
How to verify an NFT
Many argue that verifying an NFT’s authenticity is easy, thanks to blockchain technology. However, in the case of sleepminting, NFTs are forged.
One way to verify an NFT’s authenticity is to use a blockchain explorer — like Etherscan.io — to look at an NFT’s metadata. This is done by entering the NFT’s hash: a unique string of letters and numbers that identifies it.
A blockchain explorer — sometimes called a block explorer — lets you view blocks, transactions, fees, mining activity and more. Using this wealth of information, you can see an NFT’s ownership history and how often it’s been traded to help you verify authenticity.
What if I get scammed?
This may not be the answer you want to hear, but in the case of you personally getting burned by an NFT scammer, there may not be much recourse at all.
If you were scammed by using a major NFT marketplace or exchange — such as losing access to your account or your funds disappearing — the platform may be able to help you recover lost assets if the hack was determined to be the platform’s fault. Crypto.com, for example, has a policy that reimburses qualified users up to $250,000 in the event of sitewide hacks in specific circumstances.
But if you fell victim to a phishing scam and gave away your wallet’s private key, even the crypto wallet’s company probably can’t do anything to recover your lost assets or reimburse you.
If you suspect you’ve been scammed, or are in the middle of a scam, here are some things to try out:
- Wallet issues — If you receive a message about issues with your wallet, contact the wallet’s customer support directly to determine if there really is a problem or if you’re about to get scammed.
- Purchased a fake NFT — If you bought a fake NFT on a marketplace, you can report fake listings and accounts to the platform. OpenSea allows users to report fraud while viewing the collection page. However, most marketplaces don’t have a refund policy, including OpenSea.
- Catfished — If you gave away your PII or wallet’s information, quickly try to move your digital assets out of the comprised wallet. By their nature, most wallets are on blockchains so they can’t be deleted.
- Review platform’s policies — Some platforms may have policies in place that can help you recover lost funds or comprised accounts. Contact the platform’s customer service (usually through email or contact form) for possible solutions.
6 NFT fraud prevention tips
Keep these fraud prevention tips in mind before heading out to the wild west of NFTs:
- Keep your secrets — Never give out your crypto wallet’s passphrase or private key. Your wallet’s private key is proof of ownership because it’s tied to your owned NFTs.
- Avoid poor platforms — A poorly-built website can be a sign of a scam. Con artists aren’t likely to take the time to develop an attractive and functional website.
- Choose verified creators — Consider only buying NFTs from verified accounts, or from the creator themselves.
- Avoid shady projects — Avoid crypto or NFT projects that appear out of nowhere, or projects with anonymous contributors.
- Shun the bad links — Don’t click on links unknown users send you, especially if the link is a combination of numbers and letters (such as “https://link.app12wevd545sf4”)
- Use cold wallets — Storing your NFT(s) in a cold wallet is generally safer than using hot wallets. Cold wallets are only online while plugged in, making them less susceptible to hacks and theft.
Follow your gut — if there’s a red flag, don’t ignore it. And if it sounds too good to be true, it probably is.
Compare NFT marketplaces
- Fortune, “The founder of a DeFi venture capital fund just had $1.7 million worth of NFTs stolen from his personal wallet”,March 22 2022
- OpenSea, “Second Self #5652”
- Security Boulevard, “Best of 2021 – 5 NFT Scams you need to know”, Dec 29 2021
- Reddit, “Doodled Dragons NFT project rug pulled hard”, Jan 2022
- Be[In]Crypto, “7 Most Common NFT Scams”, Feb 10 2022
- Time and Next Advisor, “Scammers Stole $14 Billion in Crypto in 2021”, Jan 6 2022, https://time.com/nextadvisor/investing/cryptocurrency/common-crypto-scams/#:~:text=Phishing%20Scams
- The Verge, “Crypto.com admits over $30 million stolen by hackers”, Jan 20 2022
More guides on Finder
Top 29 NFT and cryptocurrency influencers in 2022
Check out the top tastemakers for crypto, NFTs, DeFi, Bitcoin and blockchain technology, from NYT experts to published authors and YouTubers.
Finder Awards 2022: NFT marketplaces
We compared over 30 NFT marketplaces to award the top platforms of 2022.
7 best NFT Wallets 2022
Compare seven crypto wallets to store your NFTs.
What are NFT drops?
NFT drops can score you the newest and most exclusive NFTs.
Electronic Arts NFTs, metaverse, P2E and blockchain: Complete guide
The prospect of Electronic Arts NFTs is real as it explores blockchain and P2E.
Ubisoft NFTs, metaverse, blockchain and Quartz: Complete guide
Will Ubisoft NFTs, called Digits, and a heavy investment into blockchain technology and P2E gaming backfire on this AAA developer?
Sega NFTs, metaverse, P2E and blockchain: Complete guide
Sonic’s creator has a big decade ahead with its SuperGame project, but how much of it will rely on blockchain and Sega NFTs?
Nintendo NFTs, metaverse, blockchain and Reggie: A complete guide
What are Nintendo’s NFT plans? Will we see the blockchain and the metaverse come to Switch? Here’s where the Mushroom Kingdom stands.
Microsoft, Xbox NFTs, metaverse and blockchain: Complete guide
How is Microsoft and its Xbox console engaging with NFT games, play-to-earn, the metaverse and blockchain technology?
A to Z NFT marketplace list
An alphabetical list of NFT marketplaces reviewed by Finder.
Ask an Expert