Finder makes money from featured partners, but editorial opinions are our own. Advertiser disclosure

7 NFT scams to look out for

NFT swindles can be particularly destructive. Here’s how to spot and avoid them.

Kraken Cryptocurrency Exchange

Kraken Cryptocurrency Exchange logo
  • Buy and trade 180+ cryptos.
  • Instant funding & advanced trading options.
  • Join 9M+ users around the world.
Go to site

Nonfungible tokens (NFTs) are one-of-a-kind digital assets that live on a blockchain with unique identifiers and data. Blockchains — public ledgers on a network — verify NFT transactions, and may have smart contracts built into them so NFT creators earn royalties from sales.

However, NFT scams are rampant since they are easy to create and exist solely online. In fact, 90%of NFT owners have experienced an NFT scam, according to a survey conducted by PrivacyHQ. That same survey revealed that half of the respondents have lost access to owned NFTs at some point.

From old-school email phishing to malicious rug pulls, there are quite a few categories of crypto and NFT scams.

7 NFT scams to watch out for

Many scammers go to great lengths to get their hands on someone else’s digital assets. These scams are often sophisticated, difficult to spot and could take place over the course of months or longer.

NFT scams take many forms, so here are seven common scams to be aware of and how to avoid them.

1. Phishing

Phishing scams aren’t new, but with NFTs, this tactic can cause a catastrophic loss.

A phishing scam is when a con artist tries to get information out of you, usually personally identifiable information (PII) such as your birthday, home address, driver’s license number, medical records, social security number or more. If the scammer gets this information, they may sell it or use it to open accounts in your name.

With NFTs, these scams often involve a fake representative of a wallet requesting you to verify your wallet’s private keys or passphrase. Your keys and passphrases protect your crypto wallets — if someone gets this information, they can access your wallet and steal your digital assets.

DeFiance Capital founder Arthur Cheong was a phishing victim on March 22, 2022 — just over $1.7 million worth of NFTs were stolen from his cryptocurrency wallet, as reported by Fortune.

Cheong states he was the victim of a spear-phishing email, disguised as a company on DeFiance’s portfolio. When he clicked a link in an email, he allowed a hacker to get his wallet passphrase. A few notable assets stolen include two Tsubasa, two Hedgies and 33 Second Self NFTs.

How to avoid:

  • Never give out your wallet’s private key or passphrase.
  • Avoid strange links in emails sent from unfamiliar addresses.
  • If you’re asked to verify your PII, do so with caution and be sure it’s a trusted source.

2. Catfishing

It’s likely you’ve heard this term within dating apps and social networks, but catfishing isn’t limited to individuals looking for love under false pretenses.

Catfishing scams with crypto often involve scammers creating fake social media profiles, then contacting victims to get personal information, sending a malicious link or getting a user’s wallet passphrase to steal their assets.

There are reports of catfishers sending fake crypto wallet sites to victims, encouraging them to sign up and deposit funds. That’s when the scammer takes your assets. Scammers may use fake business or romantic relationship grooming tactics.

Around 39% of respondents in the PrivacyHQ survey reported following a fake NFT influencer account. As social media becomes more saturated with scammers and rising NFT creators alike, it’s vital to check for signs of legitimacy.

How to avoid:

  • Look for profile verification (such as the blue checkmark) if a company or brand messages you before continuing a conversation.
  • Don’t click on links sent from users you don’t know.
  • If a company or individual messages you, look at their page for followers, engagement and the age of the profile. A brand new user with few followers or friends may be a red flag.
  • If an individual messages you and you’re suspicious, use Google’s reverse image search tool to see if the profile picture is stolen.
  • If someone you don’t know wants to start a business or romantic relationship, do your best to verify their identity. Reculantance to meet over video calls is a telltale sign of catfishing.

3. Fake airdrops or giveaways

An airdrop is a marketing stunt where a company or developer gives away free cryptocurrency or NFTs to users, mainly as a way to spread news of a new product or service. Airdrops are real, and participants get free NFTs or coins, but the key is to remember that they’re always free.

If someone contacts you and asks for payment before receiving an airdrop, it’s a scam. And often, airdrops are awarded to users for holding a specific coin, completing a task or scavenger hunt, or by scanning a QR code — but should never require a deposit or payment.

Recently, a fake Rarible site advertised an airdrop asking users to send between 500 to 25,000 RARI (Rarible’s native currency) to an address, and in exchange would receive 5X times the amount back. However, participants never receive anything back and instead are conned into paying the scammer.

Around 41% of respondents in the PrivacyHQ NFT survey reported that they had participated in a fake NFT giveaway.

If the airdrop asks for your wallet’s private key, it’s a scam, since receiving cryptocurrency or an NFT only requires your public key. These airdrop scams can be sneaky, often involving scammers creating counterfeit sites. Many of these classic scams use odd language including strange grammar, and promise victims an amount after sending a deposit. Avoid “airdrops” organized like this — it’s not real.

Rarible giveaway scam
Image source: Security Boulevard, screenshot of counterfeit Rarible giveaway scam

How to avoid:

  • Disregard airdrops asking you to put up crypto as a deposit to “secure” your spot for an airdrop, it’s likely a scam.
  • Avoid airdrops requiring you to provide your wallet’s private key or passphrase to receive an airdrop. Never give out this information. Your public key is your wallet’s address and is comparable to an account number, which can be shared — but never share your private key.
  • Be wary of emails announcing an airdrop with spelling mistakes or grammar issues.
  • If you’re contacted about an airdrop that advertises a large amount of free cryptocurrency, be wary. The coins handed out in airdrops are typically in very small amounts.

4. Rug pulls

A rug pull scam is when a company or developer creates a new crypto project, pumps up their asset’s value then pulls out, taking the money and running while leaving their investors with a valueless asset. There are a few ways this can be done, and rug pulls aren’t always considered illegal.

  • Liquidity pulling or stealing. When the developers remove (steal) unlocked tokens from a liquidity pool, so the rug puller can sell them off.
  • Limiting sell orders. Taking away an investor’s ability to sell tokens so they’re locked into their investment.
  • Dumping. When the developers sell all their own tokens or slowly sell over time to cash out, dropping the price and leaving investors with worthless tokens.

Rug pulls also come in two forms: hard and soft. Hard pull scams involve developers planning on walking away from the get-go, or adding malicious code to a token from the start. A common hard rug pull is a liquidity pull, when the token creators take everything out of the liquidity pool making the price of the token zero.

A soft pull may involve the creators selling a large supply of tokens, or selling in increments, driving the price down so much that the investors have nearly worthless coins. A soft pull is harder to identify, because it may happen over a longer period of time than a hard pull, and it’s harder to prove that the developers had intended to do a rug pull. And developers selling their tokens isn’t illegal, since it’s a free market.

Another type of rug pull is when a developer of a specific project promises to donate the proceeds to organizations or charities, but instead takes the money and runs. This isn’t technically illegal, just unethical — so there isn’t much to do if you fall into one of these rug pulls.

A recent example of this is Doodled Dragons, a verified NFT collection that promised to donate proceeds to charitable organizations. The creator announced a donation of $30K to the World Wildlife Fund (WWF), but instead, the creator took the money and ran. They even announced the rug pull on Twitter from the now-deleted account just two minutes after announcing the $30K donation.

Image source: Reddit, u/TheGreatCryptopo on r/CryptoCurrency

Rug pulls are devastating, since investors aren’t likely to get any reparations after the fact. And if there’s no evidence of ill intent, it may not even be classified as illegal.

In the PrivacyHQ survey, 43.8% of respondents reported investing in a crypto project that disappeared — so stay vigilant.

How to avoid:

  • Consider investing in long-standing projects with well-known tokens.
  • If you have the skills, you may be able to identify code that disables an investor’s ability to sell, or identify other malicious code.
  • If you want to put your tokens in a liquidity pool, read the terms and conditions. Avoid liquidity pools where the tokens aren’t locked, because the developers could sell everything whenever they want. Tokens are safer when locked in liquidity pools.
  • Be wary of projects that appear suddenly. Legitimate developers take time to create new tokens, and many try to build hype with announcements, social media campaigns and possibly airdrops over the course of months or even years.

5. Fake NFTs

A fake NFT involves a scammer taking someone else’s work, minting it and selling it on the marketplace under the guise of the original creator. Fake NFTs may include plagiarized work or fraudulent accounts pushing stolen content.

Bored Ape Yacht Club is one of the top NFT collections to date, so it’s not surprising that there are copycat and plagiarized collections rampant across NFT marketplaces.

Image source:

How to avoid:

  • Look for accounts that are verified on NFT marketplaces, or seek out official collections.
  • Consider collections with a long-standing history.
  • Compare suspicious NFTs to the official collection for differences in resolution, format, creator name and size to help determine if it’s legitimate.
  • Accounts with few or only one NFT can be a red flag.
  • Look at the metadata of the NFT you plan to purchase. Metadata can be used to verify an NFT’s authenticity using a blockchain explorer.

6. Hacks across platforms

A sitewide hack on a cryptocurrency exchange or NFT marketplace can hurt. Unfortunately, whether or not this happens to you largely depends on the site’s security. However, to minimize the risk of becoming the victim of a platform hack, choose a well-known site with proven security measures.

If a platform hack involves individual third-party wallets, there may not be anything the platform can do.

But, the good news with sitewide hacks is that you may be reimbursed if it’s proven that it was the platform’s fault, or if the hack affected the platform’s own content management systems.

For example, in January 2022, was hacked, but soon after the breach, affected customers were reimbursed and impacted accounts were fully restored, according to The Verge.

Social media accounts, Discord servers and subreddits are no exception to hacks, either. Fake accounts may spam forums and chats with malicious content or false information, or pretend to be customer service. If you’re suspicious of any recent activity on a site or server, contact the company directly.

How to avoid:

  • Consider only signing up for exchanges or NFT marketplaces that have a long-standing experience in the industry. Their security measures may be more tried and true.
  • If you’re an account holder on an exchange with multiple high-value NFTs, consider keeping the majority of your assets stored offline in a cold wallet. Cold wallets are only online while plugged in vs. hot wallets, which are always online.
  • Read a platform’s terms and conditions to see how it handles major security breaches, and how it plans to reimburse victims of theft.

7. Sleepminting scams

Sleepminting is when a scammer uses another artist or creator’s account or wallet to create a fake NFT. A scammer mints an NFT to the wallet of another creator, transfers ownership to themselves, then lists it for sale on a marketplace — giving the illusion that a legit developer created the NFT, thereby “proving” authenticity.

This scam is difficult to spot, especially if the NFT was minted to a verified creator’s account and listed for sale on a legitimate NFT marketplace.

How to avoid:

  • Consider following NFT creators on social media and look for news signaling official drops. NFT creators are often on Discord, Twitter and Reddit.
  • Consider direct-messaging a creator about authenticity if you’re suspicious of a sudden listing.
  • Look at your NFT metadata and read the transaction and ownership history. Consider it a red flag if an especially famous NFT creator is giving away valuable NFTs to wallets for free, or a seller lists to other users at very low prices.

How to verify an NFT

Many argue that verifying an NFT’s authenticity is easy, thanks to blockchain technology. However, in the case of sleepminting, NFTs are forged.

One way to verify an NFT’s authenticity is to use a blockchain explorer — like — to look at an NFT’s metadata. This is done by entering the NFT’s hash: a unique string of letters and numbers that identifies it.

A blockchain explorer — sometimes called a block explorer — lets you view blocks, transactions, fees, mining activity and more. Using this wealth of information, you can see an NFT’s ownership history and how often it’s been traded to help you verify authenticity.

What if I get scammed?

This may not be the answer you want to hear, but in the case of you personally getting burned by an NFT scammer, there may not be much recourse at all.

If you were scammed by using a major NFT marketplace or exchange — such as losing access to your account or your funds disappearing — the platform may be able to help you recover lost assets if the hack was determined to be the platform’s fault., for example, has a policy that reimburses qualified users up to $250,000 in the event of sitewide hacks in specific circumstances.

But if you fell victim to a phishing scam and gave away your wallet’s private key, even the crypto wallet’s company probably can’t do anything to recover your lost assets or reimburse you.

If you suspect you’ve been scammed, or are in the middle of a scam, here are some things to try out:

  • Wallet issues — If you receive a message about issues with your wallet, contact the wallet’s customer support directly to determine if there really is a problem or if you’re about to get scammed.
  • Purchased a fake NFT — If you bought a fake NFT on a marketplace, you can report fake listings and accounts to the platform. OpenSea allows users to report fraud while viewing the collection page. However, most marketplaces don’t have a refund policy, including OpenSea.
  • Catfished — If you gave away your PII or wallet’s information, quickly try to move your digital assets out of the comprised wallet. By their nature, most wallets are on blockchains so they can’t be deleted.
  • Review platform’s policies — Some platforms may have policies in place that can help you recover lost funds or comprised accounts. Contact the platform’s customer service (usually through email or contact form) for possible solutions.

6 NFT fraud prevention tips

Keep these fraud prevention tips in mind before heading out to the wild west of NFTs:

  1. Keep your secrets — Never give out your crypto wallet’s passphrase or private key. Your wallet’s private key is proof of ownership because it’s tied to your owned NFTs.
  2. Avoid poor platforms — A poorly-built website can be a sign of a scam. Con artists aren’t likely to take the time to develop an attractive and functional website.
  3. Choose verified creators — Consider only buying NFTs from verified accounts, or from the creator themselves.
  4. Avoid shady projects — Avoid crypto or NFT projects that appear out of nowhere, or projects with anonymous contributors.
  5. Shun the bad links — Don’t click on links unknown users send you, especially if the link is a combination of numbers and letters (such as “https://link.app12wevd545sf4”)
  6. Use cold wallets — Storing your NFT(s) in a cold wallet is generally safer than using hot wallets. Cold wallets are only online while plugged in, making them less susceptible to hacks and theft.

Follow your gut — if there’s a red flag, don’t ignore it. And if it sounds too good to be true, it probably is.

Whether products shown are available to you is subject to individual provider sole approval and discretion in accordance with the eligibility criteria and T&Cs on the provider website.

Name Product Deposit methods Fiat currencies Cryptocurrencies Offer Disclaimer Link
eToro Cryptocurrency Trading
eToro Cryptocurrency Trading
Bank transfer, Credit card, Debit card, Neteller, Skrill



Disclaimer: Cryptoasset investing is highly volatile and unregulated in the UK and some EU countries. No consumer protection. Tax on profits may apply.

Capital at risk

View details
Binance Cryptocurrency Exchange (Not available to US users)
Bank transfer, Cryptocurrency



Capital at risk

View details
KuCoin Cryptocurrency Exchange
KuCoin Cryptocurrency Exchange
Bank transfer, Credit card, Cryptocurrency, Debit card, PayPal, P2P



Capital at risk

View details
Bybit Cryptocurrency Exchange
Bybit Cryptocurrency Exchange
Bank transfer, Credit card, Cryptocurrency, Debit card, P2P



Disclaimer: Highly volatile investment product. Your capital is at risk.

Capital at risk

View details Cryptocurrency Exchange
Bank transfer, Credit card, Cryptocurrency, Debit card



Capital at risk

View details
Kraken Cryptocurrency Exchange
Bank transfer, Credit card, Cryptocurrency, Debit card, Apple Pay, Google Pay, SWIFT



Capital at risk

View details
OKX Cryptocurrency Exchange
Bank transfer, Cryptocurrency, iDEAL, PayPal, POLi, SEPA, Faster Payments (FPS)



Capital at risk

View details
Bank transfer (ACH), Credit card, Debit card, Apple Pay, Google Pay



Capital at risk

View details
Paybis Cryptocurrency Exchange
Bank transfer, Credit card, Debit card, Neteller



US residents: Restricted in the following states - NY, CT, NM, WA, HI, AL, VT, FL, AK, NV.

Capital at risk

View details
Finder Award
Bitstamp Cryptocurrency Exchange
Bank transfer, Credit card, Cryptocurrency, Debit card, SEPA, Faster Payments (FPS)



Capital at risk

View details
Coinmama Cryptocurrency Marketplace
Credit card, Fedwire, SEPA, Google Pay, SWIFT, Bank card



Capital at risk

View details
Gemini Cryptocurrency Exchange
Bank transfer (ACH), Cryptocurrency, Debit card, PayPal, Apple Pay, Google Pay, SWIFT



Capital at risk

View details
Finder Award App
Bank transfer, Credit card, Cryptocurrency, Debit card, PayPal, Wire transfer, Apple Pay, Google Pay, SWIFT



Capital at risk

View details

Are you visiting from outside the US?

Select an option to continue

Bybit Cryptocurrency Exchange

Bybit Cryptocurrency Exchange logo
  • Offers leverage and derivative trading
  • Supports EUR, GBP and CHF
  • Licensed to operate in all European countries
Go to site
Disclaimer: Highly volatile investment product. Your capital is at risk.

Kraken Cryptocurrency Exchange

Kraken Cryptocurrency Exchange logo
  • Large selection of cryptocurrencies
  • Low fees for active traders
  • Pleasant UI for new traders
Go to site

KuCoin Cryptocurrency Exchange

KuCoin Cryptocurrency Exchange logo
  • Buy, sell and trade over 700 crypto assets
  • Supports 10 Asian fiat currencies
  • Offers crypto futures trading
Go to site

Kraken Cryptocurrency Exchange

Kraken Cryptocurrency Exchange logo
  • Buy, sell and trade over 200 crypto assets
  • Licensed to operate in 17 jurisdictions in Oceania
  • Supports AUD
Go to site

Binance Cryptocurrency Exchange (Not available to US users)

Binance Cryptocurrency Exchange (Not available to US users) logo
  • Supports over 300 crypto assets
  • Binance Pay enables users spend their crypto
  • Binance P2P supports multiple African fiat currencies
Go to site

Binance Cryptocurrency Exchange (Not available to US users)

Binance Cryptocurrency Exchange (Not available to US users) logo
  • Supports over 300 crypto assets
  • Binance Pay works with Credencial Payments to support crypto payments
  • Binance P2P supports five Latin American fiat currencies
Go to site

Bybit Cryptocurrency Exchange

Bybit Cryptocurrency Exchange logo
  • Supports leverage and derivative trading
  • Supports 300 spot trading pairs
  • Low-to-non-existent trading fees
Go to site
Disclaimer: Highly volatile investment product. Your capital is at risk.

More guides on Finder

Ask a Question provides guides and information on a range of products and services. Because our content is not financial advice, we suggest talking with a professional before you make any decision.

By submitting your comment or question, you agree to our Privacy and Cookies Policy and Terms of Use.

Questions and responses on are not provided, paid for or otherwise endorsed by any bank or brand. These banks and brands are not responsible for ensuring that comments are answered or accurate.

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Go to site