NFT scams are becoming more common as hackers find new ways to infiltrate the blockchain and steal cryptocurrency or artwork. A recent report released by Elliptic shows that between July 2021 and July 2022, NFT-related fraud totaled approximately $100.6 million. One of the biggest scams to date was Aptos Chimp, an NFT built on the Aptos blockchain, which defrauded investors out of $1.5 APT (roughly $12.6 million) through a fake website withdrawal in October 2022.
It is crucial to have a deep understanding of how fraudsters operate in order to avoid becoming a victim of these ruthless operations. Here are some common NFT scams to be aware of:
Discord and Social Media Hack
In 2022, several projects including Bored Ape Yacht Club, Squiggles, Doodles, and Kaiju Kingz experienced significant losses due to malicious attacks resulting from server outages. Scammers have also targeted social media accounts such as Instagram and Twitter, as well as Discord. For example, Bored Ape Yacht Club’s Instagram account was compromised as well as Discord, causing the project to suffer losses valued at 200 ETH. After a Twitter hacker posted a malicious link on the platform and targeted the project in January 2023, Azuki suffered losses totaling more than $750,000 USDC.
To avoid falling prey to such scams, always be on the lookout for the official Twitter announcement. You can also check Telegram and Discord to confirm that the mint or airdrop update you saw on their other social media sites is real.
Another important red flag to watch out for is channel disorganization. Most times, when a Discord channel gets hacked, scammers often disorganize the activities with posts that are financially centric. They can spam the group with sudden innovative information and sometimes share irrelevant content.
Unsolicited Discord DMs
One of the common tactics used by scammers to steal NFTs from communities is to clone moderators’ profiles and offer fake assistance through unwanted DMs. These scammers usually pose as moderators on platforms like Discord, and they often target new members. Once they have gained the member’s trust, they ask for their seed phrase under the guise of offering help to wipe NFTs from their wallet or future items if they don’t currently have one. In some cases, fraudsters can exploit this accessibility to easily access the user’s cryptocurrency wallet and steal their money.
However, Discord allows you to prevent IMs from people you don’t know. Therefore, lock your DMs from unknown Discord users, or you can also choose to enable this security for a specific channel.
Mint scams and carpet covers
Over the years, the NFT ecosystem has witnessed numerous cases of founder-perpetuated mint scams and carpet pulling. For example, the Ballonsville founders, after defrauding their investors in the past, engaged in another fraudulent act by launching a new project, Reptilian Renegade, in 2022. However, as soon as the NFT community became aware of the team’s involvement, the project’s value plummeted considerable. because of the tarnished reputation of the founders. In 2023, Zkquads, who were highly anticipated on the ZkSync platform, pulled the rug on their investors in April during the minting process and then deactivated their Twitter account.
If a project’s founder hides his identity, it is advisable to avoid such projects, as they often turn out to be fraudulent. As a result, make sure you do your due diligence on the founders by asking relevant questions during their Ask Me Anything (AMA) sessions, and scrutinizing their Discord and website for the founder’s identity.
Second, use a minimum of two NFT wallets, with one designated for minting purposes and the other solely for NFT purchases. In addition, it is crucial to be careful when clicking on mining links; it is best to wait until several people start the embossing process before proceeding.
Look-Alike Sites
Fraudsters use fake websites to perpetrate fraud on unsuspecting victims, often exploiting project websites and online marketplaces to carry out these activities. An example of such fraudulent activities was the Google ad scam that targeted the X2Y2 NFT marketplace, resulting in the loss of 100 ETH. The scammer cloned the official website’s URL, https//:x2y2io and created a similar website to trick people into clicking the fraudulent link.
Fake Twitter and support pages
One of the methods Web3 scammers use to trick users and commit fraud involves creating fake Twitter accounts and support pages for upcoming or existing projects. They take advantage of the opportunity to deceive unsuspecting victims while pretending to be helpful. To achieve this, the scammers ask users to share wallet details and seed phrases under the guise of verifying their accounts, so they can transfer the NFTs to their personal wallets.
However, it’s crucial that you don’t give in to Twitter support pages and instead use each project’s support or open ticket channel on Discord to file any necessary complaints. Also, never share your seed phrase or sensitive information with anyone offering to help you on social media.
Phishing
Opensea disclosed a data breach incident in 2022, stating that a contractor disclosed customer email data to an external entity, which later resulted in a phishing attack. The perpetrator allegedly made off with $1.7 million worth of ETH by liquidating a portion of the stolen NFTs from the victims’ wallets.
It is not uncommon for fraudsters to engage in email spoofing by copying a trusted marketplace to defraud NFT investors. Therefore, it is crucial to verify the sender’s email address and exercise caution when clicking on hyperlinks, especially if they raise suspicion.
Fake Airdrops
NFT scammers use fake airdrops to lure their targets and then defraud them by causing depletion of their digital wallets. One such case is the case of Bored Ape Yacht Club, where the attacker circulated fake Otherside Land NFTs to several BAYC holders. The perpetrators developed a smart contract that enabled the transfer of the forged NFT even after it had been moved to a separate wallet. The fraud airdrops were first sent to the real BAYC Opensea account before being transferred to the targets, thus creating an illusion of authenticity.
The potential to receive low-value or worthless tokens is another significant risk associated with airdrops. In Web3, the distribution of tokens through an airdrop does not guarantee that the tokens will have significant value in the future. However, some projects may attract massive hype due to their upcoming airdrop, but while some airdrops may distribute valuable tokens, it is common for lesser-known projects to distribute tokens that are unlikely to increase in value or have no value at all.
However, it is crucial to carefully consider the potential risks and rewards before embarking on participating in an airdrop. This will minimize your exposure to fraudulent activities and help you make informed decisions.
Influencer scam
Influencer marketing has emerged as a widespread method of reaching a target audience. However, its growing popularity has paved the way for an increase in fraudulent activities, which poses a challenge to detect and avoid them in time. Today, it can be difficult to distinguish between rye shilling and alpha call among several NFT organizers, thus causing investors to lose a fortune on rye pull.
To prevent such incidents, it is important to be equipped with the right knowledge and know how to recognize scammers to protect yourself from getting caught in their dubious schemes. Some of the red flags to watch out for in Shillers or NFT influencers include:
Huge bot followers
A significant indicator of a fraudulent influencer is the presence of a huge bot following. To attract profitable gigs for their fraudulent venture. Fraudsters often use bots to create a facade of popularity. Also, these bots can be used to spread worthless investments among their followers, ultimately victimizing them.
Bad reputation
In the world of influencer marketing, a bad reputation can be a clear indication of a scammer. Scam influencers often have a history of promoting “carpet” schemes or other scams.
Some influencers take advantage of the naivety of the public to shill scam projects or engage in pump-and-dump schemes. In such schemes, they can collectively encourage their followers to buy a particular asset or investment, artificially inflating the price before quickly selling their own NFT commodities, leaving their followers with significant losses.
Mostly Giveaway content
The primary focus of an influencer on NFT distributions may indicate that they are not truly interested in the NFT space or adding value to the ecosystem. Rather, their primary goal may be to increase their follower base, attract paid opportunities, and potentially engage in fraudulent activities.
Scammers often use giveaways and contests to entice individuals to follow and interact with their content. However, these actions do not necessarily reflect actual expertise or interest in Web3. In fact, fraudsters prioritize personal gain and expanding their reach, often at the expense of their followers.
Finally, it is advisable to exercise caution with influencers who label themselves as “promoters” in their Twitter bios or charge a promotion fee. This behavior may indicate a willingness to promote any project, regardless of its authenticity. On the other hand, good influencers prioritize cultivating lasting relationships with their followers and promoting projects that align with their beliefs.
Final thoughts
The non-fungible token (NFT) has undergone significant development across several blockchains, including Ethereum, Arbitrum, Solana, Polygon and Near. In recent times, the use of NFTs has increased tremendously in Bitcoin with Ordinals and ZkSync ecosystems.
However, as NFTs continue to permeate various blockchains, fraudsters are continually luring investors into becoming victims. Therefore, it is best to be cautious of suspicious activities and report scams in the community channels to prevent others from becoming victims.