Actor Seth Green had plans to make his Bored Ape NFT, Fred Simian, the star of a new TV show. Then, a hacker stole his NFT as a part of a multimillion dollar scam, causing him to halt the production of the show and ultimately pay ransom for the hacker to return the stolen asset.
Green fell victim to a phishing scam by accidentally connecting his crypto wallet to a malicious website, which allowed the hacker to transfer four of his NFTs.
“The remote aspect of the current situation forces people to use more websites, e-commerce and trust in the services they interact with. Attackers are intimately aware of this,” said Nick Donarski, founder and CTO of blockchain solutions company, Ore System, via email.
The NFT market surpassed $40 billion in trading volume in 2021, so it’s probably not a surprise that cybercriminals are crafting NFT scams. Built In has identified eight different types of NFT scams to look out for and tips for how to avoid them.
Types of NFT Scams
- Rug pull scams
- Airdrop/giveaway scams
- Pump and dump scams
- Counterfeit/plagiarized NFTs
- Bidding scams
Ways to Avoid NFT Scams
Keep Your Logins Private
Never share your crypto wallet information with anyone. If a hacker learns your seed phrase or private key, they can access your wallet and remove NFTs or cryptocurrency. Consider storing your credentials in a physical place, like a hard drive.
Use Two-Factor Authentication for Your Accounts
Two-factor authentication can tip you off if a hacker is trying to access your accounts. Enabling biometric login is another form of verification.
Consider Using a Cold Storage Wallet
Cold storage wallets are offline ways to store cryptocurrency. The digital wallet is protected from online hacks.
Don’t Interact With Suspicious Messages
Avoid contact with hackers by not engaging with any suspicious messages, texts, emails or websites. These are likely phishing attempts to try to download malware to your device or steal your credentials and sensitive information.
Use Security Tools to Protect Your Devices
Anti-virus and anti-malware tools can protect your devices if you do end up clicking into a malicious link or software. Consider using a virtual private network (VPN) for added encryption security.
Research Sellers and Websites Before Engaging
DYOR: Do your own research. Pay attention to the website URLs, sellers and applications you access. Look for the blue check verification mark next to a seller’s name, check out online reviews and look at sellers’ social media and listings.
Look Into an NFT’s History, Too
Check out the timeline of past transactions for an NFT. Cross check prices on other marketplaces to see if the prices are comparable.
Use Reputable Marketplaces
Built In has compiled a list of 20 popular and trusted NFT marketplaces to consider using. Be wary of new marketplaces with minimal security.
7 Types of NFT Scams
Rug Pull Scams
A rug pull NFT scam happens when scammers promote a fake NFT or developers hype up an NFT to get investor money. Once they’ve received investment or the NFT is purchased, the promises are unmet, or the project is canceled completely.
One example of a rug pull scam was the Frosties NFT collection. A few hours after the NFTs were minted, the Frosties Discord server disappeared, and the project promptly shut down, scamming thousands out of their crypto.
“Rug pulls are big business for today’s attackers,” Donarski said. “The blockchain is the wild west when speaking about technology, and this is both a benefit and a risk. Today people are presented with so much fear of missing out on the next big crypto or blockchain pump that they don’t take the time to research the projects and the organizations behind them.”
Green was part of a phishing scam when he connected his wallet to a malicious website. Phishing can look like fake ads, emails and popup advertisements that direct to fraudulent links where NFTs and cryptocurrency can be stolen. Be wary of direct messages on social platforms like Discord. Many scammers will claim you’ve won free NFTs, for instance.
Beware of NFT giveaways. Scammers will sometimes use social media to promote NFT giveaways, encouraging people to spread the word about their NFT or sign up on their website in exchange for a free NFT. When it comes time to get the freebie, the fraudsters will ask for crypto wallet information and breach the victim’s account to steal NFTs and cryptocurrency.
One air drop scam involved a fake Rarible site offering users five times their amount of RARI cryptocurrency if they sent 200-25,000 RARI. The scammer ended up just taking the crypto and never sent anything back.
Scammers will create fake social media accounts with accompanying spam websites to convince people to buy fraudulent NFTs. These profiles often imitate real artists. Other criminals create fake tech support accounts. The scammer might send messages asking for account information in order to provide support and then subsequently steal the victim’s credentials.
Cybersecurity firm BrandShield conducted research showing that Tom Brady, Mike Tyson and Kim Kardashian are among the top celebrities whose likenesses are targeted for bogus NFTs.
Pump and Dump Scams
The pump and dump scam occurs when a large amount of cryptocurrency is purchased by a group to drive up the price for demand. Once the price increases, then the scammer dumps the assets and cashes out, leaving others with losses.
One pump and dump example occurred when influencers for the esports organization, FaZe Clan, promoted a new cryptocurrency called Save the Children. Fans pumped money into the coin but then the value plummeted practically overnight.
Criminals copy artwork and sell counterfeit versions of the NFT on reputable marketplaces. Fake and stolen NFTs have no value, and victims often find out too late once they’ve bought the counterfeit NFT.
One hacker, Monsieur Personne, made copies of the famous Beeple NFT, “Everydays: The First 5000 Days,” which reached its peak with bidding around $200, in comparison to the original selling for $69 million.
Bidding scams happen when a scammer becomes the highest bidder on an NFT, but when it comes time to pay, the fraudster switches out the cryptocurrency to one of lower value. If you’re reselling your NFT, always check what crypto the highest bidder is paying with before accepting.
This might look like a scammer bidding five ETH for an NFT, but when it comes time to pay, they switch the currency to one of much lesser value, like dogecoin.