The year 2022 has produced the biggest crash in non-fungible token (NFT) prices yet. The market has fallen from $12.6 billion to $1 billion.1 While this is bad for anyone who bought at the top, it can also present a buying opportunity for people who want to get in at low prices.
But beware: Some NFT projects are actually scams. There are NFT phishing sites, fake NFTs, rug pulls, and other scams that seek to take advantage of new NFT collectors.
In this article, I’ll go over the top five NFT scams to avoid. Staying away from these swindles will go a long way toward protecting your hard-earned cash from the worst types of NFT grifters.
Now here are the five NFT scams to avoid at all costs.
#1: Phishing Sites
Some obscure websites claim to sell popular NFTs like Bored Apes or CryptoPunks. Some are legitimate marketplaces, but others are engaged in “phishing,” a scam used to get sensitive information from you. You’ll know you’re dealing with an NFT phishing site if it asks you for your seed words or private key. If you give away this information to the site, its developers will likely take control of your cryptocurrency account and transfer all of your funds to themselves.
NFT phishing sites will often produce popup windows that look like they came from your wallet, so it can be easy to get confused and accidentally give them your info.
But avoiding these scams is actually fairly simple. Just remember that your wallet will never ask for your seed words unless you have just installed it or reinstalled it. If you’re browsing a site on the web and get asked to enter your seed words, this is probably a scam!
FYI: It’s not just NFT holders that sometimes fall victim to phishing. There are also regular crypto phishing sites that try to get users to give away their seed words or private keys.
#2: Counterfeit NFTs
Another common NFT scam is to produce counterfeit NFTs. A completely worthless NFT may look exactly like one that is worth thousands of dollars. This is because the author of the item may have violated the copyright of the original creator by producing unauthorized copies.
So how do you know if an NFT is counterfeit? Start by doing a reverse Google Image search of the NFT’s image. This should bring up the official website for the project.
Once you’re at the project’s official website, look for a page called “provenance” or “contracts.” This should show you its official contract address. If the contract address for your item is different from the one shown on the official site, it’s most likely counterfeit. Otherwise, you’re probably dealing with a legit copy.
For example, the following image shows the provenance page for Bored Ape Yacht Club (BAYC).
And here is the “details” box for an authentic BAYC item on the popular NFT marketplace, OpenSea.
In this case, the details page doesn’t show the full contract address. But there are enough characters shown to be fairly sure that it’s an authentic item. You can also click the link to go to an Etherscan page that shows the complete address.
Of course, this works only if the marketplace you are using is itself not fake.
#3: Fake Marketplaces
Some NFT marketplaces are made to look exactly like real ones. But in fact, they are scam websites that trigger malicious smart contracts.
Did You Know? A “smart contract” is a file that runs on a blockchain network. The term gets its name from an essay called “The Idea of Smart Contracts,” written by Nick Szabo. Auditing a smart contract is often an effective way to make sure that a crypto coin is safe.
For example, over 250 NFTs were stolen from users who went to a fake version of OpenSea.2 This site looked exactly like the real OpenSea, but it had a slightly different spelling in its URL. The users were led to the site through emails sent from the scammers. They were told to “migrate” their auctions in order to prevent them from being canceled. But when they pushed buttons and approved transactions to complete the “migrations,” it triggered malicious contracts that stole all of their NFTs.
To help avoid a malicious or phony marketplace, start by checking the URL. A phony site may look similar but have a slightly different spelling compared to the real one. For example, it might say “opensee.com” instead of “opensea.io.” If the URL is different from the official one, you’ll know right away that you’re on the wrong site.
Next, take a look at the lock symbol in the address bar. If the site has been hacked, this should show up in red. Your browser may even warn you that the site “failed its security certificate.” In this case, you’ll probably want to wait until the security breach is dealt with and the site returns to normal before using it.
Finally, take a look at the contracts that are being called when you push buttons. Your wallet will require you to confirm each button-push, and it will tell you which contracts are being triggered. If you call a contract that you’ve never called before, your wallet should alert you that you’re dealing with a new address.
Pro Tip: Before you can use an NFT marketplace, you’ll need some cryptocurrency and a wallet to hold it in. And in order to get cryptocurrency, you’ll need an exchange.
For example, here is a Metamask wallet confirmation that pops up when you try to submit a bid on SuperRare.com. The address is circled in red.
If the address is different from the one listed in the developer’s docs, you may be dealing with a phony website. Other red flags to look out for are contracts with an unusually small number of transactions or with code that isn’t human-readable (as with the earlier example, you can click the link to go to an Etherscan page with more information).
If you can’t determine whether the contract being called is the correct one, you may want to contact the developer’s Discord or Telegram channel and talk to an admin before using the contract.
But be sure to watch out for fake customer service agents.
#4: Impersonating Customer Support
Some scammers on Discord or Telegram will pose as “customer support” for a crypto project. They’ll tell you to click on a URL that will send you to either a phishing site or a site with malicious contracts.
These scammers are often caught quickly if they post directly to the Discord group for a project. So to avoid getting caught, they will send direct messages (DMs) to unsuspecting users.
To help avoid getting ensnared by these scams, be extra suspicious of any DMs that you receive. You might want to avoid clicking Discord or Telegram links to marketplaces unless they are sent from an admin. On Discord, you can click on a user’s name within a group to find out what that user’s “role” is. The admins will usually have roles like “admin” or “moderator,” and they may also have a “MOD” tag in their names.
For example, here is what an admin for the Avalanche (AVAX) Discord group looks like:
If a user is posing as customer support but doesn’t have any special role within the group, they might be trying to scam you.
But fake customer agents and phony marketplaces are not the only NFT scams to worry about. Some NFT projects are themselves a scam. In the next section, I’ll discuss the most widespread form of scam NFT projects.
One of the most common ways that people get scammed with NFTs is through “rug pulls.”
A rug pull occurs when a developer markets a new NFT project that offers some type of future reward, such as a giveaway or a game that will be developed, then disappears once the money comes in.
For example, in a case called United States v. Le Ahn Tuan, a man has been charged with defrauding collectors of over $2 million through a project called “Baller Apes.”3
According to the Justice Department, the man promised various rewards to holders of Baller Apes NFTs, including random drops of rare Baller Apes, Solana (SOL) prizes, and a “VIP Lounge” where holders could meet each other.4 But once he sold the collection, he disappeared, taking down his website and closing all of the project’s Discord and Telegram servers, and he never provided the promised rewards.
How to avoid a rug pull
The easiest way to avoid these types of scams is to invest only in reputable NFT projects that have been around for a while. Most rug pulls occur immediately after a project’s initial sale. So if a project has been around for at least a few months after launch, it’s a lot less likely to be a rug pull.
If you really want to invest in completely new projects, another option to limit risk is to spread your investments across multiple projects. This way, if one project turns out to be a scam, you’ll limit your losses.
Pro Tip: Some NFT rug pulls will promise Metaverse content to be released in the future. Of course, legitimate projects also sometimes make these promises, so it’s not always easy to know which Metaverse NFT projects are legit and which are not. But diversification can help with this problem.
NFTs have been around since 2014. But before 2021, they were mostly known as video game items. The idea that a person could collect NFTs simply for their artistic value was virtually unheard of.
But today, digital art NFTs have become more accepted than ever. Still, collectors should be aware that there are a lot of scammers trying to take advantage of new NFT holders. Awareness of these five NFT scams can help to protect your collection and your crypto from the worst types of NFT cons so that you can enjoy your collection in peace — and maybe even profit if/when the market recovers in the future.