The NFT market began to gain momentum in 2020, growing over 300% from last year and representing millions of dollars worth of cryptocurrencies. During the first week of May 2022, the sale of these tokens then fell by 92% compared to last September. However, the market still generates the equivalent of millions of dollars, raising many concerns about the safety of this asset. If a thief previously had to break a museum’s security to steal a work of art, gaining access to a digital wallet can be achieved using malware or social engineering.
When digital artist Qing Han passed away in 2020, scammers took the opportunity to sell his artwork as NFTs in his name. Last September, famous graffiti artist Banksy had his website hacked, posting an ad for the sale of what was supposed to be his first NFT; one collector paid $336,000. The NFT market opens up opportunities for many scams:
Dispute Cheats: The chat platform is divided into communities called servers where people can talk, stream and play games together. Just last December, 373 members of a Discord server run by the NFT gaming marketplace had their digital wallet authentication compromised, losing a total of $150,000. Another scam on Discord involves sending DMs that trick users into thinking they’re actually being contacted by a brand, artist, or influencer. Don’t be surprised by NFT projects without verifying that the offer is legitimate.
Fake Social Media Profiles: Beware of potential fake profiles. Often these are copies of real profiles and it is enough to look a little carefully at the details to distinguish the fake from the real one. You should also be wary of bots that invite users to respond to messages; use social media to interact with them and ask for information that can give them access to crypto wallets.
Phishing scam: NFT copy markets or fake crypto wallets are shared on Discord, Twitter and forums as well as via email. The level of similarity to real businesses is impressive and it takes a keen eye to spot small differences in the URL or overall layout.
Artist impersonation: Aside from Banksy and his fraudulent website, other artists have gone through similar situations. Tyler Hobbs, the artist behind the Art Blocks project “Fidenza”, has denounced the platform SolBlocks for using his code to sell copies of his works. Derek Laufman’s artwork was also being sold from a fake account using the artist’s name, even getting a verified icon.
Pump and dump scams: The type of scam closest to NFT speculation involves a person or group of individuals buying large numbers of NFTs (or cryptocurrencies) and reselling them in order to artificially create a false impression that the asset is in high demand. In this way, market forces will increase resale profits. On the buyer side, this pattern seems to be validated by influencers sharing NFT on their profiles, making it a great opportunity. After all, these buyers expect to be resold at a higher price, which never happens.
“Carpet pulled” scams: Scammers promote a project, ask for investment and, without warning, abandon it. This usually happens after they feel they have “completely exhausted investors”, removing all funds from an NFT portfolio and deleting their profiles from the markets and social media.
Auction Scams: Fake NFT auctions are one of the most common scams. These occur when a real seller tries to auction an NFT. The seller indicates the cryptocurrency they want to be paid in, but a fraudster can successfully change their bid currency to a lower value currency. It can also work by adding and removing an NFT listing from a market by moving the decimal number one to the right. Without noticing the difference, a buyer can end up paying much more than originally anticipated.
Social Media Account Hacking: Fake offers and giveaways are a great way to drive user interest. Surprisingly, they can even come from well-established user accounts. The reality, however, is that quite often these accounts are hijacked by fraudsters to promote fraudulent schemes. Once a user tries to access the fake offer, they are asked to enter their password or personal details and provide contact details and receive nothing in return.
Fake Mints: In these schemes, fraudsters dump NFTs into influencers’ wallets, making it look like the celebrity actually created the NFTs on the blockchain. Indeed, many buyers monitor specific portfolios for new activity to anticipate mass interest and an increase in the value of an NFT. According to OpenSea, the largest NFT marketplace, more than 80% of NFTs generated for free on its platform are fake, plagiarized from other artists, or spam.
There are many scams to be aware of as you dive into the world of NFTs, and as usual, scammers never miss an opportunity to make money. Therefore it is important to always be attentive.
By Benoit Grunemwald, Cyber Security Expert, ESET France.