NFT Attacks and Scams: Everything You Need To Know

Cyberscope Team
February 14, 2024
NFT Attacks and Scams: Everything You Need To Know

Interestingly, recent research shows that hackers and scammers have stolen a minimum of $300 million worth of NFTs until now. They did all this through methods like phishing, smart contract bugs, and other scams.

Do you know that NFTs have become mainstream investment opportunities in recent years? But still, understanding their legitimacy and technical aspects remains challenging for many. It is crucial to recognize various scam forms to protect your NFTs and funds.

In this article, we’ll explain the most common NFT scams happening in the NFT space and will equip you completely with the knowledge to navigate this evolving NFT landscape.

But before diving into it, let us explain what NFT scams are.

What are NFT Scams?

To put it simply, NFT scams happen when someone steals your NFTs or sells you an NFT at a higher price than it should be.

Also Read: NFT Smart Contract Audit

Why are NFTs Vulnerable to NFT Scams?

The technology that powers NFTs is still developing, due to which some people try to take advantage of it by tricking others. It's a bit like when the internet was just starting, and there were scams.

Security and rules about how to use NFTs can be complicated, putting digital assets, or digital things you own, at risk of being stolen. Some instances of high-profile NFT thefts have happened, showing that there's a need to be careful.

As more people get into NFTs, the risk of scams will likely increase. Scammers will also get more creative and use advanced technology. Just like in the past, when hackers took things from people online, like the Nifty Gateway hack, where NFTs vanished along with credit card exploitation due to lacking two-factor authentication (2FA).

Quick Link: What is a Replay Attack in Blockchain?

Most Common NFT Scams

Now you have an overview of what NFT scams are.

So, let’s talk about the most common NFT scams that have been happening in the NFT marketplace.

Fun Fact: OpenSea, the largest NFT marketplace, announced on X (former Twitter) that over 80% of the projects on their marketplace are scams or spam, due to which they have limited the free minting now.

We’ll go through each of the scams in detail. So stay tuned.

Pump and Dump in NFT Projects

In the world of NFTs, "pump and dump" schemes involve dishonest actions where people artificially boost the price or popularity of NFT projects only to sell them quickly for a profit. This leaves other investors with NFTs that have little or no actual value. Such schemes are usually against the law and can damage the credibility of the entire NFT market.

How Does it Work?

"Pump and dump" schemes within NFT projects commence with aggressive promotion via social media, forums, and direct messaging, often fueled by misleading information to generate hype. As more investors join the frenzy, NFT prices artificially soar.

Scheme orchestrators may exacerbate this by purchasing many NFTs from the same collection, amplifying the inflation. Schemers swiftly sell once the peak is reached, reaping substantial profits and triggering a subsequent market crash. Unsuspecting investors who bought at the peak face significant losses, while scheme orchestrators exit, leaving a disillusioned market.

Clone or Fake Marketplace

Have you ever encountered a clone or fake marketplace that resembles closely the appearance and functionality of a legitimate and well-established online marketplace but wasn’t real? If yes, then hopefully you made the right call and didn’t use the website for anything.

The primary objective behind these imitations is to trick and defraud users, posing risks such as financial loss, identity theft, and selling counterfeit or subpar products.

Spear-Phishing Marketplaces
Spear-Phishing Marketplaces

Spear-Phishing Marketplaces

Phishing is a deceptive technique that even tricks tech-savvy users into thinking an email or web link is legitimate.

In July 2022, a spear-phishing attack hit Axie Infinity, an NFT marketplace, resulting in a staggering $540 million loss. The attackers employed sophisticated social engineering via email.

A recipient received an email seemingly from a known and trusted organization with whom they had prior contact. The email contained a malicious PDF attachment. Upon downloading, the attachment installed spyware on the recipient's system, providing unauthorized access.

The attackers then targeted private keys within Axie Infinity, acting as passwords for blockchain nodes. Gaining access to four nodes, they exploited this to pay themselves in both Ethereum and US currency. Make sure to double-check the email before downloading anything because something like that might also happen to you if you aren’t vigilant.

Bidding Scams

Bidding scams within the realm of NFT collections have become a prevalent concern, exploiting the dynamic auction processes on various marketplaces. These deceptive practices aim to trick buyers and investors during the bidding or auction phase of acquiring NFTs. Below are the distinct types of bidding scams, each presenting unique challenges and risks.

Shill Bidding

In shill bidding, the sellers or their associates place fake bids on their own NFTs. By doing so, they inflate the value of the NFT and create a false sense of demand. When legitimate buyers see this, they are tempted to buy them, which results in overpaying for the NFT.

Bid Manipulation

The second type of bidding scam is bid manipulation. In this, the scammers use multiple accounts to inflate an NFT's bidding price artificially. Due to this, they deceive potential buyers into thinking the NFT is more valuable than it actually is.

Fake Bidders

In this scam, perpetrators create fake accounts to participate in bidding. These fake bidders can serve various purposes. They may either drive up the price of an NFT, creating a false impression of high demand or suddenly drop out, leaving legitimate bidders with overvalued and often worthless NFTs. This tactic exploits the trust placed in the bidding system.

Releasing Counterfeit NFTs

In this type, the sellers falsely claim that the NFT for sale is a valuable and rare edition, but in reality, it is a counterfeit one. This false marketing misleads bidders into paying a premium for an NFT that doesn't hold any value.

NFT Airdrop or Giveaway Scam
NFT Airdrop or Giveaway Scam

NFT Airdrop or Giveaway Scam

These schemes exploit the burgeoning interest in NFTs, enticing individuals with promises of free NFTs while aiming to extract personal information or cryptocurrency. These include:

  • False Promotions: Firstly, scammers imitate reputable NFT projects, artists, or celebrities on popular social media platforms. It creates an illusion of legitimacy. Then, they lure individuals to participate by falsely claiming to host genuine NFT airdrop or giveaway events.
  • Sending Cryptocurrency: Scammers instruct victims to send a specified amount of cryptocurrency (e.g., Ethereum) to a designated wallet address, claiming it as a prerequisite for receiving the promised free NFTs.
  • No NFTs Received: The promises never materialize after users fall victim to the ruse and provide personal information or send cryptocurrency as instructed. Having achieved their malicious objectives, the scammers vanish.

Fake Technical Support

An illustrative scenario involves encountering technical difficulties on an NFT marketplace and seeking assistance on community forums like Telegram or Discord. In this deceptive ploy, an individual posing as a representative from the NFT marketplace offers to help, setting the stage for potential scams.

The imposter may cunningly request access to your screen, purportedly to assist with troubleshooting. However, their true motive is to steal your crypto wallet credentials, leaving you vulnerable to financial exploitation. Alternatively, the scammer might redirect you to a convincing website mirroring the official NFT marketplace. Falling victim to this redirection and entering your credentials on such a site can open the door to various NFT-related scams.

Sleep Minting NFTs
Sleep Minting NFTs

Sleep Minting NFTs

When a scammer employs a deceitful tactic to mint an NFT and promptly deposits it into the wallet of a well-known creator, it is called “Sleep Minting.” The scammers use this strategy to mislead the audience, making it seem as if the creator personally initiated the NFT creation and transferred it to the scammer.

The scammer exploits the trust associated with the creator's reputation to carry out fraudulent activities in the NFT space. Not too long ago, somebody pretended to be Beeple and sold one of these fake pieces for a lot of money.

Wash Trading

Wash trading is a deceiving practice where an individual uses self-trading to create artificial effects in the market. Timothy Cradle, Director of Regulatory Affairs at Blockchain Intelligence Group, highlights its purpose: To inflate prices, create a false appearance of liquidity, and attract interest from other investors.

This manipulation can mislead investors into buying NFTs at artificially inflated prices, constituting fraud and market manipulation. However, the trading volume for NFTs is low, which makes it easier to detect such scams if you are vigilant.

NFT Swap Order Scam

In NFT swap order scams, an individual tricks someone into exchanging their valuable digital item for one of little or no value. The scammer creates a false contract and claims to sell a high-value NFT in exchange for a low-value one. As soon as someone accepts this offer out of greed, the scammer vanishes, leaving the victim empty-handed.

One common strategy is to create a false contract that is similar in appearance to a trustworthy source, using logos or branding from well-known digital platforms. But despite all the efforts to make it look real, if you closely inspect it, you’ll find that the contract is fake.

7 Simple Ways to Avoid NFT Scams

Now that you’re aware of the common NFT scams let’s see how you can avoid these scams.

1. Research Before You Buy

The very first thing that you should do is research about the project, who's its artist, and if the artwork is authentic. It is critical to verify the information from reputable sources like the artist's website or social media profiles to be entirely sure. Another thing that you can do is check the team’s track record. It will help you understand how much the project could be worth after a while.

2. Buy from Established Marketplaces

The next way by which you can save yourself from scams is by using only established marketplaces like OpenSea, Rarible, and SuperRare. These platforms have been operating successfully for years and have a proven track record. They implement security measures to protect you and your assets from fraud.

3. Beware of Unrealistic Promises

Have you ever gotten offers from random people that sounded too good to be true? The same happens in the NFT space, too, and most people accept them because of greed. You should be skeptical of projects that make unrealistic claims or promises.

4. Double-check URLs and Wallet Addresses

To save yourself from phishing attacks, double-check the legitimacy of websites and wallet addresses before entering your personal details. Ensure that URLs and wallet addresses are verified with multiple sources before making any transactions.

5. Enable 2FA

Nowadays, many wallets offer two-factor authentication (2FA). It provides an extra layer of security to the digital assets. It is easy to implement and easy. Another way to keep your assets safe is by using hardware or secure software wallets to store your NFTs offline.

6. Educate Yourself About Smart Contracts

It is essential that you know the role of smart contracts in the NFT ecosystem. Make it mandatory to educate yourself on a project's functionality, terms, and conditions before investing your hard-earned money. Also, get to know the contract's code and ensure it is audited by reputable third-party firms. We also provide the best smart contract auditing services, which you should also check out.

7. Stay Up-to-date

Last but not least, stay informed about NFT trends, news, and developments. To keep your knowledge up-to-date, engage with reliable resources. To enhance your knowledge, you can also join various NFT communities. Ultimately, be cautious if something feels off or too good to be true, and report it if possible.

Impact of NFT Scams on the NFT Space

Whenever there are scams in a market, it impacts the overall reputation and integrity of the market. That’s precisely what happens with the NFT market as well. Let's delve into some key impacts that have occurred due to these scams.

Loss of Trust and Credibility

The first and foremost impact on the NFT market is the community's loss of trust and credibility. As investors and collectors fall prey to scams, confidence in the market diminishes. Due to this loss of trust, the growth and adoption of NFTs get restricted and stunned.

Financial Losses for Investors

Where there’s a scam, investors suffer substantial financial losses. These losses can be due to Ponzi schemes, fake art purchases, or pump-and-dump schemes. It impacts victims directly and casts a negative light on NFT investments, discouraging potential participants.

Damage to Artists and Creators

The individuals mostly impacted by such schemes are the artists and creators. When the scammer copies their work, it undermines their artistic integrity, and they lose a lot of money. Due to these scams, genuine artists are discouraged from embracing NFTs for showcasing and monetizing their creations.

Negative Perception of NFT Investments

The NFT scams give a negative perception to the people interested in buying them. Due to this, the broader acceptance of NFTs as a viable and secure investment option is hindered.

Final Thoughts

This blog unpacks various scams related to NFTs, offering detailed insights into the deceptive practices in the NFT space. The content aims to enhance your awareness of potential issues in the NFT ecosystem. Make sure to use this information to protect yourself from such scams. Lastly, whenever you decide to buy an NFT, ensure it is legitimate using the above-mentioned techniques.

Tags :
Share :

Subscribe To Our Newsletter

Stay updated with the latest hacks, threats, security best practices, and educational content in the crypto world right in your inbox!