NFT Scams – Real-life story

nft scams

What is an NFT 

A Non-fungible Token (NFT) is a digital asset which is stored in the blockchain. NFTs aredigital assets which can be anything from a jpg image, memes, sports cards, a video,music, or digital artwork. Each NFT is a cryptographic asset with unique metadata andcodes, it is a one-of-a-kind token which can be transferred, therefore they can be sold andtraded. For instance, the first-ever tweet on Twitter was sold as an NFT for $2.9 Million.

The digital world has advanced significantly, and more users are growing interest in theseblockchain technologies, especially because they serve as a decentralised and distributedpublic ledger where the source of a digital asset is recorded. In the case of NFTs, theycannot be replicated, and they can represent real-life items.

Emerging NFT projects and collections founded by popular crypto artists, celebrity figuresor internet personalities have become extremely popular. Amongst the most popular areBored Ape Yacht Club, with their most expensive NFT valued at over $3.8 Million, andCrypto Punks, with their most expensive NFT valued at $11.75 Million.

Purchasing NFTs and is it secure? 

Most NFTs live on the Ethereum blockchain, therefore, people can buy them with ether,the native Ethereum cryptocurrency. Ether can be converted from British pounds or USdollars on exchanges like Coinbase and MetaMask. There are Centralised andDecentralised Finance (DeFi) crypto exchanges and wallets, and the main differencesbetween them are regarding security.

Decentralised wallets are non-custodial, which means the user has complete control overtheir funds and assets stored in DeFi wallets such as MetaMask. NFTs are decentralisedprojects, which means that they are managed on decentralised wallets and can be boughton various marketplaces, the most popular ones are OpenSea and Rarible. However,crypto exchanges such as Coinbase and Binance have recently launched their own NFTmarketplace or trading platform.

Regarding security, users do not need to go through any identity verification, authentication, KYC (know-your-customer) processes or share any personal data when using a DeFi wallet. Whereas centralised wallets are required to comply with the concerning regulations when onboarding users and especially authenticating them and their activity.

As innovative technologies emerge the need for strong security measures should be ofgreat concern to keep the user’s digital assets safe. When you use a DeFi wallet, there areno extra security measures like Two-Factor Authentication. This means that if someonegets your data, they can access your wallet and assets.

How I became a victim

I have a great interest for the digital era and everything-crypto and I would like to share myexperience with you. About four years ago I began my journey of learning about cryptoassets. When I came across NFTs about a year ago, it seemed like an interesting subjectaround the digital era revolution. There was a lot of information available on NFTs, but notenough education to prevent users from falling victims to fraud around such emergingblockchain technologies.

NFTs have a lot of potential, but there is also a lot of potential for fraud and scams.Generally, DeFi lacks security measures, as it takes control away from third parties,allowing users to have complete control over their assets, which makes it vulnerable tofraud because there aren’t any protocols or systems in place to protect your crypto assetsor funds.

Many users find this to be a benefit, however, as we all know, the higher the demand for aproduct or service, the higher the fraud. Therefore, it is just a matter of time as fraudstersand scammers are highly capable of adapting to these dynamic and emerging digitaltrends. For instance, early 2022, an NFT collector had over $2.2 million worth of NFTs stolen.  NFT Scams can potentially be one of the leading fraud trends around   crypto technologies.

In my case, after researching the market, I came across an attractive project that launchedits first series in early 2021 and had been very successful. I was drawn to the projectbecause of the values it promotes, and it is led by a successful entrepreneur whose work Ihave been following. The project was due to launch its second series and after lengthyand vigorous research, I then proceeded to convert over £5.000 to ether.

I had previously bought multiple NFTs using the known DeFi wallet, MetaMask, so Iconnected my wallet to the marketplace where the trading of the project’s NFTs wastaking place as I had previously used this marketplace. I bought the NFT, which was worthover £3,000. A few days later, I checked my MetaMask wallet and realised that my NFT andall the ether in it had been transferred to another wallet, without my knowledge orconsent.

I contacted MetaMask via their web chat to ask how it is possible for my account to havebeen hacked and if I considered myself to be cautious with suspicious links. However, inrelation NFT scams, there is much more to be aware of than just fraudulent links whichmay be phishing for personal data.

After extensive research and reading about others’ experiences, the only conclusion Icould come to was that when connecting a MetaMask wallet to other projects, the userneeds to sign a smart contract. This smart contract may allow unlimited access to thewallet, meaning that your funds can be accessed and transferred without you having toauthenticate or approve any transaction.

Therefore, that may have been how the fraudster got hold of my data and accessed my assets in the wallet. I had signed various smart contracts on previous projects, to which I connected my MetaMask wallet. Therefore, my deduction is that one of those smart contacts derived from a fraudulent or fake project which then misused my data to access my assets and control them, they waited for the right opportunity.

How to spot NFTs Scams

how to spot nft scams

When it comes to the digital era, all scams happen when the fraudsters get hold of yourpersonal data. With NFT scams, it happens when they steal your crypto wallet logincredentials or trick you into believing that you are trading with a legitimate or successfulNFT project. If they gain access to the wallet where you keep your crypto funds, then youwon’t only be a victim of an NFT scam but of crypto fraud.

Moreover, with DeFi wallets the users have complete control over their assets, and theyare fully responsible for keeping them safe as they have access to private keys which allowthem to manage their crypto funds without the interception of security measuresestablished by the crypto exchange or crypto wallet in use.

If you are into NFTs, you do not only need to keep your NFTs safe but also the crypto youplan to use to buy NFTs. Therefore, as cliche, as it may sound, if it sounds too good to betrue, then it probably is. Fraudsters target their victims on various social media platforms,for instance, if you are part of an NFT project then you are most likely on Discord (VoIP andinstant messaging social platform).

Discord is full of impersonators and fraudsters; the most common way of scamming usersis by sending fraudulent links and attachments. They pretend to offer genuine help orrecommend ‘successful projects, when in fact, this is just a tactic used to defraud you.

When carrying out a crypto transaction, always go to the official verified website. Whenusing a DeFi wallet, make sure that you know that the only times that you will need yoursecurity phrases is when you need to recover your wallet because you might haveforgotten your login details.

NFT Scams to watch out for

Phishing Scams

Phishing scams take place when your credentials are stolen and used to access your funds,it is the most common in the NFT market, and can happen through:

Fake Websites: Fake trading sites will ask for your wallet credentials and record them tothen steal your crypto. Make sure you carry out thorough research to find legitimate NFTtrading marketplaces or platforms. Amongst the most famous are OpenSean, Rarible,Mintable and Super Rare.

Fake Phishing Emails: Always check the source as fraudsters tend to impersonatepopular NFT marketplaces using fake emails, which include phishing links which then leadto phishing websites.

Impersonation of Customer Support: Fraudsters also tend to impersonate customerservice or technical support teams. So, when seeking support always check the websitecarefully if you are redirected to another site, and if asked for your personal data, makesure you never share your security phrase or share your screen.

Rug Pull Scams

Rug Pulls happen when an NFT project is heavily promoted online and famouspersonalities are used to promote these projects. This is done to create trust andauthenticity so that people can fall for investing. Then suddenly, the project is abandoned,therefore the creators and promoters would be the only ones to profit as the value of theNFTs often decrease and the original funds made are stolen by the creators.

Essentially, NFTs and crypto assets are still emerging concepts, and as all activity takesplace in the blockchain, users must be extra cautious because once your assets are stolen,they are gone forever. In addition, blockchain technology entities do not have to complywith any regulations, therefore they are not deemed responsible for your assets.

See the big picture with the full story of fraud via flexible fraud investigation storyboards.