NFT Scams – Real-life story

nft scams

What is an NFT 

A Non-fungible Token (NFT) is a digital asset which is stored in the blockchain. NFTs are digital assets which can be anything from a jpg image, memes, sports cards, video, music, or digital artwork. Each NFT is a cryptographic asset with unique metadata and codes, it is a one-of-a-kind token which can be transferred, therefore it can be sold and traded. For instance, the first-ever tweet on Twitter was sold as an NFT for $2.9 Million.

The digital world has advanced significantly, and more users are growing interested in these blockchain technologies, especially because they serve as a decentralised and distributed public ledger where the source of a digital asset is recorded. In the case of NFTs, they cannot be replicated, and they can represent real-life items.

Emerging NFT projects and collections founded by popular crypto artists, celebrity figures or internet personalities have become extremely popular. Amongst the most popular are Bored Ape Yacht Club, with their most expensive NFT valued at over $3.8 Million, and Crypto Punks, with their most expensive NFT valued at $11.75 Million.

Purchasing NFTs and is it secure? 

Most NFTs live on the Ethereum blockchain, therefore, people can buy them with ether, the native Ethereum cryptocurrency. Ether can be converted from British pounds or US dollars on exchanges like Coinbase and MetaMask. There are Centralised and Decentralised Finance (DeFi) crypto exchanges and wallets, and the main differences between them are regarding security.

Decentralised wallets are non-custodial, which means the user has complete control over their funds and assets stored in DeFi wallets such as MetaMask. NFTs are decentralised projects, which means that they are managed on decentralised wallets and can be bought on various marketplaces, the most popular ones are OpenSea and Rarible. However, crypto exchanges such as Coinbase and Binance have recently launched their own NFT marketplace or trading platform.

Regarding security, users do not need to go through any identity verification, authentication, KYC (know-your-customer) processes or share any personal data when using a DeFi wallet. Whereas centralised wallets are required to comply with the concerning regulations when onboarding users and especially authenticating them and their activity.

As innovative technologies emerge the need for strong security measures should be of great concern to keep the user’s digital assets safe. When you use a DeFi wallet, there are no extra security measures like Two-Factor Authentication. This means that if someone gets your data, they can access your wallet and assets.

How I became a victim

I have a great interest in the digital era and everything crypto and I would like to share my experience with you. About four years ago I began my journey of learning about crypto assets. When I came across NFTs about a year ago, it seemed like an interesting subject around the digital era revolution. There was a lot of information available on NFTs, but not enough education to prevent users from falling victim to fraud around such emerging blockchain technologies.

NFTs have a lot of potentials, but there is also a lot of potential for fraud and scams. Generally, DeFi lacks security measures, as it takes control away from third parties, allowing users to have complete control over their assets, which makes it vulnerable to fraud because there aren’t any protocols or systems in place to protect your crypto assets or funds.

Many users find this to be a benefit, however, as we all know, the higher the demand for a product or service, the higher the fraud. Therefore, it is just a matter of time before fraudsters and scammers are highly capable of adapting to these dynamic and emerging digital trends. For instance, in early 2022, an NFT collector had over $2.2 million worth of NFTs stolen.  NFT Scams can potentially be one of the leading fraud trends around crypto technologies.

In my case, after researching the market, I came across an attractive project that launched its first series in early 2021 and had been very successful. I was drawn to the project because of the values it promotes, and it is led by a successful entrepreneur whose work I have been following. The project was due to launch its second series and after lengthy and vigorous research, I then proceeded to convert over £5.000 to ether.

I had previously bought multiple NFTs using the known DeFi wallet, MetaMask, so I connected my wallet to the marketplace where the trading of the project’s NFTs was taking place as I had previously used this marketplace. I bought the NFT, which was worth over £3,000. A few days later, I checked my MetaMask wallet and realised that my NFT and all the ether in it had been transferred to another wallet, without my knowledge or consent.

I contacted MetaMask via their web chat to ask how it is possible for my account to have been hacked and if I considered myself to be cautious with suspicious links. However, in relation NFT scams, there is much more to be aware of than just fraudulent links which may be phishing for personal data.

After extensive research and reading about others’ experiences, the only conclusion I could come to was that when connecting a MetaMask wallet to other projects, the user needs to sign a smart contract. This smart contract may allow unlimited access to the wallet, meaning that your funds can be accessed and transferred without you having to authenticate or approve any transaction.

Therefore, that may have been how the fraudster got hold of my data and accessed my assets in the wallet. I had signed various smart contracts on previous projects, to which I connected my MetaMask wallet. Therefore, my deduction is that one of those smart contacts derived from a fraudulent or fake project which then misused my data to access my assets and control them, they waited for the right opportunity.

How to spot NFTs Scams

how to spot nft scams

When it comes to the digital era, all scams happen when fraudsters get hold of your personal data. NFT scams happen when they steal your crypto wallet login credentials or trick you into believing that you are trading with a legitimate or successful project. If they gain access to the wallet where you keep your crypto funds, then you won’t only be a victim of an NFT scam but of crypto fraud.

Moreover, with DeFi wallets the users have complete control over their assets and they are fully responsible for keeping them safe as they have access to private keys which allow them to manage their crypto funds without the interception of security measures established by the crypto exchange or crypto wallet in use.

If you are into NFTs, you do not only need to keep your NFTs safe but also the crypto youplan to use to buy NFTs. Therefore, as cliche, as it may sound, if it sounds too good to be true, then it probably is. Fraudsters target their victims on various social media platforms,for instance, if you are part of an NFT project then you are most likely on Discord (VoIP andinstant messaging social platform).

Discord is full of impersonators and fraudsters; the most common way of scamming users is by sending fraudulent links and attachments. They pretend to offer genuine help or recommend ‘successful projects, when in fact, this is just a tactic used to defraud you.

When carrying out a crypto transaction, always go to the official verified website. When using a DeFi wallet, make sure that you know that the only times that you will need your security phrases is when you need to recover your wallet because you might have forgotten your login details.

NFT Scams to watch out for

Phishing Scams

Phishing scams take place when your credentials are stolen and used to access your funds, it is the most common in the NFT market, and can happen through:

Fake Websites: Fake trading sites will ask for your wallet credentials and record them to then steal your crypto. Make sure you carry out thorough research to find legitimate NFT trading marketplaces or platforms. Amongst the most famous are OpenSean, Rarible, Mintable and Super Rare.

Fake Phishing Emails: Always check the source as fraudsters tend to impersonate popular NFT marketplaces using fake emails, which include phishing links which then lead to phishing websites.

Impersonation of Customer Support: Fraudsters also tend to impersonate customer service or technical support teams. So, when seeking support always check the website carefully if you are redirected to another site, and if asked for your personal data, make sure you never share your security phrase or share your screen.

Rug Pull Scams

Rug Pulls happen when an NFT project is heavily promoted online and famous personalities are used to promote these projects. This is done to create trust and authenticity so that people can fall for investing. Then suddenly, the project is abandoned, therefore the creators and promoters would be the only ones to profit as the value of the NFTs often decrease and the original funds made are stolen by the creators.

Essentially, NFTs and crypto assets are still emerging concepts, and as all activity takes place in the blockchain, users must be extra cautious because once your assets are stolen, they are gone forever. In addition, blockchain technology entities do not have to comply with any regulations, therefore they are not deemed responsible for your assets.

Avoiding NFT scams and protecting your customers with Udentify

Non-fungible tokens (NFTs) have become increasingly popular as a way to purchase digital goods such as artwork, music and in-game items. Unfortunately, NFT scams have become more frequent, as fraudsters attempt to take advantage of unsuspecting customers. It is important for businesses to take steps to protect their customers and their own reputation by implementing a strong identity verification and authentication process.

Udentify’s identity verification process validates a customer’s identity to ensure they are who they say they are. This process typically involves collecting personal data such as name, address, date of birth, and other identifying information. Once the customer’s identity has been verified, authentication can be used to verify that the customer is authorised to buy or sell the NFT. Authentication typically requires the customer to provide a password or two-factor authentication (2FA) code, such as a one-time password sent via SMS or email.

By implementing a strong identity verification and authentication process, businesses can reduce the risk of NFT scams. This will help protect their customers from fraud and ensure that only authorised customers are able to purchase or sell their NFTs. Furthermore, it will help protect the business’s reputation, as customers will have greater confidence in the security of their transactions.


Content Protection by
See the big picture with the full story of fraud via flexible fraud investigation storyboards.