Scams are increasingly prevalent in the dynamic NFT market. Notably in 2023, even savvy investor Kevin Rose was duped, losing more than $1 million in blue-chip NFTs.
As of now, over $26 million worth of NFTs have been stolen. While NFTs have legitimate applications across digital art, gaming, real estate, and more, the growing number of scam occurrences casts a shadow over the industry’s reputation.
Whether you’re trading, investing, or just dipping your toes in the NFT market—you must understand how NFT scams work and how to protect your assets.
In a rug pull scam, the team behind an NFT project drains its liquidity and disappears with the funds. They present their collection as a worthwhile investment, often adding a backdoor in smart contracts or asset management systems to facilitate the theft.
Pixelmon—a combat-based NFT game—remains one of the most phenomenal rugs in NFT. Starting at a 3 ETH floor price, the founders raised about $70 million, after which they abandoned the project and stole the funds.
Sometimes, the rug perpetrator utilizes their influence. A rapper Soulja Boy rugged his audience three times in a row for a total of 69 ETH.
Soulja Boy. Source: NFT Evening
Counterfeiting is a prevalent issue within the NFT market: plagiarized works, fake collections, and spam. Much like counterfeit art, fake NFTs are worthless. While major marketplaces combat this with detection systems, the responsibility is still on the investor to verify the token’s authenticity and its creator’s legitimacy.
In February 2023, Mason Rothschild plagiarized the outlook of a French fashion bag named Hermès and made about 200 ETH.
In a pump-and-dump scheme, bad actors artificially increase the price. They pour liquidity into an NFT collection, simulating strong demand. Outsiders may view the rising prices as a sign of a good buy, only to be left with devalued NFTs when the demand dries up.
An artist, Ryder Ripps, has profited over $5 million after dumping numerous NFTs on unfortunate collectors.
Pump-and-dump has become so rampant in the NFT space that a project named Parrot adopted the scheme as its utility, encouraging collectors to join the pump and make money.
Gotta love a good Pyramid Scheme that’s at least explicit about it. pic.twitter.com/Q9VtYNlhKe— NFTstatistics.eth (@punk9059) September 11, 2022
Scammers manipulate people into clicking malicious links that are designed to hijack control of the user’s account or wallet. These links can be sent through various channels such as Discord, Twitter, and Telegram or embedded in random ads.
Malicious links can even come from official channels. Memeland by 9GAG, Proof/Moonbirds, and other popular NFT marketplaces were targeted by a sophisticated phishing attack in May 2022. The attacker had compromised a widely-used Discord bot, Mee6, enabling them to post messages on public channels, giving the impression of authenticity. The attacker used the bot to distribute phishing links disguised as an “Official Mint Site”. Victims who approved the transaction unknowingly transferred their NFTs to the scammer’s wallet.
Both novices and OGs can get phished. Even NFT God, a famous NFT influencer on Twitter, admitted losing “a life-changing amount of their net worth” by downloading malware software from an ODS-sponsored link.
Last night my entire digital livelihood was violated.— NFT God (@NFT_GOD) January 15, 2023
Every account connected to me both personally and professionally was hacked and used to hurt others.
Less importantly, I lost a life changing amount of my net worth
Scammers frequently replicate prominent NFT marketplaces like OpenSea and Rarible to sell fake NFTs. Additionally, these websites mimic wallet connection services, granting bad actors access to victims’ assets.
A serial NFT scammer called Elliot has stolen over $5 million using this method.
In a malicious airdrop or giveaway, scammers promise free NFTs. They solicit wallet details from applicants, then use this information to compromise the wallets. These scams often proliferate on Twitter and other major social media platforms.
In March 2023, scammers used airdrops as clickbait to siphon over $300k from the BLUR NFT marketplace users.
Address poisoning is a less-known scam where fraudsters send a $0 transaction to your wallet from an address similar to yours. The aim is to trick those who copy-paste wallet addresses from their transaction history into inadvertently sending NFTs to the wrong, “poisoned” address.
Scammers recently poisoned the address of an Arbitrum user and stole over $1.3 million.
In terms of numbers, it’s estimated that cryptocurrency users have lost over $26 million to NFT-related scams since mid-2021, according to ZenGo Wallet NFT Hack Detector.
ZenGo Wallet NFT Hack Detector. Source: Dune
The effects of NFT scams reach far beyond individual victims, creating ripples that spread throughout the entire market. These impacts come in several forms and influence both the public perception and economic health of the NFT industry.
Bad reputation. The first impact of this is bad PR for the NFT space. Many would-be investors and traders stepped back because they wouldn’t want to be victims of the next rugs or counterfeit NFT collectibles. As a result of the bad PR, it is hard for utility-driven projects—worth all the support and investments—to gain the people’s trust.
Lower sales. Secondly, the total year-in-year value of the NFT industry is dropping. Looking at the data, NFT sales dropped by 83% between 2022 and May 2023. This is unsurprising because scammers stole over $20 million of NFTs in 2022 alone.
NFT scams hit North America and Australia the most. The largest share of proceeds from NFT scams come from the U.S., Canada, and Australia. It’s no surprise since NFT is the most popular DeFi category among North American users.
Many are novices in the crypto realm and potentially more susceptible to being tricked, which explains the higher incidence of scam-related revenues from these regions.
Communal demand for audits. The NFT community is becoming more security-conscious before aping into any project. The community often demands a quality audit of the codebase to rest assured that there are no possible backdoors for rugs. Besides that, the audits also increase their confidence that threat actors have lesser chances of exploiting the smart contracts.
Navigating the dynamic world of NFTs can be exciting, but it also requires constant vigilance. As scams become increasingly sophisticated, it’s crucial to equip yourself with the knowledge and tools needed to protect your digital assets. Below are some key strategies you can employ to avoid falling victim to NFT scams.
NFTs have immense potential to revolutionize digital ownership, but this burgeoning space has become a hunting ground for scams. As we navigate this exciting world, it’s crucial to stay vigilant, practice due diligence, and prioritize security. Despite the challenges, the promise of a decentralized market where artists and creators can monetize their work is a worthy pursuit. As a community, we can work together to ensure that the potential of NFTs is not undermined by the actions of a few bad actors.
The most common NFT scams include phishing, address poisoning, wash trading, counterfeit NFTs, etc.
According to OpenSea, around 80% of NFT projects are scams.
The potential of NFTs as a good investment varies greatly and is dependent on several factors. NFTs can indeed be a good investment as they offer unique ownership rights, often linked to digital art or other virtual assets, which could increase in value over time. However, the NFT market is also highly volatile and speculative, meaning investments can be risky.
Subscribe to our newsletter
Enter your email address to subscribe to Hacken Reseach and receive notifications of new posts by email.