Scams with NFT: what are the most common modalities and how to protect yourself from them

The list of frauds that take place most frequently and tips on how to avoid them and stay safe

Non-Fungible Tokens, better known as NFTs, are becoming increasingly important: in 2020, the NFT market grew by almost 300% compared to 2019 and their operations currently exceed $300 million in transaction volume. As expected, this scenario aroused the interest of cybercriminals, as happened with cryptocurrencies.

NFTs began to attract more attention from users in recent times as a result of the explosion that this technology had in various segments, such as art or the creation of collectibles linked to sports or video games.

Frequent scams

To buy, sell or store an NFT you need a digital wallet. Keeping these wallets secure and the respective use of the systems associated with them becomes critical to protecting these cryptoassets. “In this context, threats such as malware, the use of social engineering techniques such as phishing and other forms of deception are beginning to become more frequent due to the increased interest of attackers seeking to appropriate or manipulate these cryptoassets,” said Camilo Gutiérrez, head of the research laboratory of ESET Latin America (a leading company in proactive threat detection).

Regarding the scams and frauds that have been known in recent times, there are some cases of artists who suffered the copying of their works without permission and were sold as NFTs. Among other crimes, “sleepminting” stands out: a process that can allow a scammer to mint an NFT into an artist's wallet and transfer it to their own account without the artist noticing.

Cybercriminals take advantage of the fact that the NFT market is not regulated and that it does not have legal resources to deal with such crimes. Many stolen digital artworks are sold fraudulently as NFTs. While there are incipient security strategies, there is undoubtedly a lot to be done,” Gutiérrez stressed.

Here are the most common scam modalities around NFTs, and the keys to avoiding them and staying safe, according to ESET.

Direct Messages on Discord

There are different forms of deception through this platform: one of them is pretending to be friends, using someone else's accounts and sending direct messages with an invented story. Cyber scammers also often pose as a project, a brand, an artist or an NFT influencer. Discord allows you to send direct messages (DM) for individual and private conversations with other users in the community, and allows you to send direct messages and start group chats regardless of which server you are on. Therefore, users should never click on links from unknown sources, no matter how legitimate they look, or DMs of “friends” asking for money, or “ads” of NFT projects. It should always be verified.

Fake profiles on social media

Both on Twitter and other social networks, users must learn to live with fake profiles: you have to get used to paying attention as they often copy information from the official account. Therefore, if you are not attentive, you will not identify that perhaps the only difference can be only a letter between one profile and the other. If you pay attention to certain elements, such as the number of followers, tweets copied and pasted from real identifiers, too many retweets from other accounts without original content, you can identify that the account is not true.

Phishing

It is very common to create fake sites that impersonate official accounts, when in fact they are very similar copies of NFT stores or digital wallets, for example. These fake sites can be distributed through social platforms such as Discord, Twitter or even email. ESET always recommends that you carefully observe the links that are received before clicking in case you request personal information (such as a seed phrase or password). It is key to never enter the seed phrase outside the wallet itself and always verify the domain in which you are browsing. On the other hand, and in the face of possible counterfeiting of NFTs, if you are looking to buy crypto art, it is recommended to investigate the background - especially if the artwork costs less than it should. “It is important to investigate whether the direction of the NFT contract is the real one, to look at who sells the NFT, what else it sold, and whether the NFT is also available in other markets, since if it is a single edition there shouldn't be more than one for sale,” said the cybersecurity company.

It is very common to create fake sites that pretend to be official accounts (EFE).

Imitators of artists or creators

It is important to buy NFTs from artists who are verified or who prove by their seniority or activity that they were not involved in anything suspicious. The list of artists who were victims of accounts and sites that sold NFTs of their work without the artist's consent is long. In fact, several began to check on platforms such as OpenSea or Rarible whether their work was being coined without their consent.

Pump and Dump Scam

This is a scam model through which a large amount of NFTs is purchased (although it can be token or cryptocurrency) to generate an increase in demand and thus increase its value. Generally, those who fall for the hoax are naive users who believe that the price will rise and who feel that they found a great opportunity. However, once the value of NFTs or other assets rises; fraudsters get rid of all their assets and make a significant profit on them, leaving victims with worthless NFTs and massive losses. To detect this type of it is recommended to review the transaction history. Platforms such as OpenSea or any other NFT platform allow you to see the total number of transactions and who purchased the collection of these transactions.

Estafa Rug Pull

These types of scams are often camouflaged through excuses such as “there is a bug in the software and it takes time to correct it”. This fraud takes place when those responsible for a project abandon it and keep the investors' money. When the value of the token and the number of investors reaches a certain point, fraudsters empty the liquidity pools of a decentralized exchange (DEX), cause the value of crypto to to plummet, and leave the owners of these assets unable to sell them.

Auction scam

Among the best-known scams are fake offers (known in English as Bidding Scams). In these cases, someone auctions an NFT at a base price for users to bid on it, but the scammer - without the seller's knowledge - bmodifies the cryptocurrency with which they make the purchase to a lower value. ESET's recommendation to avoid falling for this scam is to verify the cryptocurrency used and not to accept a lower amount, or buy for a higher amount than the NFT was supposed to appear.

Fake profiles and phishing

It is a hoax in which scammers create fake profiles or impersonate a collector, artist or NFT creator. There are various ways to address victims: for example, criminals can contact these creators through MD to buy an NFT from them posing as someone they are not, and first ask the seller to take action, such as registering on a site or similar. It can also be through Twitter accounts where they publish that they have an ETH to invest in NFTs and invite creators to share their works.

Other types of scams

Among the most common forms of scams are fake profiles that seek to attract NFT creators; giveaways, gifts and fake offers; and fake “mints” (a hoax in which developers send NFTs to influencers making it seem that they are the ones who are coining NFTs).

According to Gutierrez, cybercriminals “are innovative and always find new strategies to carry out their attacks.” Therefore, the most important thing is to be vigilant and distrust anything that is too good to be true. “Skepticism can prevent a big headache,” he said.

ESET advised avoiding links that promise gifts, offers, or anything that requires a quick decision.

Finally, ESET pointed out some important items for operating with NFTs in a safer way.

- Never share the “seed phrase” or password, unless you are absolutely sure and it has been verified three times where the click was made.

- Always check the history of direct messages and check their origin.

- Avoid links that promise gifts, offers or anything that requires a quick decision. If you are tempted to click, first check who sends the links, and especially on Discord.

- Try to keep the most valuable assets in a “cold wallet”: a wallet that is not used regularly and has several security measures.

- Use a hardware wallet, as they are highly secure and allow you to store funds offline.

- Acquire a password manager for all wallets and accounts. These types of tools help generate and save complex passwords.

KEEP READING: