Above: the scammers (fabiello, 2021) on SuperRare

Why do people get scammed in NFTs?

Crypto con artists and digital thieves are everywhere--what can we do about it?

Aug 17, 2022 Tech

1 year ago

Speaking about their free minting tool, OpenSea, the biggest marketplace for Ethereum-based NFTs, tweeted that “Over 80% of the items created with this tool were plagiarised works, fake collections, and spam.” In response to this data, the company decided to limit the number of NFTs users can mint for free to just fifty in an attempt to stop copyminters and scammers. After some community outrage, this decision was eventually reversed, and OpenSea is still ripe with these types of tokens. With the explosive growth of NFTs, particularly in the last year, it was always clear that scams, fraud cases, and hacks would eventually become a major part of the space. Now it seems that almost every day we hear of a new scam on Twitter, and because of this, another NFT holder becomes an unfortunate victim.

People can be scammed in many ways. From fake links and trades going wrong, to copycat collections and rug pulls, scammers will always find a way to ruin someone’s day by stealing NFTs or money (whether in crypto or fiat). A range of these scams have been reported in recent times on Twitter, and regrettably, once a scam has happened, there is not a lot that the victim can do to retrieve lost funds.

One of the most common scams utilises a bad link that tricks users into sharing their wallets with the wrong people. Classified as a phishing scam, these could also be worded as “trades going wrong.” In these types of scams, a hacker or scammer will create a near-identical website to an NFT trading platform like “NFT Trade” and ask their victim to input their Metamask details so that they gain access to their wallet. In the case of Twitter user @shanterpster, they had their Bored Ape Yacht Club NFT (#8933) stolen in December as a hacker pretended to be using the real NFTTrader platform to complete the trade. It wasn’t announced by the victim what they were offered in exchange for their ape, but it was something that the hacker didn’t own. Based on the market value at the time, the victim lost out on $281,000. Their reaction on Twitter to the scam was simple: “just got scammed.” You may be wondering how someone could fall for something like this, but the changes are subtle and often hard to spot.. For example, a scammer will change one character in the domain name, like an ‘l’ (the letter L) for a ‘1’ (the number one).

To all the creators in our community impacted by the 50 item limit we added to our free minting tool, we hear you and we're sorry. We have reversed the decision. But we also want to offer an explanation ↯ pic.twitter.com/Y3igaE1RM2
— OpenSea (@opensea) January 27, 2022

Another common scam is the rug pull; these often require larger teams of people and weeks, or even months, to complete. Put simply, someone (or a team) will create an NFT collection, build up hype, and promise benefits for those who buy their NFTs. Once they mint the collection and get some quick cash from initial sales, they’ll abandon the project, leaving their users high and dry. One of the most interesting and complex rug pulls we have seen was on the Solana blockchain with the Balloonsville NFT collection. Their hype machine got them a place on the blockchain’s leading marketplace: Magic Eden’s “exclusive” launchpad. After a successful mint and a few days of great sales, they announced that they were a rug pull publicly on Twitter. During this process, they even called out Magic Eden for not verifying the team’s IDs when they were applying for the launchpad. They said in a Tweet that was later removed, but recovered through a screenshot from a Twitter user: “Petition for the Solana community to stop using Magic Eden. They are the biggest money hungry apes I’ve ever seen, they knew we were a rug because we denied giving ID but they didn’t care because they wanted their 5% from mint.”

What made this rug pull so bizarre was that there were videos on the project’s social media pages of the purported founders–late teen/early twenties males. It was only announced afterwards that their “team” was actually a troupe of paid actors. In a brazen Tweet that was taken down but captured on screenshot, they gloated: “All it took was a few paid actors and boom we did it again” referring to their previous rug, Doodled Dragons. “Y’all really believe anything these days.” During the hype, prices were at 2-3 SOL (200-300 USD). Then this scam saw the prices of the NFTs on the secondary market suddenly drop way below the mint price of 1 SOL. The project was later “de-rugged” by the Magic Eden, raising the price of the NFTs back to their previous highs. The marketplace also offered 5,000 SOL (over 420,000 USD at the time) from their treasury to fund the roadmap.

Twitter is the primary social media platform, alongside Discord, where people in the NFT community congregate and discuss the latest projects, the struggles, and the joy that they experience in the space. Unfortunately, as with everything, there are some negatives to the vast amount of “NFT people” on the platform. Alongside the positive and communal aspects of crypto Twitter come many bots trying to sell ‘low-quality’ NFTs or trick people into clicking fake links posing as reputable projects. Recently, there has been a scam circulating on Twitter around Yuga Labs’ Otherside metaverse. A fake account that has bought engagement with thousands of bots tags thousands of people in comment sections, encouraging them to click a fake link. The real link to the Otherside website is Otherside(dot)xyz, whereas the bots have been guiding people to otherside-metaverse(dot)com, a scam link.

This is downright disgusting. This is why NFTs get such a bad rep. It's like a wild west out there, unless a massive change where all projects have to be audited and verified as a REQUIREMENT, wont stop these greedy people from hurting others#balloonsville #rug #scam #SolanaNFT pic.twitter.com/toUHiHL2bk
— Lord Skywalker (@skywalker69_sol) February 6, 2022

This is but one of the many scams for big, new collections. Some in the past have included fake versions of Mekaverse, Invisible Friends and HAPE. Thankfully, Twitter makes an effort to ban the accounts after they’re reported, but not always. There is no way to tell how effective these bots are, but one thing is for sure, they’re everywhere, in comment sections and DMs alike. Bots are annoying to deal with, and often fill up comment sections to the point where it’s difficult to filter them out and see comments from real humans. The people, companies, or whoever is running these bots are even buying Twitter advertisements so that they can sell their NFT collections, or lure people into clicking on links to fake versions of blue-chip ones. These bots target new people within the NFT space and try to take advantage of them due to a lack of experience in identifying positive and negative signs in a project. Beyond this, some hackers and scammers took the bots a step further, taking advantage of hype around the Moonbirds NFT collection. They hijacked the accounts of verified Twitter users to push out and promote fake links to the collection. According to The Next Web, the seized accounts included Levi Sanders (son of Bernie Sanders), Martin Guptil (former New Zealand cricketer), as well as a golfer, some politicians, and former RuPaul’s Drag Race stars. They simply tagged hundreds of people on Twitter and attempted to get them to click on fake links so details could be stolen before the accounts eventually returned to their rightful owners. Although this could probably be looked at as “spam,” as it was called by one of the collection’s co-founders, Justin Mezzell, it could result in innocent people getting their funds or assets stolen with one or two wrong clicks.

While it remains difficult to stop the Twitter bot scams and copycat collections completely, there are ways to reduce the risk of falling for certain types of scams like bad links and trades gone wrong. Firstly, you should consider that the best protection against hackers and scams in the NFT space is quite simply skepticism and good judgement. That said, here are some clear things you can do to protect yourself:

Holders of valuable NFTs should consider using a cold wallet to store their tokens. By definition, a cold wallet is a physical device that keeps your cryptocurrency (and NFTs) completely offline. By contrast, a hot wallet, like MetaMask or Coinbase Wallet, puts you at added risk of being scammed. A solid example of a cold wallet company is Ledger, the industry leader. Their products include the Ledger Nano S and Nano X. Cold wallets can still be hacked, but the risk relies on IRL theft instead of online activity.

Oh the spam is terrible! We’re doing everything we can to contain it. Lots of bad actors doing their play. This wasn’t project criticism (which is of course valid) so much as gatekeeping which projects deserve recognition or success.
— Justin Mezzell (🥃,🦉) (@JustinMezzell) April 19, 2022

It’s important to note that whatever wallet or platform you are on, you should never give out information, including phone numbers, personal emails, verification codes and secret recovery phrases. Additionally, companies like Apple, Metamask and Coinbase will never call you, so you must not give information to anyone over the phone who claims to be a company representative.

Finally, Chainabuse is an important resource that has been created for people to report scams or hacks. On their site, there are a large number of reports on scams happening across several blockchains, including Ethereum, Bitcoin and Solana. These reports include NFT-related scams.

As long as the NFT space has profit-making potential, scammers will be on the hunt for easy marks. Therefore, holders of non-fungible tokens and cryptocurrency should safeguard their assets by watching out for bad links and using a cold wallet. Taking your finances into your own hands is empowering, but with the great power of decentralisation comes great responsibility.

Ross Wardrop

Ross Wardrop is a multimedia journalist based out of Glasgow, Scotland, with a current focus on NFT news and feature writing, which he's worked on in the past 12 months. He also has a massive passion for sports, specifically basketball and football (soccer). You can find him on Twitter @RossWardrop, on Instagram @rwardrop_, and on Linkedin here.