In mid-July, Verified Market Reports stated that the global NFT market had reached nearly $11.32 billion and was on pace to top $232 billion by 2030. With that much money changing hands, one thing is certain: You can count on criminals to try to steal as much of it as humanly possible.
At the start of 2022, Rolling Stone reported that “NFT scams are everywhere,” and the smart move is to “assume everyone is a scammer until proven otherwise.”
Rolling Stone actually was late to the game. Industry insiders have been cautioning NFT traders about the prevalence of digital fraud since the dawn of the blockchain industry.
If you dabble in NFTs, or if you’re considering getting in on the action, these are the most common scams you need to watch out for.
The Old Pump-and-Dump Stock Scam Is Now Called the Rug Pull
Alternately known as “pump and dump” — a fraud with a long history on the stock market — the rug-pull scam is a trap in which crypto developers entice early investors with misleading information about a nascent NFT project’s potential. When the NFT’s price hits a certain ceiling, the developers siphon all the money out of the ecosystem and disappear.
Take Our Poll: Do You Think You Will Be Able To Retire at Age 65?
Rug pulls sometimes use social media influencers to lure victims. In January, CNBC reported that investors filed a class-action lawsuit accusing Floyd Mayweather and Kim Kardashian of artificially inflating the price of a cryptocurrency called EthereumMax — which is not affiliated with Ethereum — and leaving investors with worthless crypto.
According to NFT Now, regulators hold NFT projects to the same standard as real estate, stocks or any other investment. In the digital world, as on Wall Street, it is illegal to solicit funds for an investment project and then abandon it without refunding investors, keeping the money for yourself.
According to Chainalysis, rug-pull scams are the bane of the industry, draining $2.8 billion worth of crypto and accounting for 37% of all crypto scam revenue in 2021, up from just 1% in 2020.
On Sept. 21, 2021, a Twitter user with the handle @babbler_dabbler tweeted that criminals had raided his digital wallet and stolen Damien Hirst’s “The Currency,” an NFT that at the time was worth more than $41,000.
According to Blockcast, @babbler_dabbler was the victim of an airdrop scam, a type of swindle that emerged from the DeFi field and is now common in the world of NFTs.
In this kind of scam, users will receive tokens in their wallets that they never heard of and didn’t request, often ending in .io.
There’s nothing inherently suspicious about this. According to CoinTelegraph, unsolicited airdrops are an essential tool for NFT marketing and promotion that legitimate producers use all the time for non-nefarious purposes.
In the case of airdrop scams, however, users are redirected to a third-party website when they attempt to collect their NFTs or trade them in for crypto. There, they’re hustled through a series of security/password recovery phrases that they must navigate before they can collect their prize. That’s the moment the victims inadvertently let the criminals into their wallets.
Phishing has more than a quarter-century of history, dating back to when the Usenet newsgroup AOHell coined the term on Jan. 2, 1996, according to Phishing.org. It was always tied to email, but scammers have updated the classic swindle for the blockchain age.
In November 2021, Check Point Research reported on phishing scams that stole nearly a half-million dollars from the wallets of victims whom criminals duped with fake search engine ads that appeared to point to legitimate sites.
Just as with email phishing, NFT scammers tend to impersonate the biggest, most credible players in the industry, such as Phantom and MetaMask. When marks click on an ad, the link directs them to a fake site that impersonates legitimate sites where they would go to download digital wallets like Metamask or change currencies on platforms like Uniswap or PancakeSwap.
Once on the imposter site, victims are prompted to enter their private wallet keys or 12-word security seed phrases — a major red flag that should always stir suspicion — opening the door for digital robbery.
Like so many similar platforms, the social messaging site Discord uses helpful artificial intelligence entities called bots to perform tasks such as welcoming users, banning troublemakers and moderating discussions.
In April, NFT Now reported that hackers had hijacked the Discord servers for Nyoki Club, Bored Ape Yacht Club and other popular NFT communities. Fittingly, the attack took place on April Fool’s Day.
The hackers commandeered the communities’ bots and used them to trick users into clicking malicious links that purportedly led to newly minted NFTs with exclusive rewards. However, the NFTs never existed and the posts linked to phishing sites where the buyers paid — tens of thousands of dollars, in some cases — for nonexistent tokens.
More From GOBankingRates