The NFT market has been targeted by criminals with its rising market cap. Given that, please stay alert to avoid asset loss whether you are a veteran or a newcomer to the NFT community.
NFT blind box scams
NFT blind box scams often take place on social platforms such as Telegram and WhatsApp. Users are lured to buy NFT blind boxes through a phishing link. If they purchase the so-called NFT blind box, their token approval of NFTs will be granted to scammers, resulting in loss.
Security tips
- Please stay alert and don’t click any unknown links from strangers when you interact with others on third-party social platforms.
- Please be aware of scams in different forms to cheat your token approval and don’t trust the so-called NFT blind boxes.
NFT airdrop scams
Information about a wallet address is available to the public, meaning that anyone can send cryptocurrencies or NFTs to someone’s address. So scammers often airdrop fraudulent NFTs to users’ wallet addresses and lure them to visit NFT marketplaces to claim NFTs or accept fake offers.
Users’ NFT token approval will be granted to scammers if they try to claim NFTs or accept offers. For instance, users may want to accept the offer (for 1ETH). However, when they try to sell the airdropped NFT on OpenSea, they are actually giving out their token approval.
Security tips
It is recommended to ignore any NFT that is transferred to your wallet without your permission. In this way, you can avoid interacting with malicious smart contracts.
Fake customer service scams
On social platforms such as Discord and Telegram, scammers will impersonate admins of a NFT community, stealing wallet mnemonics in the name of solving problems for users. With ill-gotten mnemonics, they can steal tokens from the wallet of a user who will suffer irrecoverable loss.
Please note that to protect your NFTs from scammers, don’t trust the so-called customer service on social platforms including Discord and Telegram. You can reach out for help through the official website of an NFT project or an NFT marketplace.
Security tips
Please don’t share your mnemonic or private key with anyone!
Discord DM scams
Sending DM on Discord is one of the most common ways to carry out a scam. Users are told that they can get free NFTs through fraudulent websites in DM from fake Discord community admins. In this case, they are lured to click a link to get the NFTs. In fact, their NFT token approval in the wallet is granted to scammers at the same time.
Discord DM scam
Security tips
Usually, NFT project teams will not DM users proactively. Thus, it is very likely that those who DM you in that way on Discord are scammers. For your security, we recommend you to turn off the DM function of Discord. Here are the steps:
- Open Discord and click “User Settings” to enter the settings page.
- Click “Privacy & Safety” - “Server Privacy Defaults” and turn off the “Allow direct messages from server members” button.
Phishing websites
By impersonating NFT marketplace officials, scammers lure users to enter phishing websites through emails or social media. Then, users are told to login by connecting their wallet. However, after entering their wallet password, they will be informed that they have entered the wrong password. Also, their wallet address needs to be verified again through the mnemonic. This will get the mnemonic compromised and lead to NFT loss.
Phishing websites | a fake OpenSea website shown in the picture above.
Security tips
For your asset security, we recommend you mark links of your frequently used NFT marketplaces. In this way, you can avoid NFT loss caused by phishing websites.
- OpenSea:https://opensea.io
- Rarible:https://rarible.com/
- LooksRare:https://looksrare.org/
Apart from that, please don’t enter your wallet mnemonic or private key into any websites with unknown risks. We recommend you to use hardware wallets such as imKey to keep your mnemonic offline for better security.
Fake NFT scams
By right-clicking and saving to create a copy of an NFT image, scammers can create forged NFTs. Then, those NFTs will be listed to be sold to users through official censorship loopholes of an NFT marketplace. Also fraudsters will make offers to the listed NFTs to make them more trustworthy.
For example, in October 2022, Reddit NFTs went viral with their daily trading volume exceeding 2 million US dollars. Taking this as an opportunity, scammers listed fake Reddit NFTs on OpenSea to steal tokens from users. The fake NFTs were not delisted until being detected by the marketplace 24 hours later.
Security tips
When you buy NFTs on marketplaces, please check out their authenticity through the following ways:
Method one: different security measures are adopted by NFT marketplaces to check out the authenticity of such NFTs. For instance, on OpenSea, a blue checkmark badge means an account has been verified for authenticity. For an NFT collection, that badge shows that it is owned by a verified account with great influence or sales.
A blue checkmark means an account has been verified for authenticity by OpenSea.
An NFT collection with a blue checkmark belongs to a verified account.
Method two: you can check out the metadata, ownership, and trading records of an NFT. Information about an NFT collection is accessible through an NFT explorer.
Learn more: A step-by-step guide for using NFTScan in imToken
Method three: you can check out the information about an NFT on social media. Usually, project teams and artists will promote their NFTs through twitter, Youtube and other channels.