The NFT market started gaining momentum in 2020, growing over 300% year-over-year and representing millions of dollars of cryptocurrency. During the first week of May 2022, the sale of these tokens then collapsed by 92% compared to last September. However, the market still generates the equivalent of millions of dollars, raising many concerns about the safety of this asset. If a thief previously had to break through the security of a museum to steal a work of art, access to a digital wallet can be gained using malware or social engineering.
When digital artist Qing Han died in 2020, scammers jumped at the opportunity to sell his artwork as NFTs, in his name. Last September, famed graffiti artist Banksy had his website hacked, posting an ad for the sale of what was to be his first NFT; one collector paid $336,000. The NFT market opens up opportunities for many scams:
Discord Scams: The chat platform is divided into communities called servers where people can talk, stream, and play games together. Last December alone, 373 members of a Discord server operated by the NFT gaming marketplace had their digital wallet authentication compromised, losing a total of $150,000. Another Discord scam involves sending direct messages that trick users into thinking they’re actually being contacted by a brand, artist, or influencer. Don’t be surprised by NFT projects without verifying that the offer is legitimate.
Fake Social Media Profiles: Beware of potential fake profiles. Often these are copies of real profiles, and you just need to look a little closely at the details to distinguish the fake from the real one. You should also be wary of bots that entice users to react to messages; use social media to interact with them and request information that could give them access to crypto wallets.
Phishing Scam: Replicated NFT Markets or fake crypto wallets are shared on Discord, Twitter and forums, as well as via email. The level of similarity to real companies is impressive and it takes a keen eye to spot small differences in the URL or overall layout.
Artist Impersonation: In addition to Banksy and his fraudulent website, other artists have gone through similar situations. Tyler Hobbs, the artist behind the “Fidenza” Art Blocks project, has sued the SolBlocks platform for using his code to sell replicas of his work. Derek Laufman’s artwork was also being sold by a fake account using the artist’s name, even getting a verified icon.
Pump and dump scams: The type of scam closest to NFT speculation involves a person or group of individuals buying a large number of NFTs (or cryptocurrency) and reselling them to artificially create a false impression that the asset is in high demand. In this way, market forces will increase resale profits. On the buyer side, this model appears to be validated by influencers sharing the NFT on their profiles, making it a great opportunity. Eventually, these buyers expect to resell at a higher price, which they never do.
Scams “pulled carpet”: scammers promote a project, solicit investments and, without warning, abandon it. This usually happens when they think they have “completely sold out investors”, removing all funds from an NFT wallet and deleting their profiles from the markets and social media.
Auction Scams: Fake NFT auctions are one of the most common scams. These occur when a real seller attempts to auction an NFT. The seller indicates the cryptocurrency in which he wants to be paid, but a scammer can successfully change the currency of his offer to a lower value currency. It can also work by adding and removing an NFT quote from a market, by shifting the decimal number one to the right. Without noticing the change, a buyer could end up paying much more than the originally expected amount.
Social Media Account Hacking: Fake offers and giveaways are a great way to pique users’ interest. Surprisingly, they can also come from established user accounts. The reality, however, is that very often these accounts have been hijacked by scammers to promote fraudulent schemes. Once a user tries to access the fake offer, they are asked to enter their password or personal details and provide their contact details and get nothing in return.
Fake Mints: In these schemes, scammers drop NFTs into influencers’ wallets, making it appear that celebrities actually minted the NFTs on the blockchain. Indeed, many buyers monitor specific portfolios for new business to anticipate mass interest and an increase in the value of an NFT. According to OpenSea, the largest NFT marketplace, more than 80% of NFTs created for free on its platform are fake, plagiarized from other artists, or spam.
There are many scams to be aware of as you delve into the world of NFTs, and as usual, scammers never miss an opportunity to make money. It is therefore important to always be attentive.
By Benoit Grunemwald, Cyber Security Expert, ESET France.