- use a browser that isn’t connected to your NFT wallet browser extension to test new links
- research and always use the official links; do not use google search links
- use a hot wallet & cold wallet
- don’t ever mint anything or use your crypto wallet while you lack sleep or are under the influence of alcohol or drugs.
Scammers and hackers are continuously developing new creative ways of tricking people into stealing money. Below are some typical scams in the NFT space, some of which I have experienced firsthand.
Fake collection
I have personally bought into a fake copied NFT collection. This is what happened. I had just missed out on a dutch auction mint, precisely IMAGINARY ONES. On Opensea, the floor price was selling for 2.2 ETH, and by searching the name on Looksrare, the floor price was 1.8ETH; immediately, I thought of arbitraging the NFT. So I FOMO immediately bought it, and when I went back to Opensea to sell it for 2.2ETH, the title of the NFT was another name. I realized I had purchased a fake collection. I didn’t check the official NFT contract address in my FOMO emotional state. Just a warning, always use the official NFT project secondary market links and NFT contract address.
Fake Mint Sites
Usually, right before an NFT project mint, sometimes the project’s DISCORD server gets hacked. The hacker posts a fake mint site link in the announcement section, and thinking this is the actual link and minting, your ETH gets stolen. It happened to me once before, so I always double-check that the mint link is authentic each time I mint something.
Another way is that hackers somehow get a hold of you through a google search. The fake copied site (website address is very similar, so instead of a .io, it might have a .com) will look precisely the same as the NFT project site. While on the site, you will see that the mint counter is declining. This causes you to FOMO mint without checking the official links. Either you lose the ETH you minted with, or your whole wallet might be compromised.
Pretending to be someone else
Sometimes, hackers use a name similar to or the same as one of the moderators of an NFT project. They will DM you, saying there is something wrong with your wallet address or the NFT, and will offer a way to reimburse or give you a free NFT. All these are scams and fake. And scammers can often fake legitimate NFT customer service pages to divulge sensitive information from unknowing NFT owners.
99% of the time, DM sent by strangers are scams. So don’t press on them, whether the links look safe. Just choose to ignore them, and your crypto and NFTs will stay safe.
You might receive an email regarding your crypto wallet (MetaMask) has been compromised, and there’s a link there to reset and get back your wallet. Unfortunately, all these links will hack your wallet. First of all, Metamask does not send out emails, and FYI, you didn’t input your email when you sent up your crypto Metamask wallet, so how can Metamask send you an email?
Fake Site that looks Real
While entering a site, a popup that looks very real to the standard Metamask popup will ask for your secret seed phrase. Unfortunately, this has happened to be me and to a good friend.
NEVER input your secret seed phrase anywhere on any site, no matter how legitimate the site looks
In the worst case, if your NFTs have been stolen, you can flag the wallet with Opensea, and they will stop the sales of your NFTs on Opensea that were stolen, but the NFTs can still be sold/traded on other secondary markets. And maybe with some luck, the person who bought the stolen NFTs will give them back to you.
Google Docs Link
Hackers have sent out google docs links inside discords containing some webhooks used to hack a crypto wallet.
OpenSea vulnerability
A hacker posts about an OpenSea vulnerability, claiming they lost a significant amount because of "OpenSea API" approval. They direct you to fake sites to revoke your wallet permissions. Following the instructions on the site gives the hacker access to your wallet, so be careful of any links.
SudoSwap and Private Sales
People have been scammed from “private sales” through DM. The suggested platform is Sudoswap. While Sudoswap is legitimate, scammers take advantage of unsuspecting people b a fake ERC20 token named wrapped ETH. The token is approved on Sudoswap, so unsuspecting people unknowingly trade their valuable NFTs for this fake token. My personal opinion is to trade on an official secondary marketplace and be safer that way.
Free DISCORD NITRO gifts
Scammers have posted Free DISCORD NITRO gift links, and these links will ask for access to your crypto wallet, and then your wallet is compromised.
RUG Pulls
Rug Pulls, the NFT, and crypto scammers will say they stole your money right after the mint, and then close the whole project. Or it is a slow RUG pull, and they slowly drain the funds from their account. I will share how to spot rug pulls in a later article.
Fake Giveaways or Winning an NFT
A fake NFT account will message users, usually on Twitter or Discord, telling them that they’ve won an NFT. This fake NFT account will then give the user a link to a fake NFT website, which will ask them to connect their crypto wallet and enter their seed phrase. Usually, if you didn’t enter a giveaway or this Twitter account doesn’t have many followers, it is 99% a scam.
In conclusion, even though the NFT market is getting more mature, many scammers and hackers are still trying to rob unsuspecting people. Cybercriminals are getting creative and are finding new ways of tricking people. Stay vigilant and stay aware of what scams are out there. Just be careful. Do have fun, and let us meet up on Web3.
Thank you. I look forward to hearing your own insights and comments.
Cheers,
Eric F
If you want to get in touch about interesting NFT ideas or projects or want to hear about a specific topic, I'm @ericclfung on Twitter.
Thanks to @Lay0ver.0n.the.m00n & @Rocketman1988 & @CISBROS for reviewing this post.