Last year was unprecedented in NFTs. The space has seen a dramatic rise in activity, from blue-chip collections to celebrities joining to an influx of community members. This is compared to twelve months ago.
Despite the fact that it has brought liquidity to the area, potential growth opportunities and a lot of potential, scammers have also been attracted to it. Many have fallen for a variety of scams due to the NFT's decentralized nature. In many cases, it's impossible to stop them.
Every day, scammers are getting more sophisticated and someone tweets about losing the most valuable digital treasures. Collectors must be more careful than ever. Here's how.
NFT is still in the experimental stage. Many have compared it with the Wild West. You can't report losses or complain to the authorities because there is no central customer support. Yet, the space generated billions of dollars in 2021. This makes it a great place to scammers.
The most targeted NFTs, so-called "blue chips", are Bored Ape Yacht Club and 96 ETH. A scammer can make hundreds of thousands of dollars in a single click. It's frighteningly easy for anonymous fraudsters to hack into conversations and manipulate people in a community that is built on positivity and a strong sense. It takes only one momentary error in judgment.
NFTs and blockchain gave us autonomy. However, it also means that we are responsible for our assets. No bank can watch over them. Your NFTs will be safe if you are able to identify the different scams.
Fake mint page
Many times, during highly anticipated NFT drops a lot of OpenSea Pages pop up. This can make it difficult for collectors to verify which collection is legitimate, especially if they aren't verified. Many collectors don't take the time to verify where their assets were minting from. This is because FOMO is percolating and the clock ticking.
The illegitimate collection and NFT are removed quickly from OpenSea, but the scammers still own the buyers' money. Recently, this happened with Punks Comic. Many were duped into making hundreds of dollars from a fake OpenSea Page.
Steps to Take
Never click on unverifiable links.
Double-check the domain link. A scam website is often distinguished by one character.
You can confirm that you are minting the verified URL by visiting the official collection's Twitter account or Discord first.
Your wallet address and every movement are public due to NFTs on the blockchain. This allows anyone to interact with your account and send NFTs directly to your wallet without you asking--as an Airdrop.
Scammers often send NFTs directly to your wallet in order to convince you to interact with them.
It is the most dangerous scam and can involve many methods.
A Twitter account with my profile picture and a copy my bio was discovered to have 5,000 followers. My account was identical to the fake account, except that the fake username had an additional s: NFTs1nsight. Someone who had not seen my real account could easily have been fooled by that account.
Although I don't know how the account was used or if DMs were sent out to scam victims, I can only assume that it was maliciously created. These scams are becoming more common with fake accounts gaining thousands of followers to make them appear more real.
Steps to Take
A fake account doesn't have many followers.
Double-check Twitter handles and followers.
Report it to Twitter if you are certain it is a fake account.
Scammers can also impersonate brands to offer support to victims. This is often done on Discord and Twitter.
Scammers may send fake OpenSea emails asking people to click on the "view" button. These links will often take you to a fake webpage asking for your wallet or seed phrase. Never send your seed phrase to anyone. Discord is full of similar scams. Once they have your information, they will transfer all your assets to another wallet and then sell them. There is no way to stop them. You will be in a race for as many NFTs as possible.
Scammers will often sell NFTs for low prices in order to get rid of them. Unsuspecting buyers might just grab them instead of asking how they acquired them. This can sometimes be stopped by community efforts, but it is not always.
Jenkins impostor: A case study
Hackers recently compromised the Discord server for the prominent NFT project Valet. A moderator had shared his screen with hackers. They were able lock down Discord and ban the moderators and founders. They impersonated Jenkins and were able to send a fake link to stealth drops. Many members believed it to be genuine. The link was almost identical to that on the original site. However, hackers created a platform for discussing the mint and banned anyone who doubted its authenticity.
Many fell for it and the community was robbed of a few hundred ETH.
Scammers used Discord DMs to trick the moderator into believing that he was a fraudster. He tried to prove his innocence through sharing his messages, but was quickly overwhelmed and confused. The scammers were able to hack his Discord and take control of his server by sharing his screen.
Jenkins didn't have complete ownership of the server. He was therefore banned. This would have been impossible if Jenkins had full ownership of the server. The ownership and permissions have been transferred, and control has been regained. This should prevent any future scams.
In response to the hack, the Jenkins team reacted quickly. They rebooted their Discord server from the top, introduced 24/7 moderation via bots and conducted an audit. All those who lost ETH were compensated. Jenkins gave away one Bored Ape Kennel Club NFT to show his regret for the incident.
The hack has a small advantage: it means that they are better prepared to fight future scammers.
Security best practices
These are just a few of the many ways you can keep your assets safe.
Verify links before you click them. Never click on links that are not verified.
Never share your screen.
Make sure you verify the contract address before minting anything. This should include the location where the NFT was created. It should be valid if it has been verified by OpenSea. It's possible it is true if it seems too good to be true.
Never give out your recovery phrase to anyone.
Your seed phrase should be kept off your phone and computer. Instead, store it offline ("cold Storage") with multiple copies in safe locations.
Always verify that you are minting on a verified website.
Many people find it easier and safer to disable Discord DMs entirely due to bots or scammers abusing them.
It helps to bookmark verified sites such as OpenSea - it prevents landing on fake pages.
You will not be sent a DM if you require assistance. Instead, go to the official site for help and not social media.
Ask trusted friends questions and turn to the official teams for answers. Don't be afraid of asking questions that will prioritize your safety or security.
Two-factor authentication is an additional layer of security.
Strong passwords are important. It is a good idea to change your password each time you create an account.
You can use a cold wallet like a Trezor or Ledger to store your money.
DYOR. Do your research on the NFT industry before you make any purchases.
Be vigilant when using NFT. A quick lapse in judgement can make the difference between an empty wallet and a full one.