“This is 100% not me.” tweeted Derek Laufman, the artist behind the RuinWorld series and other online comics. Laufman had discovered that someone was posting his prints as NFTs on the online marketplace Rarible.com in an attempt to make a profit.
“I thought the point of NFT was that the artwork and artists needed to be verified?” He reported it to the company, who later took down the profile. But Laufman’s experience is far from the only one online where scammers used an established artist to make a profit.
NFT scams on the rise
With cryptocurrency growing as a popular form of economic trading, none have confounded users as a valuable form of data for trading as Non-Fungible Tokens, or NFTs. Want to own the original version of the Nyan Cat meme? You can. What about the first tweet? It’s already sold for $2.9 million. NFTs have become a timely and valuable asset for collectors and crypto enthusiasts alike.
But it has also become a source of scams and trickery. Users are reporting a growing presence of attempted NFT scam accounts on various social media platforms and systems that are robbing sellers of dollars, bitcoins, and their own NFTs.
“Historically, NFTs were not targeted by attackers,” Chris Hamer of MyCrypto told the Daily Dot. “But now with the mainstream popularity and monetary value, bad actors have taken notice specifically targeting NFT Holders.”
At the core of these NFT scams is a singular practice: impersonation. Either a user will pretend to be a company that hosts NFTs on their site or will pretend to be a seller.
Impersonators on social media
Scott Renna, who works at the risk intelligence firm Flashpoint, says that one of the most common methods NFT scammers use are dummy websites.
“These attacks are very much like those seen when threat actors scrape and create dummy bank websites,” Renna said. “The goal is to emulate the normal login page in hopes that a user will fall victim and give over their [crypto wallet] password. These dummy sites can be delivered by phishing, and users who are viewing an email message are less likely to review an embedded link in an email, especially while on a mobile device.”
In many of these NFT scams, the creators build upon already established trust for more legitimate websites like Opensea and Rarible. Duplicitous URLs like “rariblestore” or “OpenseaNFT” are bought to build a fake website that resembles any other legitimate NFT trading platforms, followed by phishing, creating artificial forms to be filled out by the user.
Scammers will also construct fake social media accounts that resemble the original accounts.
Brand impersonation and other NFT scams are common on Telegram, Discord, and Twitter, where verification of images or sources can be tough. How can a user verify that an NFT advertised in their local Discord is the actual NFT listed? Without seeing a certificate of authenticity, you can’t. That makes the ability to research and investigate such products exceedingly tricky.
In these cases, it is imperative to double-check the website and make sure that it matches the top results listed on Google or elsewhere.
Replica NFT scams
For those not savvy to encryption or data verification, NFTs can often seem quite complicated—making NFT scams all the more easy to pull off. But they can also be enticing if they were, say, the latest Banksy painting.
A seller in February 2021 attempted to sell a Banksy-looking NFT for $900,000. The seller initially presented it as a Banksy piece of art, only for it to later be revealed to have no affiliation with the artist. In April 2021, NFT scammers had decided to sell copies of Japanese illustrator Qing Han’s art on an NFT platform a year after her death.
“Artist impersonation can be as simple as a fake listing for an NFT, and it can be quite easy to fall for,” says Chris Hamer, who handles education and support at MyCrypto. “When a new, hot collection drops on OpenSea, there are almost always fake profiles selling copies of the same thing. They take screenshots of or save images of popular items and mint the screenshots as new NFTs and sell them for a lower price, making you believe that you got a deal.”
Hamer says that many of these scammers play to FOMO or a “fear of missing out.”
It is also hard to give the impression that a company or a user owns a distinct NFT.
“Unlike physical goods, digital goods can be easily replicated, shared, and distributed across the web,” says Anne Fauvre, chief operating officer for Blockchain privacy company Oasis Labs. “If you expect that by buying an NFT, you can control the distribution and consumption of a digital good, then you’re misinformed about how digital goods work.”
In many cases, the only element that keeps an NFT unique is the blockchain verification or the certificate of authenticity. If users wanted to, they could easily create a copy of a digital good (image, clip, song, etc.) and pretend it was the original without validating the actual data. In the cases of these NFT scams, checking the copy and website surrounding the product can be a step toward protecting one’s investment from being wholly wasted.
How to secure yourself from NFT scams
“Many of the current issues with NFTs are less about scams and more about uninformed buyers,” says Fauvre. The Oasis Labs COO notes that scammers are often playing off of the average consumer’s lack of understanding regarding digital goods, namely that replication is easy and mimicry takes very little effort.
When it comes to security regarding NFT Scams, Renna says that slowing down is the best strategy.
“Always verify the site you are on is the one you believe it is by reviewing the full URL. Take advantage of MFA (multi-factor authentication) whenever possible. If it’s valuable enough for you to look to acquire, then it’s valuable enough for you to put more than just a password in place to protect it.”
“If you want to take things a step further, we would recommend holding your NFTs in a cold storage wallet offline.” Hamer also recommends that users consider investing in external authentication tools, like a crypto wallet.
But users should also know the flags to look for. Because whenever a new technology takes off, scammers a quick to follow.