NFT Scams: 10 Types You Need to Know

By Brad Jaeger  - Director of Content
20 Min Read

It’s a sad fact, but scams are everywhere you turn in the NFT world today. A lack of regulation and oversight coupled with the public being unfamiliar with new technology is a beacon to scammers in search of an easy payday. With new scams popping up each and every day, keeping up with them all would be a full-time job.

It can be difficult determining what you need to know in order to stay safe. Thankfully at HeyMint, we’ve noticed that many of the most popular NFT scams follow a familiar pattern. So without further ado, here are 10 types of NFT scams you need to know in order to stay safe in the space today.


1. Cloud Storage or Email Compromised

Everything in crypto and NFTs comes down to protecting and safely securing your seed phrase, (alternatively called a recovery phrase) which are 12-24 words which grants access to your wallet and all of its assets. Many people choose to save a backup of their seed phrase on their phone or computer, either in their email, or a document that is backed up to some form of cloud storage (Google Photos, Dropbox, etc).

While at first this may seem like a convenient way to never lose your seed phrase, it’s also one of the riskiest things you can do. Breaches of online security are incredibly common and most people—sooner or later—will have one of their accounts compromised. If one of those compromised accounts happens to have your seed phrase on it, then a malicious actor now also has the key to all of your NFTs and crypto held on that wallet.

Key Takeaways: If there’s anything you take away from this article, it’s that you should never keep a copy of your seed phrase on an internet connected device.

Related NFT Scams (News or Articles):
Phishing of iCloud Credentials Can Lead to Stolen Funds


2. Discord Compromised

Even at the end of 2022, Discord remains the go to spot for NFT communities (along with Twitter). Although alternative web3 solutions are in the works, none have dethroned the current leading platform. Because of this, Discord is a frequent target for scammers. Scams come mostly in the form of direct messages (DMs) and malicious links. 99% of them can be avoided by disabling your DMs and not clicking on anything sent your way.

Key Takeaways: Disable your DMs, watch out for impersonation, and avoid clicking links sent to you, whenever possible.

Related NFT Scams (News or Articles):
Webhook Exploits Via Popular Ticketing Tool
NFT Thief Returns 88 ETH After Stealing It From CreatureToadz
How $250,000 Was Stolen from BearX
“Free Discord Nitro”, the Classic Discord Scam


3. “Customer Support” NFT Scams

Most prevalent on Twitter and Discord, scammers will pose as customer support technicians or the help desk for major marketplaces such as OpenSea, or wallets like MetaMask. Once engaged in conversation, scammers employ various tactics including social engineering, phishing, and malicious links to find vulnerabilities and exploit them to the fullest. Some scammers specifically build bots to monitor the space, looking for keywords which might signal an opportunity for the scammer to strike.

As of the end of 2022, some of the most prominent customer support scammers have been cracked down on, although it remains to be seen for how long. While scammers on Twitter typically reply directly in the comments, some have recently taken to quote retweeting others.

Fake MetaMask support line conversation
Fake MetaMask customer support

Key Takeaways: Be on guard whenever you discuss NFTs or crypto online, especially if you are trying to troubleshoot problems you are experiencing.


4. Fake Wallets / Fake Minting Sites

Using your wallet and minting NFTs are everyday events for many in the space, so it’s no surprise that both are frequent targets of scams. Fake wallets & minting sites can be especially damaging when combined with the takeover of a compromised Discord or Twitter. In those cases, a link to the fake site may be shared to members of the community and blindly trusted.

Fake Wallets

One of most common examples of a fake wallet scam involves the scammer making a fake website. When someone heads to the site they encounter something which mimics the sign-in window of MetaMask, WalletConnect, or another crypto wallet. The result? Instead of signing into your wallet, you are in fact phished and handing over valuable security information for the scammer to exploit. Most false wallet popups will ask for your seed phrase (also called a passphrase or recovery phrase) to sign in, which is a huge red flag and a sign that you should immediately abort.

Fake Minting Sites

Fake minting sites are another problem, and appear for nearly any NFT release that catches the public’s attention. Scammers will do their best to duplicate a site, matching the original url and details of the site as closely as possible, in an effort to make some easy money off of misdirecting people. Once you connect your wallet to them, you may inadvertently agree to send your payment to the wrong address, or even give access to your wallet’s contents to the scammer.

These sites will also employ FOMO (fear of missing out) tactics to encourage you to act quickly and without thinking. One of the main FOMO strategies scammers may use on a website is the fake mint counter. Fake mint counters display false numbers to make you believe the supply is limited and going fast. You can tell when a mint counter is fake because it will move unreasonably quickly, such as every few seconds, or it’ll move at consistent, repeated intervals.

Key Takeaways: Always verify that the site you’re minting from is accurate by checking the project’s official Discord, Twitter, website, etc. Additionally, while wallet browser extensions (like MetaMask) are a thing, wallet popups are not.

Related NFT Scams (News or Articles):
Fake Metamask Popup Phishes Users MetaMask Wallet
Fake Mint Site Scheme on Instagram Results in Major Losses


5. Fake Demand

Less obvious than the norm, fake demand scams target degens and flippers who are always on the lookout for new minting opportunities to make a quick buck. The aim is to trick people into believing a project is more successful than it is. This is generally accomplished by creating false impressions about a project’s success (often through wash trading). Another angle for this scam is giving the illusion that influencers and public figures in the space are buying into it, usually by airdropping them NFTs from the scammer’s collection.

Key Takeaways: Do not FOMO into projects: take your time, and only support and invest in projects and teams that you trust. Always do your own research and do not take people at their word. If you are trying to follow the strategy of whales online (which we don’t recommend), at the very least make sure to determine whether they minted/bought the NFTs, and weren’t just airdropped them.

Related NFT Scams (News or Articles):
Fake Minting Tricks Pro Traders


6. Employment Offers NFT Scams

Employment offer scams typically target artists or freelancers. Most will pose as a business or individual who are reaching out to commission or license a piece of work. The end goal is generally to get the individual to sign something suspicious, or to open malicious executable files meant to hijack your PC (which in turn can do anything from search for passwords or even give remote access to the scammer).

Key Takeaways: If something seems too good to be true, it probably is. Assume that anyone contacting you is trying to get something from you. Even if the offer comes from someone you think you know, do your due diligence to ensure that you are actually talking to the person you think you are. Finally, be incredibly cautious and skeptical about anything you’re asked to download (especially if it is a .exe file).

Related NFT Scams (News or Articles):
Twitter DM Scam Targeting Artists
Elaborate IP Rights Scam Results in 14 Stolen Apes (850+ ETH)


7. Impersonation NFT Scams

One of the simplest tricks in the book is for scammers to pretend to be someone they’re not. This often involves buying old or hacked accounts and repurposing them to impersonate a popular influencer, business, or collection. The scammer then will generally direct their audience to a fake minting site or a clone of a website with a fake wallet popup meant to drain your assets.

Key Takeaways: Whether just following a notable figure, or having been contacted by one, triple check that they are legit, and that you’re following their actual account. Look for red flags like new social media sign ups and discrepancies in follower/followed counts. Better yet, do not take the words of anyone as gospel. Assume that anyone who contacts you is not real or legit, unless proven otherwise.

Related NFT Scams (News or Articles):
Impersonation of a Known Collector


8. Trading NFT Scams

False or misleading trades have been a favorite of scammers for some time. From using phony trading sites that drain wallets, exploiting loopholes in legitimate trading sites, or simply tricking the other person into believing they’re about to make a trade they’re not, this scam shows no signs of slowing down.

Key Takeaways: Trading is extremely risky. If you must trade, at least stick to well known and established sites; but even then, nothing about trades is 100% safe. Also remember that whoever sends their assets first is assuming the most risk. Do not trade with anyone you don’t know or trust.

Related NFT Scams (News or Articles):
NFT Swap Order Scam and How to Avoid It
Three Bored Apes Lost After Discord “Troubleshooting” with False Buyer
New Sudoswap Scam Spreading Like Wildfire


9. Social Engineering / User Error

Most people, not just in web3, have a poor understanding of what hacking is and how it works. The vast majority of people who have lost money to scammers were actually victims of social engineering, phishing, and user error. In other words, they were duped into clicking, signing, installing, or divulging something that exposed them to risk. Although we’ve divided this list into 10 different scam types, the vast majority are, in one way or another, a form of social engineering and/or user error. Nearly all NFT scams rely on people making mistakes (usually by being pressured, lazy, or rushed). And unfortunately, all it takes is a moment of weakness or a lack of due diligence to potentially lose everything.

Key Takeaways: The vast majority of scams involve social engineering and user error. The best defense you have is to be informed, think critically, and try not to make any rash decisions.

Related NFT Scams (News or Articles):
Seth Green’s Stolen NFTs & Post Mortem on How the NFTs were Stolen
Fake Elon Musk Giveaway Scam Costs Man Over £400,000
Fake 100% Money Back Guarantee
A Simple Mistake Exposed 270k Crypto Wallet Buyers & Victims of Hack Are Receiving Fake Wallets
Message Signing Scam Tricks People to List Their Tokens for Next to Nothing
$34 Million Lost to Bad Coding
Nearly 2 Million Dollars Lost to OpenSea Phishing Scam


10. Rug Pull NFT Scams

Rug pulls are among the most common of all NFT scams, and a constant concern of anyone who mints projects on a regular basis. A rug pull is when the developers of a project willfully abandon it immediately or shortly after making their money from the mint/launch. Another variant is the “slow rug pull”, where the staff gradually slows in corresponding with their community or meeting target goals until they eventually disappear entirely.

Key Takeaways: Learn everything you can about NFTs and crypto before spending any money in the space. Engage with the communities of projects you’re interested in. Learn all you can about NFTs, crypto, and web3, and always have a curious mind. Make your first mint something that won’t break the bank, because chances are, you won’t know what you’re doing at first.

Related NFT Scams (News or Articles):
Investors Spent Millions on ‘Evolved Apes’ NFTs. Then They Got Scammed
Pixelmon Makes $70 Million Dollars with Store-Bought Assets and False Promises
Raccoon Secret Society Kills Collection “to Show People What They’re Actually Buying”


Protect Against NFT Scams With a Cold Wallet

At HeyMint, we strongly recommended that you purchase a cold wallet as soon as possible to help protect your digital assets. A cold wallet is a hardware connected device which secures the wallet by requiring a manual button press before transactions can be processed. Cold wallets are not connected to the internet by default. This combination ensures a much higher level of security, as a scammer would generally require access to both the account and the device in order to move/transfer any funds/tokens.

When should you buy a cold wallet? The answer is simple: if you would be hurt by losing the crypto and NFTs you currently own, you should buy a cold wallet.

If you are in the market for a cold wallet, we’d be thankful if you used one of our affiliate links below. By purchasing, not only will you help protect your assets, you’ll also be supporting our platform and funding additional helpful resources such as this.

Ledger and Trezor are the two most popular wallet manufacturers at the moment, although Keystone has also been growing in popularity.

Ledger: (Main Shop Page / Ledger Nano S Plus / Ledger Nano X / Ledger Stax)
Trezor: (Main Shop Page / Model T / Model One)
Keystone: (Main Shop Page)

Keep in mind that while cold wallets provide an essential and additional layer of security, they will not help you if certain instances, such as if your seed phrase is compromised or you sign transactions you shouldn’t have. In other words, cold wallets are great for protecting from hacks and other forms of intrusion, but they will not save you from most social engineering scams or user error.


I’ve Been Scammed! Now What?

Brace yourself — in all likelihood, you will never get back what you lost. Between the largely decentralized and unregulated nature of cryptocurrency and NFTs, there are few protections and even fewer examples of people getting their money back. This is an unfortunate risk we all take in pursuing a new and barely understood technology as early adopters. In the future, reporting NFT scams and crypto theft will be as easy as reporting credit card fraud is today. Until that time, it is important to remain extra vigilant with your crypto wallet and NFT assets online.

There are, however, some proactive measures you can take in the meantime:

  • Submit tickets to OpenSea, MetaMask, or wherever the issue occurred.
  • Talk about the scam and protect others by using social media to raise awareness of your issue.
  • Ping/contact any friends whom you believe may be vulnerable or exposed to risk.
  • Use Etherscan to report phishing attacks on the address(es) the funds were transferred to.
  • If on OpenSea, you can report the scams by submitting a ticket in the hopes of having the account(s) banned. Note: OpenSea policy dictates that you must include a police report within 7 days of filing, in order to deter false reports.
  • If you reside in the United States, you can report an internet crime to the FBI. If you reside outside of the United States, try to look for any federal governing authorities to which you may report.

Until next time! Stay informed, and stay safe!
– HeyMint

Share this Article
By Brad Jaeger Director of Content
Follow:
Director of Content. Encouraging everyone to join web3. Father, husband, dad joke teller. 333🦉 bradjaeger.eth.