NFTs have transcended traditional notions of ownership and provenance, finding applications in art and entertainment and humanitarian and nationalistic initiatives.
Asset tokenization, coupled with the transparency and immutability of its underlying technology, creates global accessibility of NFTs, which is helpful for not only engaging a broader audience but also providing a novel and effective way to raise awareness for critical social issues. The most poignant example of this application can be seen in unexpected contexts, such as using NFTs to support Ukraine during its conflict with Russia.
Empowering Ukraine Through Novel Means
In the face of geopolitical tensions, NFTs emerged as a novel means of garnering global attention for Ukraine's plight. Once primarily associated with art and collectibles, these tokens became pivotal tools in Ukraine's financial and resistance strategies.
NFTs garnered significant attention during the Ukrainian government's efforts to mitigate the economic repercussions of the invasion. A noteworthy instance is the UkraineDAO initiative, which utilized crypto-fundraising techniques. This campaign achieved a remarkable feat by selling an NFT featuring the national flag, generating an unprecedented $6.75 million. This sale ranks among the highest-grossing NFT transactions to date, demonstrating the potential of NFTs in crisis response and fundraising. Furthermore, the government's asset pool grew by donating 840 NFTs, including significant pieces like Cryptopunk and other well-known projects. Despite some NFTs having minimal value individually, this donation underscores the international backing for Ukraine and its citizens.'
Ukraine's use of NFTs to bolster its financial and resistance strategies in the face of adversity mirrors a global trend that underlines the remarkable surge of NFTs.
This multifaceted employment of NFTs exemplifies a departure from conventional applications, illustrating the immense potential these assets could have on various industries and economies. Yet, progress made by this technology is at risk of being undone by one factor: NFT scams.
NFTs in a Nutshell
Even with multiple market cycles, the appeal of NFTs has surged in recent years, experiencing a remarkable increase of $4.7 billion during the initial quarter of 2023, according to DappRadar. This surge can be attributed to their decentralized nature, celebrity endorsements, representation of popular culture, improved copyright protection, and the simplicity and transparency they bring to the ownership and exchange of digital assets.
Unfortunately, the hype surrounding NFTs has made it easy for scammers to target unsuspecting users. The value and perception of NFTs have raised questions, such as the vulnerability of NFTs to financial crimes, which in turn has raised concerns. Critics have extensively debated the possibility of exploiting NFTs for unlawful purposes, such as money laundering and tax evasion.
The Rise of NFTs and the Dark Side of Innovation
While crime constitutes a minor fraction of NFT trading overall, its impact on the industry's reputation is disproportionately significant. Within a year (July 2021 to July 2022), theft of NFTs worth over $100 million resulted from fraudulent schemes. Despite the decline in cryptocurrency markets, individuals carried out these scams, likely driven by breaches on social media, particularly within Discord servers.
These social media breaches, which saw a notable surge in 2022, have accounted for 23% of all stolen NFTs, amounting to approximately $20 million, and are believed to be influenced by the increase in custom-made malware aimed at bypassing multi-factor authentication.
Common NFT Scams to Watch Out For
Phishing scam
Phishing scams are prevalent not only in the NFT community but also in the broader Web3 industry. These scams involve fake malicious websites, emails, or offers to compromise individuals' crypto assets.
Scammers use underhanded tactics to steal cryptocurrency wallets and valuable NFTs in a deceptive scheme that preys on trust. Victims are tricked by fake pop-ups resembling reputable wallet login panels such as NFT marketplaces or crypto wallet providers, unknowingly providing access to their wallet information. These scammers then manipulate victims into approving harmful transactions using code snippets and sync functions.
The scammers rely on the fear of missing out (FOMO) to incite hasty actions. NFT traders, enticed by surging values, become targets of the frenzy. Whether offering free tokens or requiring a fee, these fraudulent websites connect victims' wallets, enabling fund transfers to scammers.
A phishing scam targeting OpenSea users led to the loss of 260+ NFTs. The fraud involved a deceptive email prompting users to transfer their wallets to OpenSea's Wyvern 2.3 contract address. Once clicked, the email contained a harmful link that allowed the scammer to empty their wallets. Although some of the NFTs were returned, the scammers kept the most valuable ones and made over $2 million (in current NFT value) from the heist, worth $5.1 million — the largest NFT heist on record.
Plagiarized NFTs
Here is another common scam within the NFT space that is often difficult to detect because the plagiarized NFTs may look precisely like the original artwork.
Plagiarized NFT scams work by taking someone else's artwork and minting it as an NFT without the artist's permission. For this scam, the fraudster will typically find an asset they like and mint it as an NFT on an NFT marketplace. They will then try to sell the plagiarized NFT to unsuspecting buyers. Sometimes, the fraudster may even create a fake profile pretending to be the original artwork's creator. They will then use this phony profile to promote the plagiarized NFT and make it seem more legitimate.
Pump-and-Dump Scams
Pump-and-dump NFT scams are a type of investment fraud where the scammer artificially inflates the price of an NFT to sell it at a profit.
The scammer typically creates fake hype around the NFT by buying numerous NFTs and promoting on social media. They may also create fake news articles or social media posts that make the NFT seem more valuable than it is. Immediately, the price of the NFT is inflated, and the scammer will then sell their NFTs at a profit, leaving other investors holding worthless assets.
NFT Swap Scams
NFT swap scams utilize the non-inherent uniqueness of NFTs by creating a copy that is as close to the real NFT as feasible. Usually, the scammer will make a counterfeit NFT of a high-value NFT. They will then contact the owner of the real NFT and offer to trade it for the counterfeit NFT. The victim will agree to the trade, believing they are dealing their NFT for a like-for-like swap. Once the victim has swapped their NFT for the counterfeit NFT, the scammer will sell the real NFT. The victim then remains with the worthless counterfeit NFT.
The scam can also involve a swap of NFTs, but one user needs to hold up their end of the deal. For example, a user swapped one Bored Ape and two Mutant Apes for three fake Bored Apes that looked legitimate because they had a "verified" mark in the image. The victim lost $575,000 worth of NFTs to the scammer.
Airdrop scams
Airdrop NFT scams exploit the concept of "airdrops," where new tokens are sent to users' wallets as part of promotional campaigns. While it's more common within the DeFi industry, this scam exploits the popularity of airdrops to prey on individuals' trust to manipulate their holdings.
Scammers adopt two tactics: They create deceptive websites resembling genuine airdrops or fabricate their own. Upon clicking "claim airdrop" and connecting wallets, victims unknowingly grant scammers access to their assets. Secondly, scammers can produce valueless NFTs and airdrop them into potential victims' wallets. These NFTs promise monetary redemption, luring victims to a phishing site where they inadvertently approve transactions that deplete their assets.
In an incident related to NFT airdrops on Polygon, criminals created over 1,300 fake NFTs on the Polygon network, imitating real airdrops from Polygon, Aave, RocketPool, ApeCoin, and Uniswap, stealing over $1.2 million in a series of scams.
Impersonation Scams
Imitation scams in the NFT industry involve criminals pretending to be support staff of NFT marketplaces or custodial wallet services.
They will often target users who have publicly complained about bugs or technical difficulties on social media. The scammers will then send the victim a direct message, pretending to be from the NFT marketplace or wallet service, and offer to help resolve the issue. The scammer will then ask the victim to provide their wallet seed, the private key that gives access to the victim's NFTs. Once the scammer has the wallet seed, they can steal the victim's NFTs.
Alongside social media, scammers may also use phone scams to impersonate NFT support staff. They will typically call the victim and claim a problem with their account. The scammer will then ask the victim to provide their one-time password, which helps access the victim's information.
Please note: This compilation of scams is by no means exhaustive. While we have covered prevalent scams, other less common yet equally deceptive practices exist, such as bidding, social media impersonation, and investor scams. To safeguard against these various threats, we encourage you to research these scams and familiarize yourself with potential red flags.
The significance of platform selection in safeguarding against blockchain security threats
Blockchain platforms have different strengths and weaknesses; some are more secure than others. By choosing a platform with a strong security track record, users and developers can reduce their risk of being exposed to security threats.
Why Unique Network's robust NFT ecosystem thrives with Polkadot's pooled security system
Blockchain bridges, which allow for the transfer of assets between different blockchain networks, are critical to the interoperability of the Web3 ecosystem. However, their independence from each other can also contribute to blockchain security threats and vulnerabilities in two main ways. Firstly, attackers can exploit vulnerabilities in individual bridge protocols without affecting others. This allows them to concentrate on the weakest links, moving on if unsuccessful. Secondly, it opens the door to cross-chain attacks. Here, attackers exploit one bridge's vulnerability to steal assets from another. Bridge protocols depend on validators, and if an attacker seizes a majority on one bridge, they can hijack it and siphon assets from other bridges.
The Polkadot Relay Chain addresses issues related to security and scalability by offering economic incentives to the Relay Chain. Parachains can then tap into stronger guarantees from the beginning. This is made possible by the parallel nature of the parachains, which communicate with each other and run transaction processes concurrently, inheriting the entire network's security. This shared security ensures that all parachains connected to the Polkadot Relay Chain benefit from the economic security provided by Relay Chain validators. By distributing security responsibilities across a network of interconnected blockchains, Unique Network safeguards transactions with the collective strength of Polkadot, significantly reducing the risk of NFT fraud and enhancing the overall trustworthiness of the ecosystem.
Navigating the Grey Areas: Ethical Concerns Surrounding NFT Scams
The landscape of NFT scams is rife with identifiable attempts that often leave potential victims unharmed. However, the pervasive presence of scams within NFT communities has bred an atmosphere of paranoia and extreme caution, giving rise to what's known as "fear, uncertainty, and doubt" (FUD). While vital for protection, this heightened vigilance risks impeding the accessibility and enjoyment of NFT engagement for both novices and experts. Consequently, user experiences and future investment potential are casualties of this scam surge.
While the illegal gains from NFT-based platforms since 2017 amount to around $8 million, according to insights from Elliptic, a mere 0.02% of traceable trading activity, this contrasts starkly with the staggering $23.8 billion routed through illicit addresses in 2022, marking a 68.0% surge from 2021. This discrepancy stems from the perception that NFT-based crime is more rampant than it is. Nonetheless, criminals are adapting, with phishing scams evolving into more intricate forms like social media takeovers, phone scams, API exploits, and malevolent airdrops.
Unique Network's Role
To counter this, NFT platforms such as the Unique Marketplace are adopting proactive risk management, integrating sanctions screening solutions to provide security. These platforms can mitigate reputational risks and quell user apprehensions about processing stolen assets by employing wallet screening and transaction monitoring tools. This approach necessitates robust anti-phishing measures, including blocklists, automated detection tools, and effective domain provider identification to thwart these increasingly sophisticated attacks.
Layered access management, combined with an SDK that can burn tokens or entire collections and manage account balances, is also indispensable for fortifying defenses against NFT scams. This multifaceted approach ensures that only authorized individuals can access and transact NFT assets, substantially reducing the risk of unauthorized transfers or fraudulent activities.
Our SDK's ability to empower users to burn tokens or collections and manage account balances provides a powerful tool for immediate action in response to suspicious activity, thereby safeguarding the NFT ecosystem, bolstering trust, and minimizing the potential impact of scams on creators and collectors alike.
Taking personal precautions: Tips we recommend.
Identifying Red Flags in NFT Scams
Navigating the NFT market requires a keen eye for potential scams. To help you avoid NFT scams and protect your investments, here are some red flags to be wary of:
- Unsolicited Airdrops: Be cautious of unexpected airdrop notifications, especially if they promise substantial rewards or require immediate actions like connecting wallets.
- Overly Lucrative: Beware of deals that seem excessively lucrative or offer guaranteed profits; scammers often use these enticing offers, such as 'free NFT,' to lure victims.
- Requests for Private Keys or Seed Phrases: Never share your private keys or seed phrases. Legitimate parties won't ask for this sensitive information.
- Impersonation: Verify the authenticity of profiles, websites, and social media accounts before engaging with them. Scammers often impersonate well-known figures or platforms, especially for NFT giveaway scams.
- Urgent Demands: Scammers thrive on urgency, so avoid situations where you're rushed to decide or commit funds.
- Not searchable online. A legitimate NFT project will have a professional website and active social media accounts. Be wary if the project's team is anonymous. A verified NFT project will have a team of well-known people with a good reputation.
- Missing or Inconsistent Information: Legitimate projects and NFT collections provide clear and comprehensive information. If details are vague, conflicting, or absent, exercise caution.
- Unusual URLs: Check the legitimacy of website URLs; slight misspellings or unfamiliar domains can indicate fraudulent sites.
These red flags can help you spot common NFT scams, but knowing how to shield your assets and activities from NFT scams is equally essential.
Strategies to Avoid Falling Victim to NFT Scams
Staying safe from NFT Scams: For buyers and sellers.
- Thorough Research: Conduct in-depth research into NFT accounts to verify a project's authenticity and credibility before investing.
- URL Verification: Verify the legitimacy of URLs related to NFT projects or services, ensuring they match official websites.
- Authenticated Swaps: Only engage with individuals who can demonstrate ownership of the NFTs they offer using tools like NFT marketplaces or block explorers.
- Discord Server Invites: Refrain from accepting unsolicited requests/invites to minimize exposure to potential scams from a fake NFT account.
- Roadmap Scrutiny: Be cautious of vague or plagiarized roadmaps; legitimate projects provide clear, original development plans.
- FOMO Awareness: Avoid succumbing to the "fear of missing out" (FOMO), a tactic often exploited by scammers.
- Customer Support Caution: Familiarize yourself with NFT marketplace customer support policies and follow their guidance if assistance is needed.
- Airdrop Vigilance: Exercise caution with unexpected airdropped NFTs or NFT giveaways, especially if they prompt you to connect your wallet for redemption.
- Twitter Scrutiny: Be skeptical of Twitter bots and overly aggressive promotion, as these can be signs of fraudulent schemes and NFT phishing scams.
- Celebrity Endorsements: Influencer endorsements do not indicate a legitimate project (or NFT collection); always conduct your due diligence.
Staying Safe from NFT Scams: For Project Creators
- Be Transparent: Provide your identity and credentials to establish trust. Share links to your CV and GitHub page. If you opt for anonymity, clarify the reasons.
- Maintain Updated Links: Ensure all social media links and Discord invites are current. Regularly update these platforms to deter potential scams.
- Alert Your Community: Swiftly inform your followers if a scam campaign impersonates your project. Early warnings can mitigate the impact of such schemes.
- Consistent Updates: Regularly post progress updates on your roadmap. This continuous engagement reassures your community and wards off suspicions.
- Robust Customer Support: Develop efficient user support and scam reporting mechanisms to address concerns swiftly.
- Audit External Tools: Regularly review and update external tools and bots, especially for platforms like Discord, to prevent security breaches.
- Enhance Account Security: Implement multi-factor authentication on admin accounts and social media profiles to fortify access control.
- Avoid Unethical Practices: Steer clear of aggressive promotion, unsolicited airdrops, and Twitter bot usage. Maintain authenticity to build a genuine community.
- Audit Smart Contracts: Ensure any smart contracts employed undergo thorough audits or adhere to reputable standards for added security.
- Originality Matters: Refrain from plagiarizing other projects to preserve the integrity of your venture.
Build on Unique
Are you a builder or developer looking for the most advanced NFT infrastructure? From SDKs, RFTs, and Customizable NFTs, we can help you create powerful and dynamic NFT solutions. Whether you're looking to build new dApps or integrate existing ones, we have the tools and expertise to help you succeed.
Get in touch for more support.