9 NFT scams and how to avoid them

What are NFTs?

NFTs, or non-fungible tokens, are a type of digital asset that establish and prove the authenticity and ownership of a unique digital asset. NFTs allow people who own or create digital property to track its ownership and earn money from it. An NFT is a certificate of authenticity recorded on the blockchain, a permanent and unalterable digital ledger.

Imagine you created a work of digital art. As a digital asset, it can be copied millions of times around the web with apparently little consequence. But by minting an NFT of your art, you can prove that you own the original digital creation. The creation is non-fungible, meaning it’s irreplaceable with unique attributes, like the Mona Lisa. There is only one original, and there will only ever be one. This makes it impossible for anyone to copy your work or claim it as their own.

One of the early benefits claimed of NFTs was that it would allow digital creators who mint them to more easily monetize their work, whether by licensing an NFT or selling it to a new owner.

Some common NFT examples include:

• Art
• Writing (essays, stories, books, studies, etc.)
• Music
• GIFs
• Games
• PFPs (profile pictures)
• Virtual avatars
• Digital real estate

When NFT marketplaces launched a couple of years ago, they immediately attracted attention from investors. A boom ensued, and some NFTs were bought and sold for millions of dollars. Today, however, the vast majority of NFTs are worthless.

NFTs are traded on unregulated markets and with unregulated currency (cryptocurrency, like Bitcoin). The lack of regulation and large sums of money helped make NFTs an ideal target for scammers.

How do NFT scams work?

NFT scams work in a few ways. Scammers may try to steal or hack the login credentials to a crypto wallet. That would give them access to the digital safe that contains the NFT. Scammers might also trick someone into believing they successfully purchased a legitimate NFT when they really bought a counterfeit.

Because it’s impossible to change records on the blockchain, scammers often use social engineering tactics like phishing attacks to break into crypto user accounts and steal NFTs.

Learning their tactics is the best way to protect your NFTs—and your money.

Even if you’re aware of scammers’ tricks, you should still be careful when buying NFTs, especially if you’re doing it as an investment. NFTs aren’t as popular today as they used to be. The market has collapsed, with some trade volumes down 90% from their peak. Many NFTs that were trading for large sums are now worthless.

10 types of NFT scams

Are NFTs scams? No, but they are popular among scammers. Educating yourself on how scammers operate is the best way to stay safe. Here’s an overview of some of the most common types of NFT scams today:

1. Fake NFT websites

NFT scammers imitate popular NFT websites and marketplaces to trick users into compromising their account information. These fake, pharming websites often look just like the real thing, especially if you don’t pay attention to the details. This can make it difficult to tell the difference between a legitimate page and a counterfeit.

Social engineering scams like this are often after your personal information and passwords. Once scammers have your info, they may be able to access your account on the real site and any NFTs or money you have saved there. Or, they might try to sell you counterfeit NFTs from their fake site.

2. Pump-and-dump schemes

NFT scammers use pump-and-dump schemes to artificially drive up the price of an NFT. They do this by creating hype around an NFT or NFT collection on social media or with a celebrity endorsement, for example. A group of scammers will also bid high amounts for the NFTs to inflate their value.

Once an NFT collection gains attention and the selling price peaks, the insiders will cash out all at once, causing the price to plummet. Investors who paid a premium for the NFTs will be left with worthless assets.

3. Rug-pull scams (Investor scams)

Rug-pull scams (sometimes called Investor scams) are essentially fake NFT projects—the NFTs never actually make it to the marketplace. Scammers hype new NFT projects to lure people into investing. They create demand by offering exciting perks to people who pre-order specific NFTs. Then, before the NFTs are delivered, the developers disappear with the cash.

This happened in 2021 when the NFT developer Evil Ape collected almost $3 million in investments before disappearing, never to be heard of again. It happened again in 2022 to investors who bought Frosties NFTs. The developer made big promises and sold $1.3 million in digital assets before vanishing suddenly. The perpetrators were caught and charged for this NFT scandal, but no one received their NFTs or their money back.

4. Fake NFT offers

NFT scammers often pose as legitimate trading platforms and send fake offers to NFT owners via email. The goal of these phishing emails is to get you to click a link that takes you to a fake NFT marketplace.

Once you enter their fake website, you can easily become a victim by typing in your login credentials or seed/recovery phrase. Scammers can then use keylogging or other types of spyware to record your information and steal your NFTs.

5. NFT giveaways (Airdrop scams)

Legitimate crypto projects will sometimes airdrop free crypto to their supporters upon the launch of their token. This has made investors less wary of free giveaways and airdrop promotions.

But remember, there’s no such thing as a free lunch. Free NFT giveaways can wreak havoc on your devices and drain your crypto wallet. Scammers will offer free NFTs airdropped directly to your crypto wallet. The catch is that once you connect your cryptocurrency wallet to receive your airdrop, the contents of your wallet will be instantly sent to the scammer. When that happens, there’s no way to get your NFTs or crypto back.

Not only that, but airdrops can contain malicious threats like viruses or malware. It’s not a good idea to accept an NFT airdrop unless you are sure the sender is legit.

6. Social media impersonation

Social media impersonation is another NFT scam used to trick NFT owners. Cybercriminals create online profiles to convince people of their credibility and sell them fake NFTs.

Because much of the NFT world exists on social media platforms like Reddit and Discord, having a robust social media presence is often enough to earn people’s trust.

Social media scammers may also impersonate legitimate NFT marketplaces across various social media platforms. Once they connect with you, they’ll send you a link and prompt you to enter your account info. Then, they’ll steal your details and access your account on the real NFT website.

7. Customer support impersonation

Learning about a problem with your NFT account can cause you to panic and let your guard down—and scammers know this. They’ll pose as customer support for a trusted NFT website or marketplace and offer to help you resolve a problem with your account. They’ll instruct you to click a link and enter your personal details, or even ask you to grant them remote access. At that point, they’ll have everything they need to hack into your account.

8. Counterfeit or plagiarized NFTs

Minting an NFT doesn’t make it a fresh new piece of intellectual property or give you ownership of it. This simply turns a digital file into something that you can store on the blockchain—and when we say “simply,” we mean it. You can turn anything into an NFT for free with minting tools. According to Vice reporting, around 80% of minted NFTs are counterfeits.

Scammers trick people into believing they’re buying a unique NFT when, in fact, it’s a digitized copy. Once they have their plagiarized NFT copied from someone else’s work, they create an account on a trading platform and auction it off to the highest bidder. Much like counterfeit physical art, the asset you purchase will become worthless once it’s revealed as a fake.

9. Bidding scams

Bidding scams take place when you try reselling your NFT. Once an interested buyer puts in their highest bid, they may switch out the cryptocurrency for one of lesser value. So, instead of receiving 10 ETH (around $22,000), you could receive 10 DOGE (around $1). This is easier to do than you might think, as the buyer can change their crypto bid without your knowledge.

Real-world examples of NFT scams

The anonymous nature of the blockchain and cryptocurrency makes NFTs an attractive target for cybercriminals, and like most other scams, almost anyone could be a target.

It’s true that NFTs aren’t as popular today as they were a few years ago, but that doesn’t make you any safer from scammers. In fact, some of the biggest NFT scams have happened after the market’s initial boom and bust.

For example, in May of 2023, a group of NFT buyers were conned into purchasing NFTs to support an artist’s battle with cancer. The project was called Pixel Penguins, and several major crypto influencers drove its popularity. In the end, the “cancer patient” disappeared from social media and made off with over $100k in an apparent rug pull.

Just a month later, scammers sent over half a million fraudulent airdrops to users on the Polygon network. Over 300 users accepted the airdrops, resulting in $1.2 million in stolen NFTs and crypto.

Scams have gotten so bad that in August 2023 the FBI issued an official warning about scammers posing as NFT developers.

According to the FBI, “Criminals either gain direct access to NFT developer social media accounts or create almost identical accounts to promote new NFT releases.” This indicates that NFT scams on Instagram, Facebook, X (formerly Twitter), and other social media platforms are getting more sophisticated.

How to avoid NFT scams

To help avoid NFT scams, conduct thorough research into the seller, the NFT itself, and the marketplace. Always use a secure wallet and reputable marketplaces to buy and sell NFTs, and protect your devices against malicious sites and links with a strong security tool.

Take advantage of these NFT tips to help put a stop to NFT hackers and other online scams.

Do your research

Cryptocurrency and the blockchain are complex. They are also largely anonymous. This can make it hard to do research with any degree of certainty, and it increases the risk of investing in NFTs.

However, you can trade NFTs much more safely if you do some basic research, including:

• Verifying the seller: Always verify the NFT seller’s account to ensure they’re real. Check their transaction history on the blockchain for any shady activity, and look for evidence of their existence on social media.
• Verifying the NFT transaction history: Check the NFT’s transaction history on the blockchain using its metadata. This can help you determine if it's real or counterfeit.
• Verifying the marketplace: Make sure you trade only on reputable NFT marketplaces, and also check the URL before entering any personal info to ensure you’re not on a fake website.

Never open suspicious links or attachments

The blockchain is highly secure, so it’s nearly impossible for hackers to steal your NFTs unless you give them your login details or wallet keys. This is why phishing attacks are among the most common types of NFT fraud.

To avoid phishing attacks, avoid clicking any NFT-related links or attachments you get via email or social media. Navigate to NFT marketplaces and creators’ websites from your browser instead. If you want to click a link, verify the sender first. Even better, contact the official seller or marketplace to check that the email is legit.

Create strong passwords with 2FA

Create strong, unique passwords for your cryptocurrency wallet and other NFT accounts. Never use the same password for multiple accounts, and use a password manager to help keep track of all your passwords and suggest new ones.

Two-factor authentication (2FA) is also a must for crypto accounts. 2FA requires you to verify your identity in two ways before you can enter your account, adding an extra layer of security. For example, you might need to input a code sent to your phone or email after logging in with your password.

Never share your seed/recovery phrase

Your seed/recovery phrase is a unique list of words that provides access to your crypto wallet. This is the combination to your NFT safe. With your recovery phrase, anyone can access your digital assets.

Just like your passwords, never share your seed or recovery phrase with anyone. This could compromise your NFTs and any other kind of cryptocurrency stored in your wallet. A legitimate NFT marketplace or website will also never ask for this information.

Always crosscheck the NFT’s price

Before making an NFT purchase, cross-check the price on an official trading platform like OpenSea, Axie Marketplace, or Mintable. If the price appears much lower than what’s listed on the legitimate trading site, it’s probably a scam.

Also, double-check the transaction price before finalizing a sale to make sure a scammer hasn’t switched out the agreed-upon cryptocurrency for a lower-value token.

Protect yourself from scammers

If you’re uninformed on the different ways NFT scammers operate, you’re putting yourself at risk of becoming a victim. Always trade NFT or crypto on a device protected with a tool like Norton 360 Deluxe to help boost your defenses against scammers.

Norton 360 Deluxe helps block malicious sites and links, which can help you protect against NFT scams that rely on these schemes to collect your info. Plus, Norton 360 Deluxe features a built-in VPN to encrypt your connection and help keep your internet browsing more private.

FAQs about NFTs

NFTs are complicated, and you probably have a lot of questions. We answer a few of the most common below.

Are NFTs good investments?

Today, the vast majority of NFTs are not good investments. The market all but collapsed since its peak a few years ago. Most NFTs are worthless, and only about 9% of professional investors see NFTs as a good investment.

While the market may rebound, if you do invest in NFTs, it’s important to consider their inherent value and not simply follow the social media hype. Invest in artists,  musicians, communities, and causes that you actually support. This is the best way to stay informed, help prevent fraud, and make a fulfilling investment.

What percentage of NFT projects are scams?

The largest NFT marketplace, OpenSea, admitted that about 80% of its minted NFTs are scams. That means that the market is composed mostly of counterfeit or fake NFTs.

Why are four out of five NFTs scams? Anyone can create an NFT, just like anyone can make a print of the Mona Lisa and call it the real thing. That’s why it’s important to do your research before buying NFTs.

Do most people lose money on NFTs?

Yes, most people lose money on NFTs because the market is very weak. One survey found that most investors who bought NFTs in 2022 lost money.

Are NFTs secure?

Yes, NFTs are generally secure. NFT ownership is recorded on the blockchain and cannot be altered until the owner decides to sell. Hackers can’t change the blockchain, but they can steal your NFTs if you give them your account information or wallet keys. This is why phishing attacks are so common in the NFT world.