A little over a year ago, only a few knew NFTs existed. But today, NFTs are everywhere and on everyone's mind, from friends and family to coworkers, TikTok creators, YouTube influencers, in newsletters and mainstream media. They are so prevalent that ‘NFT’ was selected Word of The Year for 2021 by the Collins Dictionary!
A small and niche market that was less than $70 million in total sales in 2020 surged to $10.7 billion by Q3, so it’s no wonder everyone wants in. Artists, musicians, and creators looking for a new source of revenue. And collectors, art lovers, fans, and investors who want to support, collect and make money.
The challenge in such an explosive market is that it invites scams that undermine trust and negatively impact both creators and collectors.
Why Are NFT Scams So Insidious?
NFTs are super hot, so it’s only natural to want in, to try and find your footing, and dream of squeezing yourself on this spaceship that’s obviously on its way to the moon!
But buying an NFT is unlike buying anything else online. It’s a complex process and has many steps, each presenting its own unique challenges and therefore the opportunity to scam you out of your hard-earned money.
When you are buying something online, you are usually buying it from a trusted merchant, using a trusted payment processing service. The payment processor usually collects business information from the merchant including business registration and government IDs.
Most importantly the process is reversible, that is you can usually return the product to the merchant, and in case the merchant refuses to do so and turns out to be running some sort of a scam, you can report the transaction to the payment processor, your credit card issuer, or your bank, who can reverse the payment.
But an NFT transaction is final, you have no recourse, no support, no one to call, and no one to reach out to! You are completely on your own, you can’t complain behind the scenes, instead, the only thing you can do is to let the community know publicly.
So not only do NFT scams prey on your openness to try something new, and your desire to grab a piece of this delicious NFT cake, but if you are a victim of a scam you may find yourself having to tell everyone this has happened to you, as if losing your money wasn’t enough!
The Anatomy of an NFT Scam
NFT scammers rely on a collection of things that makes you vulnerable. These things form the anatomy of an NFT scam, which you need to know in order to protect yourself.
The fear of missing out is a powerful force you can’t take for granted. You are not the same rational person reading these words when FOMO takes over. You may be saying to yourself “not me” but it can totally be you. Even the savviest investors realize the power of this way of thinking and they put rules in place to protect themselves from it.
NFTs by design are scarce and in demand, so you have a few seconds to make a decision to get in on a new drop before the opportunity is lost forever.
Sure you can wait, but that usually means that you may have to pay 10-1000 times the price you can get when a new drop is available. Simply put, NFTs are engineered to capitalize on FOMO. So unless you have rules in place and no loopholes at all, you are vulnerable.
With FOMO in full swing, your guard is down and you are rushing to pull together the funds to get one of these rare NFTs that just dropped before someone else gets it. In that rush, you fail to see the notification you got is not from the official account.
While the hyperlinked text has the official name of the project, let’s say Bored Ape Yacht Club Official Website, if you actually check the link you’ll find it’s directed to another web address altogether, for example, boredapyactclub.com - Notice that it’s ‘bored ap yact club’, which is missing the ‘e’ from ape, and the ‘h’ from yacht.
If the notification is coming through email, the ‘From’ field may have the name of the founder of the project (i.e. Gordon Goner), and when you check the email address it is most likely a Gmail address (i.e. firstname.lastname@example.org instead of Gordon@boredapeyachtclub.com)
If you click on the link you’ll be taken to a one-page website focused on getting you to pay to get the NFT before someone else does.
NFT scams are usually supported with the use of graphical elements taken from the NFT project’s website and images shared online, in addition to using similar language to the one project’s team is using.
Now that you clicked on the link that says Official Project Website, and you landed on the one page set up to scam you out of your money. You will see the count of the NFTs being minted rising while the count of the NFTs remaining falling.
While this is the least sophisticated component of the scam, now that you are high on FOMO, filled with excitement with every step you take closer to get that coveted NFT, the familiar graphics and icons instill a sense of trust and familiarity while you rush to connect your crypto wallet and make sure it’s filled with the right amount.
By dressing up the scam to look legit, you get a false sense of safety and trust that you forget to check the website link or email address, who has time to do that when all your focus is on completing the transaction.
For a few seconds after completing the transaction you feel elated. You can’t wait for your NFT to appear in your wallet so you can proudly show it off to the world.
Where is it, you wonder, why is it not showing up?! You start looking around for answers. Meanwhile, the FOMO high is wearing off quickly.
Then it hits you all at once. FUUUUUCK! I’ve been scammed!
A sinking feeling fills you up with emptiness, as you click around aimlessly looking for a solution that doesn’t exist :(
Unforntualty, there is nothing you can do.
How to Avoid NFT Scams
Given the way NFTs work, protecting yourself against scams and scammers is your very best option.
If you truly do not want to lose your NFT investments and want to protect your money, I strongly recommend that you learn and educate yourself about the space before you invest. Learn about NFTs and the technology that makes them possible and learn about NFT cybersecurity.
Having said that, I’ve put together a very simple framework that will help you protect yourself against NFT scams regardless of your tech-savviness level or knowledge of cybersecurity.
Control Your Inflow:
Unless you are a public figure or a public-facing person in a business, there is absolutely no need to allow every email to hit your inbox. Only allow emails from selected addresses to show up in your inbox, the rest can all go to spam, which you can check once a week.
This will put you in a state of mind that you are browsing spam at your own time, and therefore you are more present, skeptical, rational, and far less likely to fall into the trap of a scam email.
Limit Your Exposure:
The more exposure you have, the more scams you will have to deal with and learn to avoid. This is particularly true when you join multiple Discord communities of many NFT projects, as there are many Discord scams.
Avoid joining many Discord communities or Telegram groups where you are not active. There are bots that will inundate you with messages about the drop or launch taking place now!
If you are in a certain Discord community where you like to stay active, make sure you turn off the ability for people to send you direct messages in the privacy section to prevent bots from reaching you and playing on your FOMO.
Check & Verify:
Verify the core elements of the project. The website, social media accounts, founding team social media accounts, and online presence.
When you receive a message in your inbox, on Discord, or through Telegram. Do not act on it, and whatever you do, DO NOT CLICK THE LINK! Instead, go to Google, search for the project’s official website, check the founding team’s social media, to verify that there is indeed a special promotion, a drop, or a sale before you proceed to search for it on the official website.
While the message may say secret drop, only for you, and that you shouldn’t tell anyone, it’s highly unlikely that any NFT project will do a drop without placing the information on their website and blasting the news all over social media.
Before sending the payment, validate the blockchain address you are sending money to.
For new projects, you should be sending the payment to the address of the project’s smart contract. You can check that address using a blockchain explorer. (every blockchain network has its own blockchain explorer).
A blockchain explorer is a piece of software that draws various data from a blockchain, arranges it, and presents the data in a searchable format.
NFTs are essentially pieces of code that live on a blockchain. So you can use a blockchain explorer to find out all the information you need about an NFT project.
Some of the leading explorers are:
Here is what it looks like when you look up the details of Bored Ape Yacht Club on Etherscan.
Every Board Ape NFT will have the same smart contract address
You can find the smart contract address by clicking on the details section of the NFT page in the marketplace where you are buying it.
If you are getting the NFT from a new project that hasn’t listed the NFTs on a marketplace, you can simply copy the contract address and paste it in the search bar of a blockchain explorer (sometimes google will do).
Once you are on the contact page, you should see a list of transactions, and there is a field called Token Tracker which should have the name of the project. Click on it and it should show you the project’s information.
You can also check out DappRadar to track the information you need to know about a certain NFT project.
There are some exceptions for the steps mentioned above, so you may want to have a look at the FABRIC framework for evaluating an NFT project. While it’s an approach for investing in NFTs, I found it very helpful for screening out scams as well.
I’m not sure if you remember how people bought their first cell phones, but back then there were no YouTube reviews and no trusted independent media, so people resorted to the next best thing, asking their friends.
Fast forward to today, we have access to social media and communities. So you must not ignore this powerful resource you have at your fingertips.
If you are not sure whether a certain project is a scam or not, reach out to the community and ask. The NFT community is usually very helpful, and if you ask you will get answers farily quickly. That’s not to mention that there are many people who made it their job to share information about NFTs and NFT projects. So if you are not going to ask the community, at the very least ask Google. You may stumble on articles, videos, and posts about the project to help you identify the good, the bad, and the ugly.
Instead of waiting to be a victim of a scam to post online to the community about the scam, you can always post online or in the Discord community about any element of the promotion you received and ask if it’s legit. People are usually very helpful, and the administrators of your community will most likely help clear any confusion on what’s true or not.
Chart Your Path
The NFT sector is moving at hyper-speed so it’s tempting to think there is no point in trying to catch up, or it’s better to sit on the sidelines until the right time comes.
Nothing could be further than the truth.
The best thing you can do in such a market is to get involved, learn, apply, and evolve your knowledge and skills in the space. NFTs and the underlying blockchain technology are an evolutionary leap forward that puts remarkable power in your hands, but you must leave the comfort of being a passive consumer and become an active contributor, an avid learner, and an engaged participant
So if you really want to wield the power of the most exciting technology revolution of your lifetime, while protecting yourself and the community from scams and scammers in the process, build your own knowledge base, grow through practice, and chart your path to mastery.