The cryptocurrency ecosystem has rapidly expanded in recent years, with NFTs (“non-fungible tokens”) emerging from a niche technology to a booming market for collectibles digital, empowering and democratizing the creative economy. From Bored Apes to NBA Top Shot, NTF not only demonstrates the mainstream adoption of blockchain technology but also represents a new era for creators in the digital space, spanning art, music and sport.

But with the rise of NFTs comes the risk of fraud, scams, and theft of digital collectibles.

The best way to protect yourself from these types of scams is to learn how to spot them and then stay far away. That's why we created this guide.

So what are some common threats? In this report, we will look at:

- Cheat

– Project forgery

– Get rid of scams or “rug pulls”

– “Dust attacks”

Cheat

Phishing is one of the most common scams. This happens when an attacker sends malicious links across various apps and platforms, including Discord, Telegram, Whatsapp, Facebook, and Instagram. This link typically takes the victim to a fake NFT mining page, which contains a smart contract that could allow the scammer to withdraw the victim's wallet if signed. This type of scam has many variations, including a case where an NFT project's official Discord is compromised, allowing miners to use the official channel to broadcast their malicious link.

Discord scams arise when hackers gain admin access to a server (as described above) or by direct messaging members of the Discord community. In other cases, scammers will purchase authentic-looking domains, including ENS addresses, and run paid Google search advertising campaigns to drive traffic to a fake URL. contains malicious smart contracts. In all cases, the goal of a phishing attack is to convince an unsuspecting victim that the fake malicious link is real.

How to avoid: Never click on suspicious links, attachments, or pop-ups. Always verify URL domains, email addresses, and social media domains to ensure authenticity. Be wary of fake ads and phishing email addresses purporting to be customer support. Don't share your wallet recovery phrase, credentials, or private keys with anyone. Use strong passwords and enable two-factor verification.

Project forgery

Scammers are known to create fake websites that resemble popular NFT marketplaces or minting sites, purporting to be the official homepage of a legitimate project, in the hopes of misleading them. users are confused when buying them. OpenSea recently said that more than 80% of collections created using their general store contract are fake or spam collections.

How to avoid: Always confirm the NFT marketplace's verified accounts, identities, and website URLs. Look for verification checks on the seller's social media accounts and Discord accounts. If you are still in doubt, contact the artist or seller on social media to confirm the authenticity of a potential transaction. Don't rush to buy an NFT until you confirm it is authentic.

Get rid of scams (also known as “rug pulling”)

Rug pulling is famous in the NFT space and is often referred to by the term “rug.” These are scams in which the project founder markets and promotes the project with no intention of developing the goals into reality. Finally, scammers raise funds, often through minting NFTs and taking money (aka “pulling the carpet”) without any effort to develop the project.

Big Daddy Monkey Club is a recent example. The developers raised more than 9,000 SOL before abandoning the project. The anonymous nature of blockchain developers, coupled with irreversible transactions, creates a strong incentive for fraudsters to try to get away with theft. Scams can also be very sophisticated – instead of abandoning the project outright, developers will “move the target” around the expectations of what will be done with the funds raised.

There are generally three stages to these scams:

In the first phase, developers will raise money through minting NFTs, promising to accomplish various goals without intending to do so.

In the second phase, developers often change the project's timelines and core initiatives, doing anything that can accelerate milestones and extend the project's progress day by day. the farther.

In phase three, as initial interest in the project subsides, the funds raised in phase one are transferred to individual wallets, often using mixers to obfuscate the stolen funds.

How to avoid: Research the backgrounds of the teams behind NFT projects on social media platforms like Linkedin and Twitter. Even anonymous artists and developers can be known and trusted by the crypto community, but it's important to closely look at follower counts and social media engagement. . Check the project roadmap and consider whether it is realistic or not. If possible, tap into the wisdom of the crowd by seeing what veterans of the NFT community think of the project and whether it has received any notable verifiable endorsements from individual or organization or not.

Dust attacks

An attack occurs when a victim creates a legitimate NFT, but then finds a new, random NFT in their wallet. If a victim interacts with this unknown NFT, including listing it for sale, they could subscribe to a smart contract resulting in the loss of funds from their wallet. Unfortunately, this scam doesn't just happen to NFT project developers, as bad actors also send malicious NFTs to random wallets in hopes of catching new users unaware.

How to avoid: Monitor your wallet as much as possible. If you find an unknown NFT in your wallet, do not interact with it in any way.

Source: Coinbase