9 common NFT scams and how to avoid them

What are NFTs?

NFTs, or non-fungible tokens, are digital certificates that represent ownership of a unique digital asset. An NFT allows people who own or create digital property to track its ownership and potentially earn money from it. An NFT is a certificate of authenticity recorded on the blockchain, a permanent and unalterable digital ledger.

If you’re a digital creator, NFTs offer an opportunity to expand your exposure on your own, without relying on established galleries. You may even be able to monetize some of your creations too, though the initial heyday for NFT monetization has passed: only 15% of people considering NFTs a worthwhile investment, according to Security.org research.

What forms can an NFT take?

NFTs take many forms; almost any digital file can be turned into a token (tokenized). Once an asset is tokenized, it’s recorded and traded as an NFT on the blockchain. Some common NFT examples include:

• Art.
• Writing (essays, stories, books, studies, etc.).
• Music.
• GIFs.
• Games and downloadable game content.
• 3D printable model files.
• PFPs (profile pictures).
• Virtual avatars.
• Digital real estate.

How do NFT scams work?

NFT scams typically rely on social engineering schemes, not blockchain hacking. Usually, scammers trick users into giving up wallet access, buying fake NFTs, or approving malicious transactions.

Blockchain transactions are mostly irreversible, so once NFTs are transferred, they’re basically gone for good. NFTs are also traded on largely unregulated markets using cryptocurrency, which makes it harder to trace back to a real person and recover losses.

Below are the most common types of NFT scams, and look at how each one works.

1. Fake NFT offers

NFT scammers sometimes create imitations of popular NFT websites and marketplaces to trick you into compromising account information. They may send you fake offers via phishing emails with “early access or exclusive offers” or simply create fake websites online. These fake, pharming websites often look just like the real thing and pass an initial “vibe check”, especially if you don’t pay close attention to the details.

Social engineering scams like this are often after your personal information and account credentials. Once scammers have your info, they may be able to access your account on the real trading sites (if two-factor authentication isn’t enabled), plus any NFTs or money you have saved there. Or, they might try to sell you counterfeit NFTs from their fake site.

2. Pump-and-dump schemes

NFT scammers use pump-and-dump schemes to artificially drive up the price of an NFT collection. They do this by creating hype around the collection on social media, by getting a celebrity endorsement, or even by buying the individual NFTs themselves using multiple wallets they control (a tactic called “wash trading”). A group of scammers can also bid high amounts for the NFTs to artificially inflate the perceived demand of the collection.

Once the NFT collection gains attention and the selling price peaks, insiders stop the fake bids and wash trading, then sell the NFTs they owned, causing the price (and the demand) to plummet. The investors who paid a premium for the NFTs are left with low-value assets that they can’t sell.

3. Rug-pull scams

Rug-pull scams (sometimes called “investor scams”) are essentially fake NFT projects that never actually reach the marketplace. This scam may start as a well-intentioned endeavor that fizzles out, or a deliberate ruse to steal money without ever intending to deliver the promised NFTs.

Most scammers hype new NFT projects to lure people into investing during presale or whitelist phases. At this point, they request upfront payment for “pre-orders.” But after receiving payment, the developers disappear with the cash, never delivering on their promises. This happened in 2021 when the NFT developer Evil Ape collected almost $3 million in investments before disappearing, never to be heard of again.

4. NFT giveaways (AirDrop scams)

Legitimate cryptocurrency projects sometimes AirDrop free crypto to their supporters upon the launch of their token. This has made some investors less wary of free giveaways and AirDrop promotions.

But remember, there’s no such thing as a free lunch. So-called NFT giveaways can wreak havoc on your devices and drain your crypto wallet. It usually starts with scammers offering free NFTs, which they promise to AirDrop directly to your crypto wallet. The catch is, once you connect your cryptocurrency wallet to receive the AirDrop, the contents of your wallet are instantly sent to the scammer. When that happens, there’s no way to get your NFTs or crypto back.

Some airdrops may also include links to phishing sites, malicious tokens, viruses, or malware.

5. Social media impersonation

Social media impersonation is another NFT scam used to trick NFT owners. Cybercriminals create online profiles to convince people of their credibility and sell them fake NFTs. Some NFT scammers even pose as trusted figures like celebrities, influencers, NFT creators, or marketplaces to gain your trust and lower your guard before pushing scams or malicious links.

Because much of the NFT world exists on social media platforms like Reddit and Discord, having a robust social media presence, good branding, and high follower count is often enough to earn people’s trust. Unfortunately, these trust signals are also easy to fake.

After social media scammers connect with you, they may send a link to a pharming site or prompt you to connect your crypto wallet. From there, they can potentially steal your login credentials or get you to approve a malicious transaction.

6. Customer support impersonation

Learning about a problem with your NFT account can cause you to panic and let your guard down, and scammers know this. They’ll pose as customer support for a trusted NFT website or marketplace and claim that they’ll help you resolve an urgent problem, such as a locked account, stolen funds, or even a fake security breach.

The customer support imposters will likely instruct you to click a link and enter your personal details, or they may even ask you to grant them remote access. If you do, they’ll have everything they need to hack into your account.

NFT scammers who impersonate customer support representatives from legitimate NFT marketplaces often reach out via email, social media, or Discord.

7. Counterfeit or plagiarized NFTs

You can turn anything into an NFT for free with minting tools, but minting an NFT doesn’t make it a fresh piece of intellectual property or give you ownership. Minting a new NFT just means turning a digital file into something you can store on the blockchain as a token.

Because almost any image or file can be minted without verifying ownership, scammers can easily tokenize stolen or copied work. Once they’ve minted someone else’s work, they create an account on a trading platform and auction it off to the highest bidder. Much like counterfeit physical art, the asset you purchase will become worthless once it’s revealed as a fake.

This is unfortunately common, too. OpenSea (a digital NFT gallery and marketplace) posted on X that around 80% of minted NFTs on the site are counterfeits, Vice reports.

8. Bidding scams

Bidding scams take place when you try to resell your NFT. Once an interested buyer places their highest bid, they may secretly swap the cryptocurrency for one of lesser value. Instead of receiving 10 ETH (around $22,000), you could receive 10 DOGE (around $1). This is easier to do than you might think, as the buyer can change their crypto bid without your knowledge.

9. Deepfake NFT scams

Deepfake NFT scams use AI-generated audio, video, or images to impersonate trusted figures in the NFT space. To add a sense of legitimacy to the scams, the deepfakes may feature deepfakes of known digital artists, popular crypto influencers, or new NFT project founders.

Because deepfake content sounds and looks relatively legitimate, you may believe you’re hearing about a real opportunity to invest or get in on a limited-time offer.

Real-world examples of NFT scams

It’s true that NFTs aren’t as popular today as they were a few years ago, but scammers are still actively targeting artists and investors in the NFT space. In fact, some of the biggest NFT scams have happened after the market’s initial boom and bust.

Here are a few recent examples of NFT scams:

• Evolved Ape (2021): The creators of the Evolved Apes NFT project promoted a collection of around 10,000 cartoon ape NFTs and promised to use the proceeds to develop a video game that would increase the tokens’ value. Investors contributed during the presale, but the game was never completed. Instead, developers allegedly made off with more than $2 million for personal use.
• Pixel Penguins (2023): In May 2023, NFT buyers were allegedly conned into purchasing NFTs to support an artist’s battle with cancer. The project, called Pixel Penguins, gained traction through promotion from crypto influencers. However, the sick artist later disappeared from social media, and the project was exposed as a rug pull that raised over $100,000.
• Polygon Network (2023): Scammers sent over half a million fraudulent AirDrops to users on the Polygon network. Over 300 users accepted the AirDrops, resulting in $1.2 million in stolen NFTs and crypto.

How to avoid NFT scams

To help avoid NFT scams, conduct thorough research into the seller, the NFT itself, and the marketplace. Always use a secure wallet and reputable marketplaces to buy and sell NFTs, and protect your devices against malicious sites and links with a strong security tool. Take advantage of these prevention tips to help put a stop to NFT scammers.

Do your research

Cryptocurrency and the blockchain are complex. They are also largely anonymous. This can make it hard to do research with any degree of certainty, and it increases the risk of investing in NFTs.

However, you can trade NFTs much more safely if you do some basic research, including:

• Verifying the seller: Always verify the NFT seller’s account to ensure they’re real. Check their transaction history on the blockchain for any shady activity, and look for evidence of their existence on social media.
• Verifying the NFT transaction history: Check the NFT’s transaction history on the blockchain using its metadata. This can help you determine if it's real or counterfeit.
• Verifying the marketplace: Make sure you trade only on reputable NFT marketplaces, and also check the URL before entering any personal info to ensure you’re not on a fake website.

Consider long-term value

When NFT marketplaces launched, they immediately attracted attention from investors. A boom ensued, and some NFTs were bought and sold for millions of dollars. Today, however, the vast majority of NFTs are worthless.

If you’re entering the NFT market now and planning to buy NFTs as an investor, you might want to think again. Even if you’re aware of scammers’ tricks, these aren’t the only risks. The NFT market has nearly entirely collapsed, with some trade volumes down 90% from their peak.

Never open suspicious links or attachments

The blockchain is highly secure, so it’s nearly impossible for hackers to steal your NFTs unless you give them your login details or wallet keys. This is why phishing attacks are among the most common types of NFT fraud.

To avoid phishing attacks, avoid clicking any NFT-related links or attachments you get via email or social media. Navigate to NFT marketplaces and creators’ websites from your browser instead. If you want to click a link, verify the sender first. Even better, contact the official seller or marketplace to check that the email is legit.

Protect accounts with strong passwords and 2FA

Create strong, long, and unique passwords for your cryptocurrency wallet and other NFT accounts. Never use the same password for multiple accounts, and use a password manager to help keep track of all your passwords and suggest new ones.

Two-factor authentication (2FA) is also a must for crypto accounts. 2FA requires you to verify your identity in two ways before you can enter your account, adding an extra layer of security. For example, you might need to input a code sent to your phone or email after logging in with your password.

Never share your seed or recovery phrase

Your seed phrase (aka recovery phrase) is a unique list of words that provides access to your crypto wallet. This is the combination to your NFT safe. With your recovery phrase, anyone can access your digital assets.

Like your passwords, you should never share your seed or recovery phrase with anyone. This could compromise your NFTs and any other cryptocurrencies stored in your wallet. A legitimate NFT marketplace or website will also never ask for this information.

Always cross-check the NFT’s price

Before making an NFT purchase, cross-check the price on an official trading platform like OpenSea, Axie Marketplace, or Mintable. If the price appears much lower than what’s listed on the legitimate trading site, it’s probably a counterfeit scam.

Also, double-check the transaction price before finalizing a sale to make sure a scammer hasn’t switched out the agreed-upon cryptocurrency for a lower-value token.

Protect yourself from scammers

If you’re trading NFTs, simply knowing the scams to watch out for isn’t enough. Protect your accounts, wallets, and devices with a strong cybersecurity tool like Norton. Norton 360 Deluxe helps detect the scams in deepfakes and texts that NFT scammers often rely on to trick you. Norton 360 can also help block malicious links that scammers send in phishing communications, helping to protect your device and your personal data from being stolen.

FAQs

How do you know if an NFT is legit?

Check the creator’s verified profile, confirm the NFT’s transaction history on the blockchain, and verify it’s listed on an official marketplace. If the seller is anonymous, the links are suspicious, or the history looks inconsistent or missing, it’s likely not legitimate.

Are NFTs good investments?

Today, the vast majority of NFTs are not good investments. The market has cooled significantly since its peak a few years ago. Today, most NFTs are worthless, and only about 9% of professional investors consider them a good investment.

While the market may theoretically rebound, if you do invest in NFTs, it’s important to consider their inherent value rather than simply following social media hype. Invest in artists, musicians, communities, and causes that you actually support. This is the best way to stay informed, help prevent fraud, and make a fulfilling investment.

What percentage of NFT projects are scams?

The largest NFT marketplace, OpenSea, admitted that about 80% of its minted NFTs are scams. That means that the market is composed mostly of counterfeit or fake NFTs.

Do most people lose money on NFTs?

Probably. Most NFT collections lost most or all of their value after the initial 2021 boom. This suggests that most people who invested near the peak of the market boom likely lost money on NFTs, and the market hasn’t recovered.

Are NFTs secure?

Yes, NFTs are generally secure. NFT ownership is recorded on the blockchain and cannot be altered until the owner decides to sell. Hackers can’t change the blockchain, but they can steal your NFTs if you give them your account information or wallet keys. This is why phishing attacks are so common in the NFT world.