Non-fungible tokens are an appealing target for fraud because the market is unregulated and filled with anonymity.
By Nick Gelling
Product test writer
NFT-related scams reported to government cyber-security watchdog CERT NZ from January to March cost New Zealanders nearly $50,000, and the problem is expected to get worse.
If you’re interested in buying one, you need to be extremely vigilant, both during the purchase process and after it’s in your wallet.
What are NFTs?
A non-fungible token (NFT) is a digital record of ownership, usually attached to a piece of media. They’re based on blockchain technology, and therefore closely linked to cryptocurrency and the so-called “Web3”. Generally, NFTs can only be purchased with Bitcoin, Ether or another crypto asset.
The appeal of NFTs is that each is unique – they introduce an artificial scarcity to digital assets, and they can act as status symbols.
What are the risks?
The ‘crypto revolution’ is based on ideals of independence from government and business, so it’s very poorly regulated. That means if something goes wrong, there’s rarely any way to reverse a transaction or retrieve a lost asset.
As usual, the biggest scam risk comes from people tricking you into handing over personal information. In the NFT space, that usually means the pass phrase to the digital wallet where they’re stored. A common tactic is cloning the website of an NFT marketplace in the hopes that users “sign in” to the fake site.
These phishing scams are more advanced (and hence believable) than other scams you might be familiar with, perhaps in recognition that the target population skews toward being tech-savvy.
Just ask American actor Seth Green, one of the creators of Robot Chicken. Last week, he was phished out of four high-profile NFTs. One of them, a Bored Ape Yacht Club collectible worth US$200,000, was set to “star” as the main character of Green’s next TV show, White Horse Tavern. The show’s future is now uncertain because copyright belongs to whoever possesses the NFT. Even though it was stolen, Green has no clear way to reclaim it, because the market isn’t regulated.
Uniquely common in the crypto world, the “rug pull” is a type of fraud where a project is advertised with an ambitious plan for future activity and charts showing excellent projected returns.
Once enough people have invested, the “creator” disappears with the money, never to be heard from again.
It’s simple to mint an NFT of an image without the artist’s permission, or appropriate an existing NFT. In January, the world’s largest NFT marketplace, OpenSea, noted that more than 80% of the listings minted with its free tool were plagiarised or otherwise fake.
Why are NFTs such a target?
Scammers often focus their efforts on new, trendy investments – it’s a combination of following where the money is going, and targeting poorly informed investors. NFTs are no different.
The lack of regulation in NFT marketplaces is obviously a great boon to fraudsters, as is the culture of anonymity and pseudonyms. It’s hard to trace an NFT thief back to a real identity (although, even if you did, it probably wouldn’t help you get your stuff back).
The extreme hype present in marketing campaigns for NFTs plays into the hands of bad actors – a buyer swept up in the excitement, or trying to buy as quickly as possible for fear of missing out, is more likely to make a mistake.
How can you stay safe?
When you’re buying
As with any investment, if the seller is promising high returns that seem too good to be true, be suspicious.
To avoid phishing, triple-check that any website you link your wallet to is the real thing – often fake sites have the URL spelled slightly differently.
Try not to buy from anonymous sellers. An NFT project linked to an established organisation or trusted figure in the crypto world is less likely to be a rug pull.
If an NFT is linked to a specific artist or public figure, make sure they’re actually involved – otherwise, you’re probably gifting money to a counterfeiter who doesn’t own the rights.
Some NFT projects are kept under wraps until close to launch. Don’t pre-order anything until the art’s finalised and you know what you’re getting.
After you’ve bought
Protect the key phrase to your digital wallet extremely carefully. Never share it with anyone, even someone you trust.
Activate two-factor authentication for your digital wallet, if it’s available.