How not to be scammed in NFTs

Soon after I got into the NFT space, I was astonished by how many scams are in this space and how elaborate they are. Hearing from friends who are new to NFTs that they got scammed on day 1 and seeing tweets from people who got scammed and lost all their money and assets, this space can feel really scary for newcomers. And because of these stories of people being scammed, many people think all NFTs are scams, which shouldn’t be the case. So I wanted to write an article to showcase what the most common scams in this space are and what to do/not to do to protect yourself so that you will feel comfortable getting into the space and stay safe for the long run.

Here’s the table of contents, as some of you might already know some of the rules and scams, feel free to skip the things you know:

1. Golden rule: Never give your seed phrase or private key to anyone
2. How to avoid scams on Discord
3. How to check if it’s an official project on OpenSea
4. How not to fall for scams on OpenSea
5. Watch out for copied art when you buy NFTs

Before we start: Be skeptical

First of all, I would like to warn you that the scams in this space are really annoyingly crazy and elaborate. Scammers spends hours and hours thinking about new ways to trick people, because there’s a crazy amount of money in this space and they can make millions of dollars if they do it cunningly. What’s worse, a lot of projects are time sensitive, especially at the time of minting and auctions, which makes us less cautious as even legitimate projects urge us to take an action quickly without thinking things through. So, let’s always keep in our mind that “SCAMS ARE EVERYWHERE ANYTIME, WATCHING YOU” and let’s always be skeptical for any interactions with NFTs.

Not the best image, hopefully memorable enough to make you remember to always be watching out for scams

Golden rule: Never give your seed phrase or private key to anyone

The biggest thing that scammers and hackers will try to do is steal the secret recovery phrase or private key to your crypto wallet. If they get a hold of this, they can log into your wallet from their own device and transfer all your funds and NFTs to their own wallet. What happens if they get your seed phrase or private key? They can log in to your wallet and send all the money to their address and all the money you have in the wallet will be gone in a second. Once the transaction is made, there is absolutely no way to get it back. So it’s absolutely important to keep your secret recovery phrase safe and not share it with anyone, or on any site. Remember, you will never, ever need your seed phrase or private key at all for any transaction, so if any site or person asks you for either, that is an immediate red flag. Leave right away.

Lovely reminder from the Metamask tutorial

I will give you one example of how people are asked for seed phrases.

This message was sent on Discord on Sep 30th, 2021 to thousands of users.

Website/p

This looks really real in terms of website domain, name, and picture, so people clicked the link and got redirected to a phishing site and were asked for their Metamask password and seed phrase. Some people ended up typing their seed phrase (all these people did say they knew it’s a must-not do thing to give out your seed phrase, but sometimes, people are busy, tired, in a hurry, and so it can happen to anyone). Afterwards many people realized what they had done was wrong immediately, but everything was already gone because as soon as you give up your seed phrase, the scammers can immediately take everything you have.

So, please store your seed phrase in a very secure place (definitely not on your computer) and never, under any circumstances, ever give it to anyone.

How to avoid scams on Discord

Discord is the most popular tool for building communities in this space, but not everyone is perfectly familiar with it as it is primarily used for gaming. As it’s still a somewhat new platform and not everyone is used to it, there are SO MANY scammers living in Discord trying to get your seed phrase or password. Here’s a couple of things you will need to keep in mind to avoid getting scammed.

Golden rule: Never ever click any promotional links from DMs

Once you start joining Discord servers for various NFT projects, you will start getting millions of DMs. As DM and Discord server icons are located all on the same place (the left side of the app), when you are clicking around the icons, you will naturally see some DMs and it’s actually really confusing, because some DM users will have the same icon and name as a channel you’re actually part of, to try to pretend to be the channel and not a user. Here is how to tell a user DM apart from a channel message:

Even though it looks like the project you invested in, no legitimate project will ever send you a DM as an announcement for minting, drops or giveaways. All the announcements happen in one of their official channels, so please do not respond or interact with any DMs, even if they seem like they’re from an official member of any team — they never are.

Here are some of the DMs that I have received recently:

Last one is kinda obvious, but the first two look pretty legit, with the messaging/profile picture/website. I, myself, clicked once for something similar. I joined the Discord server of Mekaverse and on the next day, I got the message from Mekaverse saying “Minting starts right now!”. I kinda panicked because it was supposed to be a week later but I thought, “maybe they made it earlier”. When we are in that state of mind, we don’t think too much. Thankfully, after I clicked the link, the website looked completely different and unprofessional, so I knew it was a fake, but if the website looked exactly the same or close enough, I could have fallen for the scam. So never, ever click any of the links in DMs.

Change your server privacy settings

Though this is case-by-case, you can consider changing your server privacy settings to not to allow direct messages from server members because how scammers find you and know what you are interested in is through the servers you are in. So if you are in the Mekaverse server, they know you want the Mekaverse NFT and they will start sending you a bunch of fake minting/giveaway messages. So if you don’t allow them to send you DMs on that server, you will minimize the chance you get those scam DMs — though sometimes scammers will manage to find a way to message you anyway, so never let your guard down even if you change these settings.

In order to change these settings, right click the icon of the server you’re in and select “Privacy Settings” and turn off “Allow direct messages from server members”.

Of course, if it’s a community you are heavily invested in and actual people are sending messages to you, you can’t use this setting. However, for the projects you joined only to see announcements, you can use this setting to avoid getting annoying messages every day.

Avoid a project or Opensea support scam

One of the most popular NFT scam stories is the story of Jeff Nicholas. I highly recommend reading his tweet of what happened, as it sounds utterly painful and sad and will make you feel like you really need to be careful. (Kudos to Jeff for sharing the story, this story was covered by The Verge (written by well known NFT journalist, Andrew Wang) and saved a lot of people who could have fallen for the similar scams)

Basically, what happened is he joined the OpenSea Discord server to resolve one small royalty issue and got a DM from someone called Pascal | OpenSea (This is the name of the actual employee who posts on the #opensea-support channel, but any scammer can change their display name to be the same) and he was invited to a separate Discord channel called “OpenSea Support Server”(this also sounds pretty legit). And then after some back-and-forth conversation, he was asked to share his screen and was told what to do and by following their instructions, scammers stole his Metamask information and sent all his money and assets to their account (Thankfully, after this incident, Metamask disabled the mobile QR code sync feature).

OpenSea posts these rules on their #trust-and-safety channel on Discord, so please always keep them in mind when you are on their Discord (or any other Discord) and trying to get some help.

OpenSea staff will never:

1. Contact you in DMs first

2. Ask for your wallet seed phrase

3. Invite you to a different server

4. Ask you to click a link to “fix” your wallet

Here are some example scams that I found on the OpenSea Discord channel #report-dm-scam. As you can see, they all try to make you click a link or get your information directly. So whenever you see someone doing that, report them immediately.

How to check if it’s an official project on OpenSea

There are lots of copycat scam projects on OpenSea that look exactly like the official project and when you try to find a given project, it’s easy to land on a fake project page and buy the fake one, which won’t worth anything. Here, I will walk you through what to look out for.

Check the name of the project

This is the easiest step. Check the name. Most of the major projects name their account on OpenSea exactly the same. So if you are looking for Pudgy Penguins project on OpenSea, you will see some names with sharp, period, and singular form etc., those are all fake. In case you are not sure what the official name is, go to rarity.tools and check the official name.

Look for a verified badge

Always look for verified badge, as most of the major projects have verified badge and scam projects do not (just like the screenshot above). And there are some cases where scam projects will try to look like they have verified badges like below. Make sure that the badge is located outside of the icon image, and not inside it

Check the # of items and volume

Most of the fake projects have:

• Less than 1K items —scammers don’t have the time or money to create 10K NFTs, so the number is usually pretty small like less than 1K
• Low volume traded —the volume traded here is sadly the amount that victims paid to scammers, hopefully pretty small
• Low floor price — the price usually is too good to be true for those major popular projects

Rarity.tools also has the same information (items, volume, and floor price) on each project page, so you can go to each project page and check if the volume and floor price is the same as what you see in OpenSea. (Projects have to pay 2 ETH to list their project info on Rarity.tools, so we can trust that the project information on rarity tools is correct and from the official creators, as no scammer is likely to pay 2 ETH to list on Rarity.tools)

Check properties

Properties are also another way to identify whether or not a project is fake. If you go to details page on one of the penguins, and look at the “Properties” tab, the official ones have properties that describe the various traits each NFT has:

If you look at the details of a fake NFT, you often won’t even find the “Properties” tab as scammers don’t take the time to put in all these details. Sometimes they do, though, so don’t take the fact that a project does have properties as proof that it’s real — only take it as proof that a project is fake if it doesn’t have properties:

Check the contract address

Another way to make sure is to check the contract address of a given OpenSea project. If you go to the “Details” tab on the same page on OpenSea, you can find the contract address that minted the NFTs you’re looking at.

Most of the time, projects put their official contract address up on their website (in case of Pudgy Penguin, go to their website and check the link “smart contract” on the bottom of the site). Check the address to make sure it’s the same on both the official website and on OpenSea. In this case, this is the Etherscan address they linked and you can check that the contract address matches up.

Bookmark the official OpenSea page once you find it

Though the checking methods above are useful when you first find a new project on OpenSea, once you find a project you want to follow, I would always recommend that you bookmark the project page because sometimes, when you google “{Project name} OpenSea”, there is a slight chance that the fake account will show up on Google search, or that when you type in the project name on OpenSea again, you’ll accidentally land on a fake project. So it’s always good to save the right place once you find it so you never have to check again in the future.

How not to fall for scams on OpenSea

Once you start collecting some NFTs, you might start seeing some NFTs that you aren’t familiar with suddenly drop in your OpenSea account. Oftentimes, these NFTs dropped in your account will seem to be related to projects that you already invested in for real, such as getting say, a Baby Pudgy Penguin if you own a real Pudgy Penguin. Unless you are specifically expecting a project to give you an airdrop of a free NFT, these are almost always scam projects looking to steal your money.

My partner is a pretty prolific NFT collector and soon after he bought a few Curio Cards, for example, he received NFTs in his wallet that look like Curio Cards that he in fact didn’t purchase himself.

If you look at the NFT he got airdropped (possibly already deleted by the time you are reading this), there are some clues that this NFT is fake:

• The project name is different (My Curio Cards vs CURIO CARD)
• No verified badge
• Small volume/low floor price

They do this to:

1. Make you notice the item and buy more of it
2. Make other people think that you own this item and that it’s legit because it’s owned by a popular collector

For point #2, you will have to be careful when you are trying to look for NFTs to buy by looking at influencers’ accounts.

For example, Gary Vaynerchuk aka Gary Vee, is one of the most well-known collectors in the space. If you go to his OpenSea account, you will see 3000 items in his collection. If you are trying to see what he purchased in order to buy the same NFTs, you will need to look very carefully at the details of each NFT, as the reality is he didn’t buy most of the NFTs he actually has in his wallet.

How to identify what influencers actually bought

In order to identify what NFTs an influencer actually bought versus scams that were airdropped to their accounts, we will need to look at the Trading History on the details page of each NFT.

If he actually purchased, for example, CryptoPunk #2140, the record on Trading History will look like this. The event name is “Sale”, and he is buying from another account, paying a lot of ETH for the purchase:

On the other hand, this is one NFT Gary Vee “owns” but has not purchased. It looks like a copy of a Sneaky Vampire Syndicate NFT, but has no verified badge, has low volume, and has a low floor price. If you look at the Trading history for this NFT, you can see that there is a “Transfer” record, not a “Sales” record. And interestingly enough, there are Transfer records to multiple people who are super well-known in the space, including beeple, artchick, Pranksy, and GaryVee from the same address.

What this means is that a scammer account sent their fake NFTs to those people so that it will show up on their OpenSea accounts and look like these famous people actually bought these scam NFTs with their own money. In order to avoid falling for this scam, be sure to always look at the Trading History for each NFT and make sure the influencer actually bought the NFT themselves.

How to identify what influencers actually minted

The same thing applies to minting. Anyone can directly mint a new NFT to someone else’s address and unfortunately, this will look identical in OpenSea to a case where an influencer actually minted an NFT to their own wallet:

In order to see if an influencer actually minted an NFT themselves or if someone else minted it for them as a scam, you will have to go into Etherscan by clicking the little box with the arrow in the “Date” column link.

On Etherscan, we can see that for a legitimate mint transaction, the “from” address which initiated the minting and the “to” address which received the tokens should be the same. The “from” address is the one initiating the transaction and sending the assets to the “to” address. So this transaction below looks correct (both the “from” and “to” addresses are artchick’s address, 0x0b8f4c4e7626a91460dac057eb43e0de59d5b44f):

On the other hand, this transaction’s “from” and “to” addresses are different (the “from” address is not artchick’s), which means that someone else is initiating the mint transaction and sending it to artchick’s address:

This takes a little bit more digging into than looking at Sales versus Transfers, but it really comes in handy when you are trying to figure out which NFTs influencers are actually minting themselves, versus which NFTs are actually scammers minting to influencers.

Watch out for copied art when you buy NFTs

In NFTs, it can often seem like even legitimate things are too good to be true, but in general, whenever something sounds too good to be true, be extremely careful and research things very quickly.

For this topic, I would like to share my own personal mistake. Earlier in my journey, I was browsing hic et nunc, the marketplace for NFTs on Tezos. As I was browsing, I found super legitimate art that looked amazing, so I clicked it. When I saw the NFT, it seemed like it was created by Zedd, the legendary DJ. Soon after, the profile picture was set on the account and it was Zedd’s picture. I remembered someone mentioned that once Linkin Park posted their stuff here, so I thought maybe it was him, doing a secret unannounced drop. There was only 1 edition, and it was pretty affordable, so I jumped on it and bought one. Shortly after someone told me that while this NFT art was in fact actually created by Zedd, it had actually been officially sold on Nifty Gateway for a much higher price. Someone had just in fact copied the exact same NFT art and posted it on a fake account on hic et nunc.

Another example is a time when my partner bought a piece of art on Foundation.app which Fvckrender, another super well known NFT artist and collector, had also purchased from in the past along with over a dozen other legitimate collectors. The account had been selling art successfully on Foundation.app for months, had even collected a few pieces themselves, and even had a very active verified Twitter and Instagram account with thousands of followers on each. A few days later, someone told all the collectors on Twitter that the account was fake and all the pieces of art on that account had been copied from other people on the internet.

Those things are harder to spot, especially if you are buying art from not extremely popular artists. It’s something that improves over time as crypto gets more mainstream. For now, several things that can help is:

• Try reverse image searching from image.google.com and see if the search result show that the art isn’t stolen from a different artist.
• Check the seller’s linked Twitter and Instagram accounts and see how long they have been on the platform
• In the case of Foundation.app, check the artist who invited the person you’re investigating and see if they have legitimate social media accounts as well
• To be super safe, you can stick to carefully officially curated websites like SuperRare and KnownOrigin. Foundation is artist curated, meaning you have to be invited by another successful artist to get on the platform, so it’s also usually pretty safe, but much less so than SuperRare and KnownOrigin. Rarible, MakersPlace, and OpenSea are free for anyone to join, and so you have to use the most caution when investigating projects listed on those sites.

Final note

I listed the major scams that have been popular among scammers right now, but there are more and more scam techniques invented every single day. So ultimately, it’s important we always stay skeptical and think twice before taking any action, even if it’s something not explicitly covered here. It is important to keep this in mind because the vast majority of people fall for scams when their guard is down — when we are rushed, tired, and don’t have the mental energy to pay too much attention, which happens to everyone — especially when you’re exhausted from looking at 10,000 NFT projects every day, and when you’re used to needing to take action really fast even on legitimate projects like minting or buying a piece on a secondary sale before someone else takes it and so on. So let’s always keep in mind that scams are everywhere, targeting you, and keep learning from the past mistakes of others.

Here are some actions you can take going forward to learn about new scams and protect yourself preemptively:

• Take our scam quiz to test your understanding
• Join our Discord channel #watch-out-for-scams (discord.gg/catc)where we talk about all the different scams people find
• Change your privacy settings on Discord to avoid any unwanted DMs
• Take a look at the report spam channels of the Discord servers you join to learn about various new scam techniques

I hope you’ve learned some useful tools to keep yourself safer out there when hunting for real NFTs. Stay safe, be careful, and have fun!

If you are interested in learning more about NFTs, check out our resource page here or join our discord to learn more from our members.

Interested in making your own NFT collection? Check out the link below:

• Heymint Launchpad (https://join.heymint.xyz/): A free no-code platform that allows you to launch an NFT collection without any programming skills (NFT art generator, smart contract builder, create mint website)
• HeyMint Allowlist manager (https://heymint.xyz/): A biggest free allowlist manager for launching your NFT collection.

Curious Addys Trading Club

• Website : https://www.curiousaddys.com/
• Twitter: https://twitter.com/CuriousAddys
• Discord: https://discord.gg/curiousaddys