This article first appeared in Wealth, The Edge Malaysia Weekly on November 29, 2021 - December 5, 2021
Just as non-fungible tokens (NFTs) have increased in popularity, NFT scams have continued to proliferate. Industry players observe that NFT holders could be losing cryptocurrencies worth millions of dollars each day to scammers.
“We have observed an increasing trend in the number of scams related to NFTs. We suspect that victims could lose up to millions of dollars each day [to these scams], even more so if the victims own multiple wallets,” says Bobby Ong, co-founder of cryptocurrency ranking and analysis website CoinGecko.
Oded Vanunu, head of product vulnerability research at cybersecurity service provider Check Point Software Technologies Ltd, says NFT-related scams are rampant these days, with many taking place on social media and instant messaging platforms such as Twitter and Discord.
“We have heard of people losing millions of dollars [in NFT-related scams] recently, with all kinds of people being scammed. Some scams are very sophisticated and hard to detect,” Oded says.
“In many countries, the cryptocurrency market is unregulated. People who lose their coins can’t go to the police to lodge a report for further investigation. This represents a huge opportunity for scammers to seize.”
According to Ong and Oded, the most common scams are NFT phishing scams that coerce cryptocurrency holders into giving their passwords to a fake website controlled by scammers. How these scams are conducted vary.
Sometimes, scammers impersonate a well-recognised figure in the cryptocurrency community via a social media platform and convince others that they are legitimate. They would lead their followers to a fake website and have them enter the seed phrase (or password) of their NFT wallets into it.
Another less common but more advanced phishing tactic is the use of fake NFT minting sites, which are platforms that allow a person to convert their art pieces into NFTs. Instead of receiving the mint function, however, victims end up sending their cryptocurrencies to the scammers’ digital wallets, says Ong.
Also, after conducting online searches, a person could unknowingly download a malicious NFT wallet that looks legitimate, says Oded. “Wallet scams are huge these days. We are researching some of these cases, which involve millions of dollars. The cases are still ongoing.”
Last month, Check Point uncovered scams that exploited the software vulnerability of NFT marketplaces such as OpenSea.
According to CoinGecko’s 3Q2021 report, OpenSea is the world’s largest NFT marketplace and has a virtual monopoly on the industry. About 99% of the global trading volume of NFTs took place on the platform in the third quarter of this year.
Check Point discovered that scammers created malicious NFTs (a digital image) and sent them as gifts to others via social media or a messaging app. The person who clicks on the NFT would be required to perform seemingly innocent actions before losing control of the cryptocurrencies in their digital wallets.
Owing to a sharp rise in NFT-related scams, cryptocurrency holders should be more vigilant to avoid losing their money. They can follow some simple rules to better protect their digital wealth.
“NFT holders should always verify emails from strangers and never click on any suspicious links from strangers. If possible, they should contact the NFT project’s official team to clear any doubts or concerns [they have regarding projects they are interested in],” advises Ong.
Setting up two-factor authentication (2FA) for digital wallet login and cryptocurrency transfer is another effective way to avoid being scammed, says Oded. “This is the main thing that a cryptocurrency holder should do. While simple, it can prevent scammers from hijacking your account [or wallets].”
Save by subscribing to us for your print and/or digital copy.
P/S: The Edge is also available on Apple's App Store and Android's Google Play.