With the continually surging popularity of cryptocurrencies and NFTs, there has been an increase in scams targeting unsuspecting consumers. Even “ crypto winter” hasn’t slowed grifters looking to make big bucks by ripping off crypto and non-fungible token enthusiasts. In an August report, blockchain analytics firm Elliptic noted that investors had lost $100 million to NFT scams between July 2021 and July 2022. That was pocket change compared to cryptocurrency thefts—also in August, blockchain analytics firm Chainalysis reported $1.6 billion in total crypto losses from hackers attacking services designed to help investors transfer digital assets from one network to another.
Moneymaking potential in cryptocurrencies and NFTs is touted across the web, but the potential for digital highway robbery is just as great. That’s why it’s a good idea to armor yourself with information about how to avoid the many dangerous dark alleyways found along the blockchain’s supposed paths to wealth.
Scams can take many forms, from fake investment opportunities to phishing attacks. For example, “Web 3 Is Going Just Great” reports that in May 2022, a crypto project was launched with the title “Day of Defeat.” The project's developers called it a “radical social experiment token” that promised, “to give holders 10,000,000X PRICE INCREASE.” This meant anyone who purchased $1 of the token would receive massive rewards.
By the time the token’s price plummeted by 96%, investors had purchased $1.35 million worth of coins. Unfortunately, the scammers took all the liquid assets with them. It was a classic “ rug pull.” That’s an apt term to describe what happens when investors are lured to a new crypto investment opportunity only to have the developer pull out and usually vanish—websites and social media accounts deleted or locked. Rug pulls aren’t that new, but crypto’s widespread adoption has provided plenty of opportunities for the sufficiently motivated to create new ones.
In June 2022, actor Seth Green fell prey to a classic phishing scam focused on his Bored Ape Yacht Club (BAYC) NFTs. After Green bought legit Bored Apes, someone sent him a phishing email disguised as an alert about sketchy activity on his OpenSea account, where his apes were stored. He followed a link from the message to a site that looked enough like OpenSea to fool the Robot Chicken co-creator into typing in his login information. But as is usually the case with a phishing scam, Green’s info was sent to a command and control server where it was accessible to whoever built the fake login page.
In no time, hackers had grabbed some of Green’s most valuable NFTs and sold them to another account. As a result, the actor had to pay at least $260,000 to get his Bored Apes back.
While Seth Green was getting in on the latest thing—as Hollywood creators like to do—you can take steps to reduce your risk of falling into the trap that ensnared him.
Here are six to start:
Do your researchperson using MacBook proPhoto by Austin Distel on Unsplash
Before spending a dime, examine the account offering the NFT or tokens. Does the marketplace offer verification? Opensea, for example, verifies accounts with a blue checkmark. It requires specific benchmarks for verification, stating that an account that owns “collections with at least 75 ETH of volume sold” may qualify if they also “meet other criteria like minimum activity levels and social presence.” Ensure you’re buying from a seller with a checkmark.
Use reputable platformsBitcoin wallet in 3D. Feel free to contact me through email email@example.com. Check out my previous collections “Top Cryptocurrencies” and "Elon Musk" . Photo by Mariia Shalabaieva on Unsplash
Crypto and NFT purchases generally require setting up a digital wallet. To that end, there are plenty of sites offering crypto wallet functions. Still, only the ones that have been around for a few years (Coinbase, for example, launched in 2012) and have real name recognition can guarantee that they at least take security very seriously. Known and generally reliable sites offering wallets include Coinbase, Trezor, Metamask, Public.com, and Ledger. Of course, those aren’t the only ones; they’re a good place to start.
Use the wallet’s security settings wiselytwo pink padlock on pink surfacePhoto by FLY:D on Unsplash
Good wallets have the kind of security protocols we might expect from our banks or email accounts. For example, using two-factor authentication is a must, especially if you don’t want to end up paying through the nose for apes you’d already purchased, like Seth Green.
Look for rug-pull red flagswoman sitting on bed with MacBook on lapPhoto by Victoria Heath on Unsplash
These include mysterious, anonymous developers. If you research projects on Twitter, for example, there are frequent mentions of “doxxed” developers. In this context, doxxed just means the devs are telling potential investors who they are, likely with an open, transparent, and consistent web presence that goes back further than just a few months. Be wary of new social accounts and examine websites and white papers describing the project and its purpose. If they are vague or the sites seem thrown together (multiple pages with no content or TBAs), be very wary.
Be suspicious of 'pie in the sky' promises regarding profits10 and 20 us dollar billPhoto by Alexander Schimmeck on Unsplash
If you refer back to “Day of Defeat,” the project that rooked investors to the tune of $1.35 million, one of the easiest methods of spotting a possible scam is right there—the promise that those who purchased tokens would see a 10,000,000X increase in price. CoinTelegraph puts it succinctly in their recommendations about taking care with crypto and NFTs: “If the yields for a new coin seem suspiciously high, but it doesn’t turn out to be a rug pull, it’s likely a Ponzi scheme.”
Look for skewed numbersturned on monitoring screenPhoto by Stephen Dawson on Unsplash
According to Matthew Callahan—founder and CEO of Delphi, a Web3 consulting agency—other red flags to watch out for include projects where the number of “Twitter and Discord follower numbers seem disproportionate to their engagement.” That is, small numbers of users contrasted with active, vocal engagement can suggest sock puppetry at work. Callahan also suggests that “advertising the project on Twitter/Instagram” could be a red flag. Why? A paid ad campaign could indicate an attempt to obscure a lack of organic engagement. The account isn’t relying on word of mouth so much as paid views, which artificially boosts its profile, obscuring the fact that there’s “no real community engagement on social platforms.”
Frankly, there is still no surefire way to avoid all online scams. The key is to be a little paranoid, ultimately. Keep your digital head on a swivel, check all corners, and don’t go big at the start. Extra vigilance will improve your chances of not getting scammed into oblivion.
- Are NFTs a Good Investment? We Asked Local VCs - dot.LA ›
- iTrustCapital Lets People Invest Their IRAs In Crypto - dot.LA ›
- Dave Lands FTX Investment To Grow Crypto Presence - dot.LA ›