So, you’ve decided to buy an NFT.
For better or worse, non-fungible tokens – unique digital artworks created on smart contract platforms like Ethereum or Solana – have been on the rise in recent years, with celebrities forking out tens of thousands for ape jpegs and artists selling NFTs for millions and millions of dollars.
Maybe you’ve decided to dip your toe in and see what all the fuss is about, but chances are you’ve also heard that the crypto space is a minefield of scams.
Obviously the best way to avoid being scammed is to not buy any NFTs at all. But if you’re set on it, we’ve broken down the types of scams that are out there, and how best to avoid them.
First, the basics. There are a few different ways and places to buy NFTs, but these fall into two broad categories: 1) Minting, and 2) Buying an NFT that’s already been minted, most likely through a secondary marketplace.
Minting means you’ll be getting in early, essentially taking part in the initial launch of a collection by buying one or more of its NFTs at a set price.
Buying an NFT that’s already been minted means you’ll be paying another person (the current owner of the NFT) an agreed amount for the NFT to be transferred into your possession, most likely via an intermediary (i.e. one of the marketplaces mentioned above).
There are other ways to buy NFTs (some people trade directly over-the-counter, for instance), but the methods above are the most common and, for the most part, the safest.
Before we go any further, a quick note: NFTs exist on multiple smart contract platforms, but for the purposes of this article we’ll be focussing on Ethereum (ETH) and Solana (SOL) NFTs, as these are the most common types.
Finally, in order to buy said NFT, you’ll need a special wallet with the right cryptocurrency inside it. There are various different wallets out there (mostly coming in the form of browser extensions or apps), but the two we’ll focus on for this article are MetaMask (a wallet for ETH NFTs) and Phantom (for SOL NFTs).
Oh so many. Despite how up-and-down cryptocurrency is, there’s still a lot of money to be made in it. And whenever there’s money to be made, there are people looking to scam others out of it. NFTs are no exception.
The space is rapidly evolving and new methods of scamming will pop up all the time. But for now, the main NFT scams include:
Minting an NFT requires you and your wallet to sign a transaction in order to exchange crypto (be it ETH or SOL) for your shiny new jpeg. Unfortunately some scammers have been known to launch what appears to be a new NFT collection but is, in reality, simply a device designed to steal everything from the wallet being used to mint.
This type of scam typically relies on someone minting with auto-approve turned on (a setting that automatically approves new wallet transactions without you having to click the approve button), or just minting in a hurry without reading exactly what the transaction says (people often hurry to mint new NFTs for fear of the collection selling out, and unfortunately scammers like to play on that fear).
Most NFT projects, when they launch, will publish a “roadmap” of the goals they’re planning to complete and the dates they wish to do this by. Sometimes this is very brief, sometimes it comes in the form of a detailed whitepaper, but the idea is that it allows prospective investors to see exactly what their money is going towards. Problem is, not all project creators stick to this.
In the past there have been a number of well-publicised “rug pulls” with both large ETH and SOL collections, which typically involve creators suddenly deleting the social media accounts associated with the collection and disappearing with the mint funds. Anyone who bought into their project is then left with an NFT that’s inevitably down in value, and is very unlikely to recover that value again.
Remember we mentioned earlier that some people will trade with each other directly? Well it’s a scammer’s paradise. Without the safety of an intermediary there are all sorts of ways you can be ripped off, ranging from simple theft (someone saying they’ll send you crypto for your NFT, waiting for you to send your NFT, and then sending nothing in return) to slightly more sophisticated scams designed to trick and deceive.
People have been known to send crypto that isn’t actually real, for instance, using Solana’s devnet (essentially just a sandbox for developers), or to set up extra discord accounts to pose as moderators helping facilitate a fake trade.
If a scammer sees a new or upcoming collection that’s gaining popularity, they may well try to quickly create their own version of the collection in the hope of catching out buyers.
As you can see, there are myriad ways to be ripped off when you’re trading NFTs. So how do you actually buy one safely? Well, again, complete safety is a luxury that’s not all that easy to guarantee when it comes to cryptocurrency, but there are still ways to protect yourself. To start with, here are some things to bear in mind when it comes to minting:
Use a burner wallet
This one’s crucial. It only takes a minute to set up a new wallet using MetaMask or Phantom, and it’s always worth using one of these when you mint anything new. The reason? If your wallet is compromised by a previously-mentioned wallet drainer scam, you won’t lose everything you have in one hit.
Turn off auto-approve and read the transaction carefully
Again, this one’s all about avoiding a wallet drainer scenario. If you don’t have auto-approve on, every time you hit the “mint” button a transaction box will appear that you have to approve before the mint goes through. This is worth reading carefully, as it’ll tell you exactly what’s being exchanged. If anything looks suspicious, you can just click cancel and walk away.
Just because an NFT collection is legitimate, doesn’t mean you can’t still fall victim to a wallet-drainer. Often scammers will create near-identical social media accounts and circulate a fake mint link, or – and this has happened many times before – they might try and hack the Discord/Twitter of a legitimate project in order to take it over and circulate their fake link there. Double-check what you’re clicking on, ignore DMs that seem too good to be true, and if anything seems suspicious then just don’t click it.
Research what you’re minting
Even if you avoid the pitfalls of wallet drainers, there’s still rug pulls to worry about. The best way to avoid these is to make sure you’re only minting NFT projects that have legitimate teams behind them — avoid the ones that are being run by anonymous developers, as it’s easier for them to disappear without facing any backlash or consequences if they decide they no longer want to work on the roadmap they laid out.
The best way to research this is by exploring the website/Discord/Twitter pages of the project you’re thinking of minting, and making sure there’s a section somewhere on the team (ideally they’ll be people with experience) or, at the very least, that the team has been “doxxed” (this is the term that always gets thrown around in the NFT space, but it essentially just means that their real names are out there) by a third party service.
One final thing to consider is how the project is launching, and what kind of safety features (if any) are offered by the launchpad in question. After a project called Balloonsville minted on Magic Eden’s launchpad only for the creator to gleefully abandon it shortly after, Magic Eden created a number of “Safety Signals” for future launches, such as asking projects to sign legal contracts and put their mint funds in an escrow wallet for a minimum of 24 hours.
“On the backs of the project rugging, Launchpad was paused for two weeks (which was a painful decision, but it was the right call),” a Magic Eden spokesperson told Mashable. “We took the time to strengthen our Launchpad screening process and enhance creator due diligence. Since then, we’re proud to help launch 250 unique collections into Solana’s NFT ecosystem. Launchpad has implemented safety protocols that allow us to identify our creators and verify KYC-ed accounts at financial institutions. We also implemented quality protocols for evaluating projects that mint on the primary market. The majority of projects that approach us for launchpad support are rejected (less than 5 percent of projects who apply for launchpad support qualify) through the creator screening mechanisms — which evaluates everything from user following / engagement to NFT artworks and utility.”
The good news is, if you’re buying a collection that’s already minted, you’re less likely to be coming up against the wallet drainer scam we mentioned above. The bad news? You still have every chance of running into rug pulls, fakes, and attempted OTC theft.
There’s no real safe way of trading NFTs directly OTC without an intermediary, so to counteract that one your best bet is to just not do it all. If you’re buying second-hand, stick to secondary marketplaces. There are many different secondary marketplaces, but for the purposes of this article we’re going to focus on two of the biggest: OpenSea, the world’s largest NFT market that deals with both ETH and SOL NFTs, and the previously mentioned Magic Eden, a popular marketplace for SOL NFTs. With that in mind, here are some things to bear in mind when buying second-hand NFTs:
Verify the collection
First things first: When you’re buying an NFT, it’s crucial to make sure that you’re buying a real NFT, and not a duplicate that isn’t part of the actual collection.
OpenSea told Mashable that it has a badge system to help with this. “Badging may be useful to first time buyers. Some collections on OpenSea have badges represented by blue ticks on their NFT pages. These ticks are added to high-profile collections and are in place to make it easier for buyers to avoid fakes,” a spokesperson said. “If the price seems too good to be true, it’s probably a fake. As with real-world collectibles, the price depends on supply and demand dynamics. If an NFT is significantly cheaper (or much more expensive) than other NFTs from the same collection or category, then you should be particularly careful.”
OpenSea added that it’s constantly improving search functionality in order to help people find authentic content, and is building tools to prevent fake blue check mark badges. The platform also has a tool to fight fraudulent collections. “Our copymint prevention system is the most sophisticated tool we’ve built to fight spam and fraud,” the spokesperson said. “It uses image recognition technology to scan NFTs and identify potential duplicates – including flips, rotations, and other permutations.”
Magic Eden, meanwhile, has similar tools in place, allowing users to “flag” collections that are fake, infringe copyright or are derivative of other collections. The market then has a manual team in place that can review suspicious content and take further action.
Research, research, research
Just because a project has been around for a while, doesn’t necessarily mean it’s safe. An offshoot of the “rug pull” scam is the so-called “slow rug”, which essentially involves project creators becoming less and less engaged over time. Maybe to start with they stick to their roadmap, but eventually they might miss deadlines and update the community less and less.
Again, the only way to really counteract this is with research. If you hear about an NFT and are thinking of buying it, make sure you’ve visited the project’s social pages first. Are the project’s creators still active in Discord? Are they posting regular updates on Twitter? Is there a plan in place? If the answer to all these questions isn’t a solid “yes”, tread carefully.
Ultimately, whether you’re minting or buying on secondary, time and research are your best weapons against getting scammed. The NFT ecosystem is fast-moving, and there’s a constant pressure to act quickly. But if you resist that urge, slow everything down a little and take some simple precautions, you can still protect yourself.
More in Cryptocurrency