Non-fungible tokens, famously known as NFTs have become the latest phenomenon. People around the globe are paying millions of dollars (in crypto) for NFT art and collectibles. If you were a crypto nerd, the explosion of NFTs onto the global stage and mainstream media would not have come as a surprise. These tokens have been around for a few years now. Thanks to the surge in cryptocurrencies like Bitcoin and Ethereum, NFT prices have gone soaring.
In the realm of NFT scams, much like cryptocurrencies, NFTs operate on blockchain technology. So what makes them much more expensive than crypto? It’s the uniqueness of each token. In essence, NFTs are what we call a collector’s item. There are 21 million bitcoins available for mining but an art or collectible is one (or few) of a kind. Once you own an NFT, it is yours. No one can tamper with it or replicate it.
An NFT need not be an art. It can be your housing papers or your car documents. It can be anything. If someone likes it, they will pay for it. With NFTs you can capture rare events and monetize them. For example Jack Dorsey, Founder & CEO of Twitter is selling his first tweet on NFT platform Valuables for $2.5M. Valuables is an NFT platform to buy and sell tweets
If you are interested in learning more about NFTs, this is a good place to start.
A quick look at crypto’s threat landscape, and you will notice one commonality. The higher the value of a cryptocurrency, the higher the volume of fraud targeting its users. Considering the amount of money that is being poured into NFTs, the scams are not too far away. Here are a few scams NFT users will start seeing in the near future.
1. Replica Stores
The problem of replica stores is well versed in the world of online fraud. Scammers spin up websites that look exactly like the original ones and try to trick users into either logging in with their credentials or give away their credit card information. At Bolster, we see online stores across several industries being targeted, and stores selling NFTs would be no exception.
The number of suspicious-looking domain registrations with names of NFT stores like ‘rarible’, ‘opensea’, and ‘audius’ have increased nearly 300% in March 2021 when compared to previous months.
The replica NFT stores could look very similar to the replica RayBan store. They will be using a legitimate NFT stores’ logo, have a similar website layout, and sell NFTs available on the legitimate store.
Replica Store URL: hxxps://glascz[.]top/
More information on CheckPhish: https://checkphish.ai/insights
2. Fake NFT Stores
A variation of the replica NFT stores is the fake NFT stores. These stores might not be using logos and content from legitimate stores, but instead use non-affiliated logos and content and sell NFTs that do not exist. These stores try to cash in on the shopper frenzy.
Here is a look at why we think this will be a problem
|Suspicious Domain Registrations||March 2021||% increase over Feb 2021|
|‘nft’ and ‘market’||150||296%|
|‘nft’ and ‘crypto’||148||321%|
|‘nft’ and ‘trade’||68||309%|
Suspicious registrations like these are indicators of what is to come. To spin up a phishing or counterfeit page, scammers need to register a domain first. Numbers in the March 2021 column are till 13 March 2021. We estimate these numbers to double by the end of the month.
3. Counterfeit NFTs or Artist Impersonation
If you were following NFTs in the recent weeks, you would be aware of the Banksy-styled artworks sold on the NFT markets for $1 million in crypto. Although I do not want to get into whether that was a copyright/ trademark issue, this sets a precursor for what is to come. Counterfeit and real-world ‘inspired’ artwork/content will become a problem shortly. Users need to be careful about what they are buying or bidding. It is difficult to verify the seller on such online marketplaces.
Also, domains like banksynft[.]com and banksynfts[.]com were recently registered.
Counterfeits have always been a problem in the world of online fraud, and we expect them to translate to NFTs as well.
Read more about the Banksy-style NFT here.
4. Giveaways/ Airdrops
Wherever there is crypto, there are giveaway (/airdrop) scams. At Bolster, we detect thousands of such scams every month. They target famous cryptos as well as brands and personalities associated with them. In these scams, scammers target crypto enthusiasts by offering them free crypto/ NFTs/ tokens related to NFT marketplaces.
Here is a giveaway scam targeting users of Rarible and their RARI token.
Fake Giveaway URL: hxxp://raribletokendops[.]com/
More Information on CheckPhish: https://checkphish.ai/insights
We expect many more of these scams to spin up. Scammers use social media platforms like Twitter, Facebook, Telegram and Discord to propagate these scams.
5. Brand Impersonation on Social Media
The crypto community is extremely active on social media channels like Telegram and Discord. On both these channels, scammers set up groups targeting almost all the brands in the crypto space. Most of these groups claim to be the ‘official support’ or ‘official community’ of the targeted brand.
These groups are used to carry out the scams we mentioned above. Here is a screenshot of the numbers of groups claiming to be the Rarible.com Community.
Users need to be extra careful before joining these groups. In the case of NFTs, we are expecting more such groups to pop where the scammers will also try and sell fake or non-existent NFTs to users.
If someone sends you a link to join these communities, make sure to verify that you are joining the real one. In most cases, a simple Google/ Twitter search can help you find the right community or group.
We also expect scammers to spin up groups that start calling themselves official. Here is an example of the number of Polkadot ‘official’ groups we found on Telegram by just performing a simple search.
A quick peek into the future: These scams will get more complex and sophisticated. Scammers will keep innovating to make sure users fall for these. Not just NFTs, when buying anything online, a buyer needs to be aware of where and to whom they are giving away their credit card or banking information.
We understand this can be difficult. That is the very reason we built Checkphish, an AI tool to detect online fraud in real-time. If you come across a suspicious link, scan it here before accessing it.
Also, if you are interested in building cool technologies like this, we want you. Check out open positions here.