May 20, 2022

Fibo 101: 5 Common NFT Scams and How to Prevent Them

Albert Kim


The NFT boom

The NFT market is really booming. 

Many NFT projects have grossed seven figures and there are new artists, collectors, and investors entering the market daily. 

NFTs empower artists and musicians to directly transact their own art pieces and music with customers with real-time settlement using cryptocurrencies. 

It’s an example of art and music gone digital and decentralized. 

However, as with every booming trend, there are some potential pitfalls.

Many newbies unfamiliar with blockchain technology have fallen to scams.

In this blog, we’ll discuss some of the most common scams in the NFT market, and how to avoid them. 

Scam #1 – Getting your NFTs stolen directly from your crypto wallet

Just recently, over $13 million in NFTs were stolen from the Bored Ape Yacht Club collection. 

Attackers managed to get access to the Instagram and Discord channels of the popular NFT collection. 

Then, posing as admins for the project, they sent fake emails and private messages to the people in the community. 

They claimed to be promoting a new airdrop for the project, and asked that people click on a link to join.

Many did and signed an “approve function” from their crypto wallet, essentially giving outsider access.

Unbeknownst to them, the approval allowed the attackers to remove NFTs from the victim’s wallet. 

By using this sort of hack, the attackers stole millions of dollars in NFT from their victims.

How to prevent this?

In Cardano there is no need for an “approve function” because Cardano’s blockchain network uses native tokens. 

At no point will a user be asked to approve to move tokens from your wallet. 

The only way to move assets is by signing a transaction with a private key. 

From the perspective of the Cardano blockchain, this attack cannot happen. 

For NFT collectors on other blockchains, always verify any claims of promotions with third party news sources. 

Never click on links from accounts sent via social media channels as they are most often scams. 

Finally, be aware of the different levels of authorization provided in a smart contract.

Scam #2 – Art turned into NFTs without the creator’s agreement

Anyone can mint NFTs from random pieces of media found on the Internet. 

In most cases, this leads to a lot of fake copies of the same art piece across many different marketplaces, blockchains, and with different names. 

As the media of the NFT is not stored on the blockchain, the authentication of it is more technical. 

The actual media is hashed and that is stored either directly on the blockchain or in the attached metadata

For this reason, it is important to verify that the media displayed when hashed is the same as the one attached to the transaction. 

The metadata is crucial to identifying the authenticity of the media and ensuring there are no duplicates. 

In Cardano, this information is part of the transaction itself, so it cannot be modified. 

How to prevent buying fake NFTs and duplicates?

Always review the blockchain metadata before making a purchase. 

Contact the original artist before buying to make sure they are aware of the NFT being sold.

Additionally, there are many search engines that look for NFTs by querying the blockchain. 

Use those to search for the information of the NFT and be sure there are no duplicates on the market. 

Verify the social media accounts of the NFT creator. 

Also, do the same for the seller of the NFT if this person is not the original artist. 

Always verify all the data provided about the NFT and review all the information before purchasing.

Scam #3 – Wash trading

In many instances people fake the price of an NFT. 

The scammers will create an NFT, buy it and sell it continuously over a few accounts they control which is called “wash trading.”

This makes the NFT appear more valuable than it is to the general market.

Once they have created enough fake price increases, they release the NFT for sale to the general public. 

An unaware investor looks at how many times the NFT sold, and the increase in price, and thinks it may be a valuable asset. 

This way, scammers lure people to buy an NFT for an inflated price.  

How to prevent this scam?

Before buying, go to the blockchain record itself which is open and transparent. 

Check the time intervals between sales, and also the different wallet addresses. 

Make sure the NFT is sold in transactions that do not happen in quick succession as that is usually a clear sign of someone trying to fake price increases. 

Also, take note of all the wallet addresses which bought and sold the NFT. 

If they are different, and contain other assets, that is a strong indication that they belong to a real user.

Scam #4 – NFT Media Deleted

As we mentioned before, the media of the NFT is stored in a separate place. 

In most cases it is an URL pointing to a centralized server, or a hash that belongs to the IPFS network (a decentralized storage technology popular with NFT projects). 

All these external databases can be erased. 

In this case, the media associated with the NFT would be gone. 

The token itself would still be there on the blockchain, but the media would be lost. 

In these cases, the actual token becomes worthless as it no longer represents the external piece of media. 

How to prevent this?

First, make sure to know where the NFT’s media is stored. 

That way you’ll be able to verify how secure that system is. 

It’s crucial to understand how the external storage is being provided, so in the future the media will continue to exist. 

Second, it’s possible to backup the media of an NFT. 

The media itself is referenced as a hash on the NFT metadata.

As long as the media is the same, the hash will always be the same. 

By saving the media on a backup, if the original is deleted, the backup can be used to prevent the loss of value. 

Scam #5 – Accessing a fake NFT marketplace

As NFT marketplaces become popular, these become honeypots for theft. 

Attackers will often purchase web domain names that are spelled similarly to the real marketplace. 

Then, they try to brute force the results from search engines to make sure their fake sites are ranked ahead of the real site. 

Once an unsuspecting victim enters the fake site, their NFTs can be taken from their wallet in the case of an Ethereum architecture using an “approve function.”

On Cardano, that cannot happen, but the attacker can create a fake buy order that tricks the user to create a transaction and never receive the payment. 

How to prevent this?

Never access an NFT marketplace from an external link provided by an unknown party. 

Always double check the URL on your browser, and check the security certificates of the site. 

Do not trust the results on search engines, and alway add the NFT marketplace you use the most often to your bookmarks. 

Find Cardano NFTs on

Developed by EMURGO, the official commercial arm and a founding entity of the Cardano blockchain, Fibo is a new Cardano NFT marketplace empowering creators and collectors for a positive #socialimpact.

Fibo is designed to make it super easy for artists and musicians to mint NFTs through the click of a button and reach a global community.

To ask questions and join the Fibo NFT community of artists and collectors, please join our Discord using the link below.

About Fibo

Related articles