There has been enormous growth in the NFT space in the last few years across areas as varied as art, sports, gaming, or real estate. Amongst these use cases, NFT art collecting has particularly flourished. According to data from @rchen8 at Dune Analytics, the leading NFT marketplace OpenSea surpassed 1.8M users in June 2022. However, like any other sector with an open marketplace and high levels of activity, scams have also become more common.
Whether you’ve been involved with crypto and NFTs for several years or are just starting, it’s always good practice to continuously study safety and security. New scams arise regularly, so staying aware will help you sharpen your defenses.
Discord, Twitter, and Telegram are some of the main platforms NFT projects build out their communities and share information on mints, events, marketplace activity, and more. Scammers have noticed this and are always seeking new ways to exploit community members for their holdings. Discords, for example, are hardly a secure, scam-free environment: 41 NFT Discords were compromised within the first 10 days of June 2022 alone.
Here are some ways you can stay ahead of common scams on these platforms:
- Be cautious of any announcements offering a stealth or surprise mint, even from an official Discord account. An example is the exploit of the Bored Ape Yacht Club Discord server, where hackers took over a community manager's account and announced a surprise giveaway, posting a link to a malicious phishing site. Members who followed the link and participated in the airdrop soon realized they had fallen victim to a scam and their NFTs were stolen.
- When clicking on announcement links or public messages, confirm they are legit; this includes NFT mint announcements, airdrops, QR codes, or DMs (even from a name you may recognize). Do your research and verify all links, information, and announcements with a thorough investigation. Phishers, imposters, plagiarists, scammers, and hackers all exist on these platforms, so stay vigilant. Scammers rely on the fear of missing out (FOMO) mentality and employ a common strategy of urgent, time-limited messages with links to be clicked.
- Be wary of direct messages (DMs) on any social platform. Scammers often DM users, trying to lure them into clicking a phishing link for a fake mint, giveaway, airdrop, or purported alpha or insider information. They may even imitate the names and profile pictures of support staff associated with the project. Bad actors have been known to send malicious downloadable content via DMs that will compromise a device. We recommend you do not interact with these messages or click on any links or files provided. A community manager or team member should never DM you with private information or reach out to you offering support non-publicly. A popular security practice in web3 Discords is to close your DMs so that scammers cannot approach you discreetly.
It’s easy to let your guard down when you’ve become comfortable in a fun space, but with so much activity on these platforms, staying aware and informed is pivotal.
Below are some links to other content for further reading. Although it may not relate directly to NFTs, many of the principles of web3 safety are universally applicable, and it can never hurt to educate yourself: