Bad actors are starting to target the lucrative NFT marketplace and its users with scams and hacks. Here’s how to protect your digital collectibles.
Non-fungible tokens (NFTs) are having their moment in the sun. As a result, they have garnered a lot of attention – and not just from investors but scam artists as well. Bogus projects, hacks and phishing scams are rising on NFT marketplaces like CoolWallet-supported OpenSea. These bad actors are proving to be just as criminally masterminded on OpenSea as their pirate ancestors that traversed the open seas centuries ago to find soft targets for a lucrative bounty.
Unfortunately, the 2021 bull run has brought in a fresh tide of newbies into the crypto space. Coupled with the technical and security challenges of managing your own NFTs, even if you are experienced with crypto, this means it’s even easier for con artists to relieve NFT owners of their hard-earned money and assets
Nevertheless, scammers exist in every industry, and just because they’re on the rise in the metaverse, it doesn’t mean you should avoid dipping your toe in altogether. Below, we’ve outlined some common scams on OpenSea and other marketplaces, and what to look out for.
What is OpenSea?
OpenSea is the world’s largest virtual marketplace for NFTs. The tokens encompass a wide variety of virtual assets, including artwork, videos, avatars, trading cards, and even tweets, which all exist on a blockchain.
NFTs are a type of digital collector’s item. All NFTs are unique and non-fungible, which means that one NFT is completely different from another and cannot be traded one for one, even if they appear to be identical. Their distinctiveness stems from having unique cryptographic signatures. The asset’s innovation is that it creates digital scarcity, which increases value.
In 2021, OpenSea’s NFT trading volume surpassed $14 billion, far outpacing its 2020 performance of $21.7 million. Popular collections such as Bored Ape Yacht Club and Decentraland account for a large chunk of the platform’s overall transaction volume.
Although NFTs were first conceptualized in 2014 with the minting of “Quantum,” a pulsing octagonal image made by Kevin McCoy, their popularity has skyrocketed over the last year. More and more investors continue to recognize their value as a secure asset, while creators and collectors prize the ensured ownership and authenticity. In addition, NFTs can be made to give further revenue to creators upon secondary sales.
Contrary to popular opinion, OpenSea doesn’t hold any NFTs; it’s just a marketplace where creators can mint the goods and others can trade them.
Despite the many scams that have occurred on OpenSea, the marketplace is a relatively safe and secure environment for business.
In terms of security, OpenSea utilizes the Wyvern Protocol, which is an audited system that creates a personal smart contract for each user. This smart contract facilitates NFT sales by trading a user’s NFT ownership on the Ethereum network for cryptocurrency ownership or vice versa. The Wyvern Protocol also requires approval for each transaction from the proxy smart contracts involved before any assets can be accessed and the transaction can be executed.
Popular Scams on OpenSea
Due to the secure nature of all transactions on OpenSea, if a scammer is able to steal an NFT, it’s usually due to human error.
Below, we’ve listed the most popular OpenSea scams and outlined how to keep your wits about you so that you can prevent yourself from falling victim.
Fake NFT Swindles
Despite the unique nature of NFTs, fake ones do exist. Unfortunately, there’s only one way to avoid purchasing a phony, and it’s a rather arduous process.
Since everything on the blockchain is publicly available, it’s possible to check whether the address where an NFT was minted is genuine. You can check the contract address of an NFT by clicking on the details of a listing and then selecting the contract address, which appears as a link.
Now, you’ll need to match that address with the project contract address, which you should be able to find easily. Any reputable project should make this information public on their website or social media account.
To help with this process, OpenSea provides verification checks. If a blue verification checkmark appears on an account, OpenSea has made sure that the account is legit and safe for users to transact with.
Another sign that an NFT isn’t real is if its price is too low. If it seems to be priced far below comparables, it’s best to verify the asset’s authenticity before going ahead with the purchase.
Phishing isn’t just limited to the NFT space. People can fall victim to phishing in the traditional finance and investment world as well.
In crypto, the scam generally occurs when a fraudster poses as a representative from a bank or cryptocurrency firm and sends you an email or text message. These might contain a link that directs you to a fake website requiring you to enter private information. You are often asked to input personal banking details or passwords, which are requested under the guise of trying to verify your account. The website is designed to look exactly like the legitimate entity, so unsuspecting victims would think it’s just part of standard procedure.
In the case of an OpenSea phishing scam, the website might require you to enter your password or seed phrase for your MetaMask wallet.
The only way to avoid these types of scams is to only enter sensitive information on legitimate websites. The URL of the redirected page will differ from that of the legitimate site – if only slightly. If you’re unsure, it’s best to compare the two.
You can also bear in mind that legitimate entities will never send you an email directing you to another page where you will be required to enter this type of information.
However, another way that phishing scams can occur is through the use of a public WiFi connection. When using these insecure portals, if you enter any sensitive information, someone may be able to view it. The use of a reliable VPN can prevent this from happening.
Fake Bidding Grifts
Fake bidding has become another popular scam on OpenSea. It involves someone bidding for an NFT with USD instead of WETH (wrapped Ether). Sometimes, the scammer will include a picture of the WETH icon in their profile picture, leading unsuspecting sellers to think the bid is in WETH and accept it. Since USD is valued much lower than WETH, the seller would end up accidentally accepting a lower bid.
The only way to avoid this scam is to double-check every bid to ensure no mistakes are made.
Customer Support Impersonation Hustles
Similar to phishing, in this kind of scam, the criminal poses as a customer representative from OpenSea and pretends to help a user with a problem they are experiencing on the platform.
This happened to OpenSea user Jeff Nicholas when he went to the official OpenSea Discord channel looking for help and was invited to a separate Discord called “OpenSea Support Server” by two impostors posing as employees of the company.
During their disingenuous attempts to resolve Nicholas’ problem, they asked him to share his screen. This allowed them to take a picture of the QR code synced to his private key. Then they were able to make off with all the NFTs in his wallet to the tune of 150 ETH.
The moral of the story is, of course, to always stick to the official OpenSea customer support channels. When someone tries to direct you away to a private chat or different channel, you should always refuse.
Fake customer support phone calling is an old phishing trick that was used in recent years to dupe Ledger and MEW users into divulging their private details.
Although OpenSea has very strong security protocols, there is still room for human error. Clever swindlers who attain the confidence of their victims will always be hard to entirely curtail.
We all make mistakes and errors of judgment from time to time. However, no one wants those slips to cost them several thousand dollars or more in crypto assets. The best thing to do in order to avoid these OpenSea scams is to keep your eyes peeled and remain cautious. If anything starts to feel off, trust your gut and look into it before it’s too late.