What do a lot of the worst cases of theft in the NFT space all have in common? They were orchestrated via phishing scams. Phishing scams occur when bad actors manipulate or trick users into handing over their personal information, such as credentials to access their crypto wallets. They are able to pull this off by impersonating reputable figures such as banks, NFT marketplaces, or even NFT artists.
Once these scammers get what they want, they’ll start bleeding you dry.
With the massive security breach uncovered at OpenSea in late June 2022, members of the NFT community’s largest and most active marketplace all became vulnerable to such schemes. During the breach, any OpenSea user that had shared their email addresses with the site at any point had their information turned over to an “unauthorized third party.”
Unfortunately, it isn’t just fishy emails that users have to worry about. Clicking any unverified link could potentially lead to your precious NFTs getting siphoned off to a stranger.
This is how a group of scammers was able to plunder the Bored Ape Yacht Club’s official Discord server in April 2022, which granted them access to the BAYC’s official Instagram. When scammers get a hold of trusted social media accounts, things can get especially dicey. For example, when Beeple’s Twitter account was hacked in late May 2022, scammers posted links to a fake NFT giveaway that would see users’ NFTs get stolen upon clicking the link.
Aside from employing the use of two-factor authentication for all of your accounts, the simplest way to avoid being scammed is to do your due diligence whenever you are asked for your wallet information. If an offer seems too good to be true, it usually is. Stay safe out there.
Want to know everything about NFTs? See our comprehensive guide. Prefer having the key points explained in under 400 words? See the other articles in our NFTL;DR series: