hinata

account

Magazine

Official

Introducing three disastrous cases of NFT fraud and countermeasures [Don’t be fooled by this]

Official | 2022.12.12

Text by ゆーすけ

  • Information

“I want to start NFT, but I’m afraid there are some scams out there.

In this article, we will introduce examples of NFT scams that are actually rampant, scams that are hidden in familiar places, and introduce countermeasures to prevent them from falling victim to them.

We also introduce emergency measures that can be used in case you fall victim to NFT fraud, so please read to the end.

1. Actual NFT fraud cases

NFT fraud hits every day, and sometimes even major NFT companies.

The actual NFT fraud cases are as follows.

  • OpenSea falls victim to phishing scam
  • Yuga Labs falls victim to phishing scam
  • PancakeSwap DNS Hijack
  • Ragpull in Battle Cats Arena

I will explain them one by one.

(1) OpenSea falls victim to phishing scams

In February 2022, OpenSea, a major marketplace for NFTs, was hit by a phishing scam targeting users, and NFTs worth more than 360 million yen were illegally leaked.

The tactic was to send fake emails disguised as OpenSea to trick users into following malicious links and urging them to sign fraudulent contracts.

It is a fraudulent method in which if you sign, the NFT you have will go to the fraudster. Since it was a major market as a user, it is likely that it has become more reliable and more likely to be damaged.

Reference: Phishing scam on NFT’s OpenSea ─ CEO tweets theft damage | Coindeskjapan

(2) Yuga Labs fell victim to a phishing scam

The CEO of Yuga Labs, the developer of the high-value NFT “Bored Ape Yacht Club (BAYC)”, has foretold the possibility of a phishing scam.

Like OpenSea, which was launched earlier, Yuga Labs is aware that someone is attacking their project and warns BAYC holders of possible fraud.

In addition, BAYC has had several incidents in the past where the official Discord server and Instagram were hacked and the owner’s NFT was stolen by phishing scams.

Reference: BAYC development company Yuga Labs warns of possible phishing scam | coinpost

(3) PancakeSwap DNS Hijack

DNS hijacking is a scam that uses the exact same URL as the official site, and when you access it, it becomes a fake site.

In fact, it happened at PancakeSwap, the world’s largest DEX (Decentralized Exchange). Since the URL is the same as the official website, it is difficult for users to notice, and when you access the site, you will be asked to enter the wallet seed phrase (a string of characters obtained when creating a wallet).

Reference: PancakeSwap official account

(4) Battle Cats Arena Rag Pull

A project called Battle Cats Arena, which was advertised as a game that can be played with cat avatars, is an example of a rag pull.

Lag pull is a scam that announces that it will be launched someday, raises funds from investors, and steals funds without launching, and is a famous method among NFT scams.

In this case, the amount of damage was about 7 million yen.

Reference: The worst 6 NFT scams that disappeared one day (March 2022 edition) | Yahoo! News

2. NFT fraud lurking in familiar places

There are cases where the platform is hacked and victims of fraud, but there are also the following types of NFT fraud hidden in familiar places.

  • Fraudulent emails, fake sites, fraudulent links
  • Ads that feature photos of high-profile celebrities or entertainers
  • NFT price manipulation

I will explain them one by one.

(1) Fraudulent emails, fake sites, fraudulent links

This is true not only for NFT but for all cryptocurrencies, but we see fraudulent emails, fake sites, and fraudulent links everywhere.

As an example, if you tweet with the word “MetaMask” on Twitter, you will receive a spam reply, and clicking the link will take you to a screen where you can enter your wallet password and other information.

When you enter your password, the information is pulled out, and the NFT and virtual currency held in the wallet are stolen.

In addition, since Google search can use advertisements to be placed at the top of the search results, it is not uncommon for fake sites to be displayed at the top when searching the official website of the project.

The site is designed to look like the real thing, so if you use it without realizing it, your information may be stolen.

(2) Ads with photos of well-known celebrities and entertainers

One of the cryptocurrency fraud methods is to trick internet surfers by using advertisements with pictures of high-profile celebrities and entertainers.

In the UK in 2021, the total damage caused by cryptocurrency fraud, including such fraud, amounted to about 23 billion yen.

False advertisements are circulating all over cryptocurrencies, so it is possible that we will be able to see them in NFTs in the future.

Reference: Total damage of crypto asset fraud exceeds 23 billion yen in the UK: London police | Coindeskjapan

(3) NFT price manipulation

Some NFT projects are active in closed communities limited to holders.

The fraud that occurs in such places is NFT price manipulation. NFT holders of certain projects basically invest in anticipation of future price increases, but some people manipulate prices to create rising charts.

When the chart is formed, a certain number of layers that grab the high price will appear, so the price will go up further. The scheme of this scam is that when it finally hits the ceiling, the people and operations who were manipulating the price will sell it, and only they will get a large profit.

3. Measures to avoid falling victim to NFT fraud

If you encounter NFT fraud, it is difficult to deal with, and the law is not well developed, so the probability of your assets being returned is extremely low.

Therefore, take the following three measures to avoid falling victim to NFT fraud.

  • Seed phrase and private key are 100% confidential
  • Bookmark the official website
  • Get in the DYOR Habit

I will explain them one by one.

(1) Never give out your seed phrase and private key

The seed phrase and private key are important to protect the NFT from your wallet, so never tell anyone and do not enter it on a fake site.

Basically, there are no projects that ask you to enter a seed phrase.

If you are asked to enter a seed phrase even though it is a famous project, it is highly likely that the project has been DNS hijacked, so we recommend that you do not use it.

If you are very worried about your wallet, one way is to create multiple wallets and distribute NFTs to each wallet. Just like you don’t put eggs in one basket, if you keep your NFTs separate, you won’t have to worry about all your NFTs being stolen if one wallet’s information is compromised.

(2) Bookmark the official website

Bookmark the official website once you have visited it so that you do not enter your wallet information by visiting a fake website.

Bookmarking eliminates the need to search and virtually eliminates the risk of visiting fake sites.

However, if you access the fake site first, it will be meaningless, so it is recommended to access from reliable public media or CoinMarketCap at first.

In particular, CoinMarket has the official sites of almost all projects registered, so you can move safely.

(3) Get into the DYOR habit

DYOR is an abbreviation for Do Your Own Research. It has the following meanings.

  • don’t take someone’s word for granted
  • Look up information yourself
  • Investment decision is self-responsibility

Various projects are born every day in virtual currency and NFT, and it is a market with many investment opportunities. However, there are a certain number of fraudulent projects that have been created, so if you do not take someone’s word for granted, research the information yourself, and carefully examine the reliability of the project, you may get scammed.

There are various ways to find out whether or not it is reliable, but it is a good idea to check the following items with priority by looking at multiple media, news, SNS, etc.

  • Are there rumors of fraud or similar troubles?
  • Do you have a history of being hacked in the past?
  • Is the white paper sufficient?
  • Are VCs and investors specified?
  • Is your roadmap complete?

4. How to deal with NFT fraud damage

If you fall victim to an NFT scam, it will be almost impossible to recover the stolen assets and NFTs, but as a stopgap measure, try the following three types.

  • withdraw funds from wallet
  • Disconnect wallet
  • Consult a lawyer who specializes in cryptocurrencies

I will explain them one by one.

(1) Remove assets from the wallet

As a measure that can be taken when the assets have not been stolen yet, transfer the virtual currency and NFTs you have from the wallet to another wallet when you realize the fraud.

It’s hard to know that you’ve been scammed before your assets have been stolen, but if you can move your assets, you won’t have to worry about them being stolen.

And don’t use the stolen wallet in the future.

(2) Disconnect the wallet

Disconnecting the wallet is an emergency measure that can be used when you access a fake site and register your wallet.

If you can disconnect the wallet and transfer the assets from the wallet at the stage when you realize that it is a fraud, the probability of being victimized will be reduced.

However, there is a possibility that there are sites that are designed to automatically extract information and assets at the time of registration, so the first thing to do is to take measures to avoid being scammed.

(3) Consult a lawyer who specializes in virtual currency

The best way to deal with fraud is to consult with an attorney.

Japan does not have much progress in the legal development of NFTs, so I do not know if all the stolen funds can be recovered, but there is a possibility that legal action can be taken.

There is also a consultation desk established by a public institution called the National Consumer Affairs Center of Japan . In fiscal 2021, the number of consultations related to virtual currency was 4,662. I can’t say that this will always lead to a solution, but it’s a good idea to take advantage of the free consultation.

5. Arm yourself with knowledge so you can prevent it from happening

NFTs are still a nascent industry and are not well regulated, making uninformed NFT holders easy targets for scammers.

Therefore, while being aware of the countermeasures introduced in this article, it is important to look at various fraud cases and acquire knowledge so that you yourself will not be a victim.

  • Seed phrase and private key are 100% confidential
  • Bookmark the official website
  • Get in the DYOR Habit

Be aware of the above and be careful of NFT fraud before investing.

Recommended

  • [Aged sake x NFT] A new way to enjoy aged sake, where the taste of sake and the value of NFT grow over time

    Campaign

    2023.08.31

  • What is an NFT game? Thorough explanation of recommended rankings, earning methods, and points to note

    Campaign

    2022.12.09

  • [NFT and tax] A tax accountant explains how to calculate profits and how to file a tax return

    Campaign

    2022.12.12

  • NFTアートを作るおすすめアプリ5選!販売方法や注意点も解説!

    Campaign

    2022.12.12