5 new ways of NFT scams that will shock you

Google “NFT scams” and you will come across incidents that will open up a world of strange and unthinkable ways used by scammers to steal thousands of dollars. 

It’s been only a few days since 2023, and events about NFT scams have already begun their attack. Let’s take a look at some frauds and hack ideas that have been used by scammers in the new year. 

Scam 1:

To begin with, there’s a new scam in which users think that their address is selecting non-fungible tokens for someone else. 

The scam has been shared by @cygaar, an affected user, through a series of tweets. The user explained that several applications identify token transfers via “events,” which are messages that can be broadcast publicly in a smart contract transaction. 

Etherscan and OS depend on events to find NFT transfers. In NFT transfers, there are transfer events for ERC721 as well as TransferSingle/TransferBatch events for ERC1155. 

When a token transfer takes place, NFT contracts update the owners of the token and send the transfer events. However, in cases like this scam, the token contract does not update any internal balances and emits only a TransferSingle event to make applications assume that a non-fungible token was transferred. 

In this case, 0xe091ab8213554dc87f0fba964ce995d1fb1263c0 is the sender, and it appears that they have transferred 1 ERC1155 token to some other address. If one searches via the input data, 0xe09 wouldn’t be found. Token sellers must be in the order data.

The scammer made a false collection, minted several tokens, and listed them on OpenSea for sale. To buy the tokens, they used another wallet. Fake transfer events with different addresses were emitted by the transfer function in the scam contract.

Below is the link to view the events that are broadcast in the transaction.

There will be an event with 0xe09 among the values.

The topic for the event is: 0xc3d58168c5ae7397731d063d5bbf3d657854427343f4c083240f7aacaa2d0f62. Upon doing a reverse signature lookup, it could be seen that the event is TransferSingle from ERC1155.

Let’s take an example of a code that imitates the scam. The safeTransferFrom function is overridden to emit an event that has random addresses in it. Since Seaport deploys safeTransfer to manage transfers, overriding such a behavior will make a Seaport transaction appear lawful.

The affected user replicated the same scam trick here:

Here it seems that through Seaport, 0xe09 is transferring an ERC1155. Moreover, OpenSea is also showing a token transfer.

To identify authentic sales and stay away from such NFT scams, follow the below steps:

Step 1: Check the Etherscan details carefully. Buyer’s address is the ‘from’ section. Address of the seller reflects in the Seaport input data. If this isn’t seen, it’s a matter of concern. 

Step 2: Check the OpenSea activity for the particular token. It is possible for a certain address’s activity to be fake, but the real sales activity for an NFT can’t be fake. For each sale, the scam token shows the same “from and to,” excluding the top user who was scammed.

Step 3: Check the actual contract code. In most of the NFT scams, the token contract is not verified, with the aim of hiding whatever is happening. If it’s impossible to read through the code, it can’t be trusted.

Step 4: A number of people click or sign transactions because they are convinced that such NFTs can be bought or sold for free money. However, in such situations, people lose money. 

Scam 2:

Next NFT scam that’s increasing is ‘Address Poisoning.’ What happens is when a user sends a normal transaction, the scammer sends a $0 token txn to ‘poison’ the txn history.

They use an address that has the same first and last few characters as the real transaction sent by the user in the hope that the user will not check the complete address and copy theirs in a future txn. 

It is suggested to carefully check the full address or use the Address Book feature. To seek help, users can direct to “Menu > Support” from the web or in the app: https://support.MetaMask.io Click the “Start a Conversation” button for answers from the chatbot.

Hardware wallets also offer security, but are not worthy of being trusted solely. 

Scam 3:

On Thursday, i.e., January 12, 2023, British company NFT Investments announced losing assets worth $250,000 in a cyberattack.

The firm defines itself as working with “entrepreneurs to develop NFT assets.” The incident was shared via the Regulatory News Service of the London Stock Exchange since the company’s shares are listed on the Aquis Stock Exchange Growth Market.

According to the company, a fraudulent phishing attack was found on Monday from an unknown external source, though the company didn’t disclose how the assets were lost. 

The loss includes less than 1% of the value of the current net assets of the company. 

Scam 4:

Let’s talk about one other incident involving another bad actor. On Thursday, CryptoNovo, a pseudonymous NFT collector, shared the news of being hacked.  

The attacker got his hands on three CryptoPunks, two CloneX non-fungible tokens, one Bored Ape, three Meebits and one Mutant Ape

In just 16 hours after committing the hack, the attacker sold all NFTs for 492.66 ETH. After that, the funds were moved to an account on ChangeNOW, a crypto exchange. 

To steal even more, the attacker has probably taken over the Discord account of CryptoNovo.

CryptoNovo took to Twitter to warn everyone not to send anything using his name and account number, as the Discord account is fake.

Scam 5:

In another attack, COO at RTFKT, Nikhil Gopalani, became the victim, as a phishing scam had drained his wallet. 

It seems that Gopalani’s collection has been drained by two wallets that escaped with 19 CloneX NFTs, 11 CryptoKicks, 18 RTFKT Space Pods, 19 RTFKT Animus Eggs, and 17 Loot Pods. 

Reportedly, all the NFTs have not been sold, so calculating the real value of each NFT isn’t possible. However, the collection’s worth is more than $140,000, according to their current floor prices. 

Tips to avoid NFT scams

With fraudsters increasing almost each day,  knowledge about useful tips is a must to maintain a safe distance from falling victims.

Here are some very reliable ways to avoid being affected by the scammers:

  1. If a collection is both purchased and sold by limited wallets, such an NFT collection must be avoided. 
  2. Twitter and Discord are proven ways to identify the legitimacy of a project. Good number of followers and an active community that shares information and discusses the project are signs that the project is genuine. 
  3. To stay safe from a counterfeit NFT, research is crucial. Among the first things to check is that a verified account has created the NFT. A blue checkmark on the profile picture of the artist is a reliable proof of authenticity. But if it’s not available, finding the social media platforms and confirming them is also recommended.
  4. Suspicious links should be avoided, as they are capable of sharing account details to fraudsters. 
  5. Passwords or seed phrases should never be shared. Two-factor authentication should be enabled on the account for additional layers of protection.
  6. Use VPN to encrypt and anonymize the NFT traffic. Generally, ExpressVPN is considered best for NFTs.
  7. Checking the name of the project on popular marketplaces is also a very reliable way to find out the legitimacy of the collection. If you are not sure about a project’s official name, visit rarity.tools and carefully check the official name. The platform will provide you an objective view of the uniqueness of the NFT collection. Also, Rarity Tools takes into account crucial aspects such as its popularity, owners and trading volume.

Some initiative by communities 

The DeviantArt website has a community of 500,000 plus artists and has experienced several cases where artworks of its members have been both stolen as well as minted like counterfeit NFTs.

As a response to this, DeviantArt has published an advanced image recognition tool that scans established public blockchains and third-party NFT marketplaces to find fake NFTs. 

Launched in August 2021, the tool has identified more than 50,000 counterfeit non-fungible tokens. 

Surge is also a useful platform, as it offers several Discord channels and forums to allow users to ask questions and get  advice.

Curious Addy’s Trading Club is another community that focuses especially on newcomers. It has made a purposeful NFT scam quiz that helps users identify fake NFTs and scams. 


Stopping NFT scammers isn’t easy, and how creative their minds are is clear from the methods and opportunities they figure out to fulfill their bad intentions. 

All that could be done is to be alert as a part of the NFT world and follow the above suggestions for a positive experience.