Eelmisel aastal oli unprecedented for NFTs. From blue-chip collections to celebrities joining in to a huge influx of community members, the space has endured a meteoric rise compared to 12 months ago.
Although that’s brought liquidity to the space, opportunities, and vast potential to grow, it’s also attracted potential scammers. Due to the decentralized nature of the NFT world, many have been left vulnerable to a number of scams. And in many cases, there’s been little anyone can do to counter them.
Scammers are becoming more sophisticated, and every day someone tweets about losing their most prized digital gems. Collectors need to be more cautious than ever. Here’s how.
Peamised sihtmärgid
The NFT space is still in its experimental stages; many have compared it to the Wild West. There’s no overarching customer support, so you can’t report losses to “the authorities.” Yet the space still generated billions of dollars in 2021. That’s what makes it a perfect breeding ground for scammers.
So-called “blue chip” NFTs are being target the most, perhaps none more frequently than Bored Ape Yacht Club, which now boasts a floor price of 96 ETH. This means a scammer could rake in hundreds of thousands of dollars with a single click. In a space built on a strong sense of community and positivity, it’s still frighteningly easy for anonymous scammers to infiltrate conversations and manipulate holders. AlTõepoolest, selleks on vaja vaid hetkeline otsus.
The blockchain and NFTs provided autonomy, but it also means we’re responsible for our assets—no bank is watching over them for you. Understanding different types of scams will help keep your NFTs safe.
Pettuste tüübid
Võlts piparmündilehed
Often during highly anticipated NFT drops, a number of OpenSea pages pop up, which can make it difficult to verify which is the legitimate collection, especially if the collection isn’t verified. With FOMO percolating and time ticking, many collectors fail to take the extra step of authenticating where the assets are minting from, and they mint the wrong NFT.
Soon after, the illegitimate collection is removed from OpenSea along with that NFT, but the scammers still have the buyer’s money. This recently occured with Punks Comic, where many were tricked into minting from a fake OpenSea page, losing hundreds of dollars.
Sammud, mida võtta
Ärge kunagi klõpsake kontrollimatuid linke.
Kontrollige uuesti domeeni linki-kelmuse veebisaiti saab sageli eristada vaid ühe erineva tegelase järgi.
Confirm you’re minting the verified link by going to the official collection’s Twitter or Discord first.
Võlts õhutilgad
Due to NFTs existing on the blockchain, your wallet address is public to everyone, and so is your every move. This means anyone can interact with your account, and they can send NFTs to your wallet without asking—as in an maandamisalus.
Scammers will often send NFTs to your wallet to get you to interact with them and to try to obtain your personal details, so it’s best not to interact with any new NFTs unless you’ve verified their origin.
Esinemine kellegi teisena
Impersonation is perhaps the most malicious scam, and it can entail a variety of methods.
Recently, a Twitter account was brought to my attention that olnud my profile picture, a copy of my bio, had tweeted some identical tweets to my own, and had amassed 5,000 followers. The only difference between my account and the fake one was that the fake one’s username included an extra s: NFTs1nsight instead of NFT1nsight. That account could have easily fooled someone who hadn’t seen my real account.
I can’t be sure how the account was used, or if DMs were sent to potential scam victims, but I can only assume it was created maliciously. Such scams have become increasingly common, with some fake accounts adding thousands of followers to look more real.
Sammud, mida võtta
Kui teil on palju jälgijaid, ei tähenda see, et konto on tõeline.
Kontrollige alati Twitteri käepidemeid ja seda, kes kontot jälgib.
Kui kinnitate, et tegemist on võltskontoga, teavitage sellest Twitterit.
There are also brand impersonations, where scammers similarly create a profile to offer support to victims of hacks, often on Discord or Twitter.
Võltsitud lingid
Scammers will send fake OpenSea offers to people’s emails, asking recipients to click the “view” button. Those links often will take you to a fake page asking for your wallet and seed phrase. (Never ever send someone your seed phrase.) Similar scams are rife on Discord. Once a scammer has your info, they’ll transfer all of your assets to another wallet and sell them- ja neid ei saa kuidagi peatada. Leiate end võidujooksus, et päästa võimalikult palju NFT-sid.
Paljud petturid müüvad NFT-sid madalate hindadega lihtsalt selleks, et need maha laadida, ja kahtlased ostjad võivad need lihtsalt kätte võtta, selle asemel et uurida, kuidas müüja need omandas. Mõnikord võivad kogukonna jõupingutused seda takistada, kuid mitte alati.
Jenkinsi pettur: juhtumiuuring
Just recently, the Discord server of the prominent NFT project Valet Jenkins was compromised by hackers after a moderator shared his screen and they were able to lock down the Discord, banning the mods and the founders themselves. The hackers impersonated Jenkins, which then enabled them to drop a fake mint link to a stealth drop, which many members believed to be legitimate. Not only was the link almost identical to the original site’s, the hackers also created a stage to talk about the mint, banning anyone who questioned the authenticity of what was happening.
Unfortunately, many fell for it, and the community was scammed out of a few dozen ETH.
The lead moderator was tricked by scammers via Discord DMs that accused him of being a scammer himself. In a moment of panic and confusion, he tried to prove his innocence by sharing his messages. He shared his screen, which allowed the scammers to hack his Discord, and take control of the server.
The second issue was that Jenkins did not have full ownership of the server. Because of this, he was banned, which would have been impossible if he had owned the server. Since then, the permissions and ownership have been transferred and control has been regained, which should help prevent future scams.
The Jenkins team reacted decisively in response to the hack, rebooting its Discord from top to bottom, introducing 24/7 moderation via bots, conducting an audit, and compensating everyone who lost ETH in the scam. Jenkins also gave away one Bored Ape Kennel Club NFT as a way to apologize for the unfortunate incident.
A small upside is that the hack means they’re now better equipped to battle future scammers. (You can read more about the timeline of events and the full situation siin.)
On olemas häkkimine/kelmus (läheb 2fa-st mööda), mida petturid kasutavad lahkarvamuste tekitamiseks. Kui olete projekti asutaja/administraator, on see TÄHTIS.
Enne nende klõpsamist veenduge, et olete lingid kinnitanud-Ärge kunagi klõpsake tundmatute allikate saadetud juhuslikel või katkistel linkidel.
Ärge kunagi jagage oma ekraani.
Enne millegi vermimist kontrollige kindlasti lepingu aadressi, mis peaks täpsustama, kus NFT vermiti. Kui see on OpenSeas kinnitatud, peaks see olema legitiimne. Kui see tundub liiga hea, et tõsi olla, siis tõenäoliselt see nii ongi.
Ärge kunagi jagage oma taastamislauset kellegagi.
Hoidke algfraas telefonist ja arvutist eemal- salvestage see offline (“cold storage”), with multiple copies in safe places.
Kinnitage alati, et vermite kinnitatud veebisaidil.
For many, it’s easier and safer to turn off Discord DMs completely due to bots and scammers abusing them.
Lisage järjehoidjatesse kinnitatud saidid, nagu OpenSea— see aitab vältida võltslehtedele sattumist.
Kui vajate abi, ei saadeta teile kunagi esmalt DM-i— abi saamiseks pöörduge ametlike saitide poole, mitte sotsiaalmeedia poole.
Ask trusted friends questions, turn to official teams for answers, and don’t be afraid to ask questions that prioritize your safety and security.
Kasutage kahefaktorilist autentimist, mis on täiendav turvakiht.
Kasutage tugevaid ja ainulaadseid paroole— see on tark et kasutada konto loomisel iga kord erinevat parooli.
Kasutage riistvaralist rahakotti, nagu Ledger või Trezor— need külmad rahakotid on võrguühenduseta, nii et keegi peale teie ei pääse sellele teie privaatvõtme kaudu juurde.
DYOR. Before you do anything in the NFT world, make sure to research the collection, the seller, the contract, the link, and other details.
On Securing your NFTs 🔒
Sel nädalal olen vaadanud 5 erinevat rahakottide ohtu sattumise ja nende omanikelt NFT-de varastamise juhtumit.
See murrab mu südame iga kord, kui see juhtub, kuid mustrid on alati samad.
1/ Allpool on toodud mõned reeglid, mida järgida, et olla ohutu 🧵👇