On a blockchain based marketplace, once you hit BUY, and sign that transaction, there is no turning back. You can’t later regret it and demanding your money back, it doesn’t work like that. So be careful when you browse marketplaces and make sure you are buying what you intend to buy.
This is a feature, meaning something positive. It enables you to trade with people from all around the world, in an instant, and when you do your sale, or you buy something, you know that once you it is signed, it’s done. It’s a beautiful thing when you can move value to another part of the world in 0.5 seconds with WAX. You can buy a game item, or sweet collectible, or support a team or artist from all over the world.
This also mean that someone can trick you in different ways. There are scammers creating fake collections, fake websites and send out phishing links to trick you into signing over all or parts of your crypto or NFTs to their possession. These phishing links are often sent in DMs on platforms such as Telegram and Discord.
These fake websites they create often look very legit, basicly just as the websites you thought you entered with the link. They just has a slighly different domain name, changing one letter or adding one. Then you buy the NFT you wanted, and accidently sign a transaction sending away all your crypto and/or NFTs to the scammer. It's an illegal process by the scammer, but the chance for you to get your stuff back, is slim to non existant.
So please, slow down, read the links before you click them, if you are unsure, don't go to the website. Make sure you set up a secure password for your account, add 2fa, and NEVER send your password to anyone. Not a support person, not me, not anyone, ever.
Basic review of collections and projects
There are multiple releases of NFTs and new projects every day.. It's impossible to keep track of them all, or even to find out about all of them. Below will be a short list for you just to check off a few aspects of a project to remove some of the risk.
Now, this information can be faked, but at least you will get rid of some of the shitty ones.
- Check the roadmap, are they planning on adding more value as the project move on
- Is the time frame reasonable?
- Does the planned roadmap intrigue you?
- Is the time frame reasonable?
- Check the team, are they transparent about the team, their past, and their skills.
- Do you think they can deliver their promises?
- Do they have the required experience to build the project?
- Have their previous projects good reputation?
- Can you find them on other existing platforms, linkedin? facebook? twitter? other websites?
- Do you think they can deliver their promises?
- Check the artwork
- Is it original art?
- Do you like the art?
- Is it original art?
- The website
- Is the website executed well, or is it sloppy?
- Is the website executed well, or is it sloppy?
You would be suprised how many projects fail on the 4th part. It's a very basic thing, but many scammers are very lazy and don't even pull that off. If they don't have the technical skills to build a website, but they promise a good game.. Well, it likely won't happen.
Fake collections
There are many examples of fake collections and fraud NFT sales. Perhaps they promise something they have no intention of delivering, or they use stolen art. This often happens at the same time as a major collection has a sale, where they take the same artwork and try to have you buy it on the marketplace. They will have a different collection name, not being properly verified, but in the haste, you thinking you find a bargain, you hit that buy button and realize it to late.
One way to minimize this is to use marketplaces that only list verified collections, such as nfthive. Or to make sure you review projects properly and make sure you select the correct collection when browsing atomichub.
Scam phishing links
These are mentioned multiple times in this course already, but it's a big reason why... people fall for it, very often. I've seen many people loose a lot of value just by one bad judgement call when they clicked a link and signed a malicious transaction. It can happen to anyone, all you need is to be drunk, tired, sick or something that makes your judgement a bit blurry and you sign away all your have in your account. One account lost upwards to $500k from one of these phishing links.
They often promise cheap or free NFTs, or a bargain. If they DM you with an offer that sounds to good to be true, it probably is.
Fake support personnel
So, you go to the official group of a project, you ask for some assistance with a small problem. You then quickly get a DM, from someone that looks and acts like an admin. They got the correct name, profile picture, and all look legit. They start to help you, but soon they ask you to give them your password, private key or pay a fee for the help. This is often done through a form, or directly in the DM. This ofc is all fake, it's a scammer pretending to be nice, to have you trust them and give them your sensitive information.
This is also something that happen WAY TO OFTEN... I got a few friends that KNOW about this, yet, they made a bad judgement call and complied with the support person, and got all their stuff stolen.
On Telegram, these fraudsters either have their username hidden, or they have a username that is highly similar but different. So check that @ tag, and make sure it's 100% the same. They like to change "o" to zero, or a big "i" to a small "L".
my username is: @orcus, so a fraudster would change my o to a 0, and use @0rcus, at a quick glance, you might be tricked, because the profile picture and name is the same.
The same thing applies on Discord, to prevent getting scammed this way... NEVER give away your password, private key, recovery phrase, 2fa or anything sensitive to anyone. Not even your internet friend, they might not be the person you think they are.
Add 2fa to your accounts
Adding 2fa, or 2 factor authentication, means that you are required to have a 2nd source to enter your account. So even if a hacker has your login details, they are prevented from getting into your account if they do not also have your 2fa code.
The most common 2fa people use is the google authenticator, but there are many options like yubikey, Authy, FreeOTP etc..
This is specially important on your email, that can be used as recovery, any cloud based crypto service or exchange. It's a little bit annoying for you, but it's a lot harder for a hacker to steal your stuff. This is the minimum best practice for you to set up for your accounts.
Fake Trade links
Scammers are very creative, so what they do on e.g. atomichub, is that they take a screenshot of a WAX backed NFT, or a verified NFT. They then upload that screenshot onto a new NFT. So at a quick glance, it looks like there are thousands of WAXP backed on the asset, but in reality it's 0. Or they make it look like the real NFT, because inside the NFT image, it says the real collection name with a verified symbol... because it's a screenshot. But if you stop and look, you will see below that it's a fake collection that isn't verified.
Scammers are VERY creative, so please, stop what you are doing, take a deep breath, and double check stuff before you sign that transaction.
Summary
Trading NFTs is fun, collecting them, playing the games, it's all fun and good, until you make one bad judgement call.
Please take some precautions before it's to late. Some basic things you can do is:
- Try to research collections before you buy
- Don't click random links from random DMs
- Don't give away your password
- Don't have all your crypto in 1 account
- Don't have all your NFTs in 1 account
The last 2, are not for removing risk, but managing the damage if something goes wrong. if you have multiple accounts, and one get compromised... at least you didn't lose it all.
Now, you can go out and have fun!