NFT Fraud
What is NFT Fraud?
NFT FraudAny scheme that exploits the NFT market to defraud buyers or creators, including rugpulls, wash trading, plagiarism, and wallet-draining smart contracts.
NFT fraud groups together several distinct attacks. In a rugpull, a team hypes and sells an NFT collection then disappears with the funds, often locking the smart contract or abandoning the roadmap. Wash trading uses self-dealing wallets to inflate floor prices and trick buyers. Copyminting and art-theft mint other artists' work on OpenSea, Blur, or Magic Eden. Phishing campaigns convince holders to sign malicious setApprovalForAll or seaport orders that drain entire wallets. The US DOJ has prosecuted several rugpull cases (Frosties, Baller Ape) for wire fraud and money laundering. Defences include verifying contract source, checking on-chain holder distribution, using hardware wallets, reviewing every signature in Rabby or wallet-guard tools, and revoking stale approvals.
● Examples
- 01
Frosties 2022: founders shut down the project after a USD 1.1M mint and were charged by the DOJ.
- 02
OpenSea reported large-scale copyminting and wash trading in 2022, prompting platform-level filters.
● Frequently asked questions
What is NFT Fraud?
Any scheme that exploits the NFT market to defraud buyers or creators, including rugpulls, wash trading, plagiarism, and wallet-draining smart contracts. It belongs to the Attacks & Threats category of cybersecurity.
What does NFT Fraud mean?
Any scheme that exploits the NFT market to defraud buyers or creators, including rugpulls, wash trading, plagiarism, and wallet-draining smart contracts.
How does NFT Fraud work?
NFT fraud groups together several distinct attacks. In a rugpull, a team hypes and sells an NFT collection then disappears with the funds, often locking the smart contract or abandoning the roadmap. Wash trading uses self-dealing wallets to inflate floor prices and trick buyers. Copyminting and art-theft mint other artists' work on OpenSea, Blur, or Magic Eden. Phishing campaigns convince holders to sign malicious setApprovalForAll or seaport orders that drain entire wallets. The US DOJ has prosecuted several rugpull cases (Frosties, Baller Ape) for wire fraud and money laundering. Defences include verifying contract source, checking on-chain holder distribution, using hardware wallets, reviewing every signature in Rabby or wallet-guard tools, and revoking stale approvals.
How do you defend against NFT Fraud?
Defences for NFT Fraud typically combine technical controls and operational practices, as detailed in the full definition above.
What are other names for NFT Fraud?
Common alternative names include: NFT scam, Rugpull, Wash trading.
● Related terms
- attacks№ 509
ICO Scam
A fraudulent Initial Coin Offering in which the issuers raise cryptocurrency from investors based on false promises and disappear or collapse after the sale.
- attacks№ 242
Cryptocurrency Laundering
The process of obscuring the origin of cryptocurrency obtained from crime by moving it through mixers, chain-hopping, and exchanges before cashing out into fiat.
- attacks№ 821
Phishing
A social-engineering attack in which an attacker impersonates a trusted party to trick a victim into revealing credentials, transferring money, or running malware.
- attacks№ 1065
Social Engineering
The psychological manipulation of people into performing actions or disclosing confidential information that benefits an attacker.
- web3№ 1221
Wallet Drainer
Malicious software or a phishing kit that tricks crypto-wallet users into signing transactions or approvals that hand over all valuable tokens and NFTs.