Recently, many NFT project teams and investors have been complaining about assets being stolen, even well-known creators have fallen victim. Kevin Rose, founder of Moonbirds, publicly confirmed that his wallet was hacked some time ago, losing 25 Chromie Squiggles and other NFTs, which raised alarm among many. In fact, NFT scams have become commonplace in this circle, with ever-changing tactics. Today, I want to discuss some common tricks to help everyone avoid falling into traps.

First, let's talk about the false advertising window trick. Crypto KOL NFT God once clicked on what appeared to be an official sponsored link in Google search results, downloaded malicious software, and had their wallet compromised, losing all assets. Google's ad system allows anyone to pay to rank at the top of search results, which has a very high click-through rate, creating a perfect opportunity for scammers.

Another common scam is fake airdrops. Scammers will first give you some unknown NFTs via airdrop, then offer to buy them back at a high price. Once you agree to the deal, you'll be directed to a phishing site to authorize the transaction, and your assets will be lost. Forged NFTs are also frequent; some steal works from well-known artists, list fake versions on the market, and even create a few fake transactions to confuse buyers.

Email scams are also a major area. During the OpenSea smart contract upgrade, hackers impersonated the official team to send upgrade reminder emails, tricking many users with phishing links. Holders of major projects like BAYC and Doodles have also fallen prey. Since many NFT projects require email verification, this gives attackers a chance to impersonate official accounts.

Official accounts being hacked or impersonated is also serious. After BAYC’s Instagram account was hacked, the hacker used the official identity to post scam links, tricking users into connecting MetaMask to fake wallets, ultimately stealing NFTs worth over $2.8 million. Yuga Labs’ Discord was also compromised before, with attackers posting phishing links directly in the official channels.

Another sneaky tactic is generating addresses with identical suffixes. Most people only check the first and last few characters of an address, so scammers exploit this by forging contract addresses that look the same, repeatedly airdropping small amounts of tokens. When you copy and paste, you might end up sending to a malicious address.

Knowing these tricks, how can you protect yourself? First and foremost, securely store your private keys and seed phrases. Once leaked, they cannot be recovered, unlike Web2 accounts where you can reset passwords. Scammers often lure victims through airdrops, free mints, or impersonating official admins to trick you into revealing your private keys.

Second, develop good habits: bookmark official websites, access social accounts directly from the official site, and avoid clicking links in private messages or emails lightly. Installing anti-phishing plugins can also help identify fake sites. Keep assets isolated by using different wallets for transactions and minting; for large funds, it’s best to keep the wallet completely separate and non-interactive.

Before participating in NFT projects, conduct thorough due diligence: check if social accounts are verified, cross-verify project information across multiple channels. When transferring assets, always verify the full contract address, preferably using your wallet’s address book feature to select the correct one, avoiding middleman modifications.

If your assets are stolen, immediately isolate your assets, change all social account passwords, and if infected by malware, disconnect from the internet. Afterwards, seek professional security firms to help trace the funds. NFT scam techniques are constantly evolving, so awareness and vigilance are the best defenses. Hope everyone can explore this ecosystem safely.