6 Simple Tricks To Avoid Getting Scammed In The NFT Space

Here are fundamental actions to safely navigate the NFT space

Hello everyone!

After seeing scam after scam over the past year, I thought it was an excellent time to lay down some NFT security fundamentals.

www.kaloh.xyz 🔮 @Kaloh_nft

What are the best practices to avoid getting scammed in the NFT space? I’ll write a about that this week

7:37 PM ∙ May 15, 2022


1. Review any Website’s URL - Multiple times!

Reviewing the URLs is probably the most crucial trick or security hack you can learn. Before clicking on a link or interacting with a website (for example, connecting your wallet), you should review the URL multiple times. Scammers create fake websites and slightly change the URLs to make them look like the real ones. Let’s use my Newsletter website as an example (https://www.kaloh.xyz).

kaloh's domain url
  • Check the HTTPS handle instead of just HTTP. It keeps user communication, browsing, and identities private.

HTTPS (Hypertext Transfer Protocol Secure) is an internet communication protocol that protects the integrity and confidentiality of data between the user's computer and the site.

  • Review the URL spelling- in this case, someone could use kahlo, kal0h, or something similar to fool you.

  • Finally, review the domain—kaloh.io, kaloh.net, or something different than the official one. If you aren’t sure about the original one, do a Google search but keep in mind many scammers use malicious ads to confuse people. Look for non-ad official websites.

2. Don’t trust anyone on your DMs (Twitter, Discord)

Seriously, I see this every day. If you aren’t looking to engage with people (let’s say you aren’t running a business or a project), you should close your DMs.

Twitter avatar for @Flygohr

𝐅𝐋𝐘𝐆𝐎𝐇𝐑 @Flygohr

@Kaloh_nft @tamccullough don't trust that guy who wants to design an NFT for their daughter, and don't open ANY attachment you get without scanning it for viruses first. if it's a .rar with a password it's 100% a scam anyways

6:12 PM ∙ May 16, 2022


Social scams are getting more sophisticated. Scammers will do their research and develop a story tailor-made for you. In my case, a scammer acted as a company interested in purchasing newsletter ads. Right after, they sent me a “contract” file… This takes me to the next point.

3. Don’t open any files from strangers

Files could be malicious scripts that find your wallet password, seed phrase, or interact with your computer to give access to the attacker. Even a simple png file could hide a malicious script (most of the time, the scammers rename the file type to confuse you).

SCAM by ramaztt

SCAM by ramaztt

4. Don’t rush!

Before making any crypto transaction, take a breath or two. FOMO (fear of missing out) makes you do crazy things. That could be from buying a very expensive NFT that you later might regret to purchasing a fake (very expensive) NFT.

In the past, stealth drops were popular. Projects will launch without previous announcements, which was the case for the Go Gos on Tezos.

Twitter avatar for @gogos_tez

GOGOs @gogos_tez

The machine is up and running. 😅 gogos.tez.page

gogos.tez.pageGOGOs CastleWelcome to GOGOs Castle. We hope you enjoy your stay.

1:21 PM ∙ Oct 18, 2021


Although this launch was exciting, scammers started to take advantage by faking profiles, sites, and mints. Although legit stealth mints could happen, I think it is smarter to ignore them.

Twitter avatar for @JPapesky

Jerry 🔮 @JPapesky

@Kaloh_nft Time. Don't rush. Look carefully. Use different fonts to check usernames. ԁоре ≠ dope Copy/paste and change font

3:32 AM ∙ May 16, 2022

5. Be careful with “verified” Twitter accounts

Over the past months, this kind of attack is becoming more and more popular. Scammers get access to verified stolen Twitter profiles to fake affiliation with big projects like the Bored Ape Yacht Club or Moonbirds.

Fake Bored Ape Founder Running Scams

They will have a link to a fake website, claiming to be an airdrop or some sort of mint. These attacks have been a big issue and have scammed millions of dollars already.

moonbirds tweet

6. Use a cold wallet (aka hardware wallet)

Having a hardware wallet is a must-do if you are taking NFTs seriously. The popular ones are Trezor and Ledger.

The safest place to store your NFTs is in a cold-storage hardware wallet like Ledger. Hardware wallets are protected by a seed phrase, a password, touch authentication, and remain offline; meaning hackers can’t gain access. Whereas an online software wallet like Metamask can easily be compromised.

Read the long and detailed explanation at Securely Storing Your NFTs: A Complete Guide

Meme:) : r/ledgerwallet

These were the six fundamental tricks to navigate the NFT world safely. As they say, security is a journey, not a destination. Therefore, try to stay updated with the newest hacks and trends to avoid an unpleasant surprise!

Enjoy your weekend!

- Kaloh

Consider subscribing to Kaloh’s Newsletter to receive my articles for free in your inbox. For the full experience, become a premium subscriber.

Subscribe now

What you’ll get:

  • Premium posts + NFT market updates and monthly public posts.

  • Access to my private Discord server.

  • Participate in monthly NFT giveaways.

Find all the details here.

Collect this post to permanently own it.
Kaloh's Newsletter logo
Subscribe to Kaloh's Newsletter and never miss a post.
  • Loading comments...