Celebrity/brand impersonation: A scammer sets up a social media group or website using the name of a brand or celebrity. They then sell fake or nonexistent NFTs to people or use a fake NFT as a lure to swipe someone’s credentials.

Counterfeit NFTs: Just like counterfeit currencies, a brand's NFTs can be reproduced without its knowledge or consent and then traded online. In some cases, artists and brands have discovered thousands of fake reproductions of their property in online marketplaces. Some marketplaces have developed tools to spot fakes, but it’s still a tangled mess of copyright issues given all the visuals, music, and logos involved.

Unprotected marketplaces: Putting aside the irony of relying on centralized players like marketplaces to execute decentralized transactions, these third parties can also introduce significant risk. In the short span that NFTs have existed, more than 200 marketplaces have sprung up, and many lack the security needed to handle the impressive ingenuity of the attackers. In one scam, attackers targeted NFT marketplace users lacking two-factor authentication and used smart contracts to transfer ownership to their accounts.

Fake platforms: There are so many NFT marketplaces that it’s relatively easy for cybercriminals to build new ones, hide in plain sight, and sell fake NFTs. Another tactic in this category is to create identical replicas of existing NFT marketplaces and use social media or email to lure people in.

Untraceable payments: Because of the nature of cryptocurrencies, payments are very difficult to follow. The problem with untraceable transactions, in addition to circumventing taxes, is that they can be used for illegal activities – a vulnerability that cybercriminals exploit. By the time a company, artist, or celebrity realizes that something is amiss, the money is safely in the cybercriminal's bank account. It’s nearly impossible to trace and even harder to reverse.

Cryptocurrency scams: Cryptocurrency, predominantly Ethereum, is the key payment method used in NFT transactions, and cryptocurrency scams are incredibly common. This is especially the case around highly anticipated NFT releases that generate a lot of buzz. In the inevitable buying frenzy, scammers create scam-minting sites that request users' private wallet keys. When customers, often the most fervently loyal and valuable, fall victim to these scams, they may sour on the brand.

Text or email scams: A cybercriminal sends a malicious email notifying a person of "suspicious behavior" on one of their accounts. As that person logs in and enters their credentials, they are asked for their private wallet keys or 12-word security seed phrases. The scammers then use those credentials to hack into the user’s digital wallet and deplete all of the crypto and NFTs stored therein.