NFT Swap Order Scam: How to Avoid It
|— NFT swap orders are a popular way of trading your non-fungibles in a peer-to-peer way.|
— But popular swap-order interfaces fail to show some key details – giving users a false sense of security, and creating an opportunity for scams.
— In this article, we explain the mechanics of the classic NFT swap order scam – so you can give it a body swerve.
In September 2022, a regular NFT trader fell victim to one of the newest scams in the Web3 space. The victim agreed to an NFT swap – but was tricked into agreeing to receive a fake token, losing their prized MAYC token in exchange.
The NFT swap order scam is rife, but the key to avoiding it is knowing what to look out for. So in this article, we walk you through the scam, explain exactly how it worked – and show you the red flags that could enable YOU to avoid losing an NFT in the same way.
NFT Swap Order Scam Explained
Peer-to-peer NFT trades are one of the newest options to hit the crypto market – they enable users to make direct swaps between wallets, without using a central protocol. Platforms such as NFTTrader and Sudoswap enable NFT swaps in a secure way via something called a swap order.
What is an NFT swap order?
A swap order is a customized trade that can be created by anyone looking to swap an NFT. By signing a swap order, you give permission to whatever instruction it contains – in this case, permission to take a given NFT from your wallet.
Using swap orders enables NFTs to be traded directly between users’ wallets – the trade can either be for another NFT, for crypto, or for a mixture of both. The precise conditions of the trade are determined by whoever creates the order.
Once created, the swap order will have its own page containing full details of the trade, including: a picture of the tokens being traded, a link to the OpenSea page showing the host smart contract for the token and a link to the Etherescan page showing full detail of that smart contract.
How did the scam work?
In this case, the victim was contacted directly by the scammer via a private message. The scammer proposed a swap between two MAYC tokens, volunteering to throw in some extra ETH as part of the deal. The scammer then created the swap order, and sent the code to the victim. This is the swap page it generated:
The left side of the page shows the assets the scammer was trading – in theory, an MAYC and some ETH, as agreed. The right side shows what the victim was trading.
The Hidden Details
Although the swap page appears clear and transparent, there’s a lot of detail it doesn’t show.
For example, it really doesn’t prove anything in terms of what collection the incoming NFT is coming from. Remember, any image can be minted onto the blockchain; the only way to really be sure it is from a genuine collection is to examine the underlying smart contract. This can be done by clicking on the Etherscan embed within the page.
A look at the smart contract specifics on Etherscan would have revealed a couple of big red flags about this swap.
- A brand new smart contract: the fake NFT belonged to a smart contract created just the day before the swap – the genuine MAYC collection was first minted in August 2021.
- Name spelled incorrectly: the NFT contract name contained a spelling error, a sure sign it wasn’t the real deal.
By not cross-checking the token using Etherscan, the buyer missed key opportunities to detect the scam – and effectively sold their MAYC for a fraction of its worth (the ETH throw-in element of the deal was valid, thanks to the SudoSwap protocol)
Now you have all the relevant context, let’s recap now exactly how this scam worked – and what measures you, the buyer, would use to avoid it yourself.
- Swap orders are created by whoever proposes the NFT trade
- The order page shows you the NFT image – but no smart contract information
- The scammer creates a fake NFT using images from the real collection
- The fake NFT (looking like the real deal) appears on the swap page, seeming legit
- Trusting buyers don’t scrutinize beyond this – and hit confirm on the scam
How to avoid the NFT swap order scam
Web3 is full of scams and dupes – but we have great news for you: with absolutely everything existing on-chain, you have more power than ever to look behind the scenes and check out exactly what you’re buying.
Here are a few different ways you can spot this scam yourself.
When swapping, always use Etherscan to:
- Check the contract creation date or when the tokens were first minted to ensure they match the real collection
- Check out the transaction activity to see if the trading volume matches what you’d expect from a big collection
- Verify that the Etherscan page itself is genuine by cross-checking the contract ID with the project’s official site or Opensea
- Check for spelling errors in the name of the contract page
Keep learning, stay secure
Web3’s buzzing internet of value presents a world of new options, all of them accessible directly from your wallet. But here, your hard-earned crypto is always at stake – and mistakes don’t have an “undo” button.
That’s why it’s never been more important to understand what types of scam are being deployed, and how to spot them. We’re here to help you with that.
Welcome to Ledger Academy’s dedicated Scams Glossary – your essential resource for navigating Web3 safely. See you next time.