Malicious NFT contract scams

Please be careful when connecting your wallet to unfamiliar sites offering an opportunity to mint an NFT.


It's common for scammers to impersonate upcoming projects. They do this around the same time the project they are impersonating is launching.


They will create fake websites, minting contracts, and social media accounts (Twitter, Discord admins, etc). They do this to confuse users hoping they lower their guards so they can mint an NFT.


Malicious minting contracts built by scammers will steal the funds from unsuspecting users. To do so, they need you to connect your wallet and grant the contract certain permissions.


To avoid being a victim make sure you are clicking credible links. Ensure you are connecting your wallet to the project's official website.


Furthermore, please be careful when connecting your wallet. Make sure you understand what permissions you grant any NFT smart contract.


Wallet transactions may ask you to grant a smart contract permission to access funds. This may be needed when minting an NFT which requires you to pay the creator a fee.


Sometimes you may be able to specify the amount of funds you are granting the contract access to. Some contracts may ask to access unlimited amounts of funds, this is not always a scam. This is common to remove the need for a user to approve each transaction.


Your funds may be at risk if permissions are not revoked after the minting is complete.


To revoke unlimited approvals, you can visit and connect your wallet. There you may review and revoke permissions granted by your wallet. You may also use Etherscan to view and revoke permissions granted by your wallet.


It’s important to remember, revoking permissions will incur a gas fee.


Was this article helpful?