Know Your CrookSCAM REVIEW: Validate Your Wallet
Bottom Line Up FrontSomeone claiming to be a project support team or admin DMs asking if a question you posted in the channel was ever answered. Regardless of your answer, they will find some pretext to say you need to validate your wallet, and will send you a link to do so. The link is to a phishing site, and will most often ask you to enter your wallet seed phrase.OverviewThe particular approach used in this scam usually comes after a project makes some big announcement, and takes advantage...
Know Your CrookKeeping Your Wallets Safe
Updated 4/28/2022: added “Bookmark Frequently Used Sites” sectionBottom Line Up FrontKeeping your funds secure is an ongoing process that requires regular attention and action. Wallets should be disconnected from dapps and websites you are not currently using, and permissions should be revoked for projects you’re no longer invested in. Use separate wallets for holding, DEX trading, and yield farming. If you have high value NFTs, they should be held in separate wallets as well. Never store fun...
Know Your CrookSCAM REVIEW: Send Me a DM
updated 5/3/2022: Updated ‘Name Spoofing’ section examples and tipsBottom Line Up FrontAfter replying to or quote-tweeting a popular Twitter account, you get a reply from someone impersonating them asking you to send a DM. If you do, there will usually be a short exchange about whether you invest in crypto, and if so, what projects and how much. This is followed by a claim that they can make you some quick money, and directions to join an exchange or investment site. These sites are honeypots...
Educating readers on how to identify and avoid crypto scams, phishing schemes, and other financial crimes.
Know Your CrookSCAM REVIEW: Validate Your Wallet
Bottom Line Up FrontSomeone claiming to be a project support team or admin DMs asking if a question you posted in the channel was ever answered. Regardless of your answer, they will find some pretext to say you need to validate your wallet, and will send you a link to do so. The link is to a phishing site, and will most often ask you to enter your wallet seed phrase.OverviewThe particular approach used in this scam usually comes after a project makes some big announcement, and takes advantage...
Know Your CrookKeeping Your Wallets Safe
Updated 4/28/2022: added “Bookmark Frequently Used Sites” sectionBottom Line Up FrontKeeping your funds secure is an ongoing process that requires regular attention and action. Wallets should be disconnected from dapps and websites you are not currently using, and permissions should be revoked for projects you’re no longer invested in. Use separate wallets for holding, DEX trading, and yield farming. If you have high value NFTs, they should be held in separate wallets as well. Never store fun...
Know Your CrookSCAM REVIEW: Send Me a DM
updated 5/3/2022: Updated ‘Name Spoofing’ section examples and tipsBottom Line Up FrontAfter replying to or quote-tweeting a popular Twitter account, you get a reply from someone impersonating them asking you to send a DM. If you do, there will usually be a short exchange about whether you invest in crypto, and if so, what projects and how much. This is followed by a claim that they can make you some quick money, and directions to join an exchange or investment site. These sites are honeypots...
Educating readers on how to identify and avoid crypto scams, phishing schemes, and other financial crimes.
Subscribe to Know Your Crook
Subscribe to Know Your Crook
Share Dialog
Share Dialog
<100 subscribers
<100 subscribers
Free NFT mint offers can be legitimate, but more often than not they are a scam designed to steal your crypto assets in one way or another. If you decide to participate in a free mint, use a fresh wallet with no assets held on it, and pay close attention to the permissions requested from the minting smart contract. It is also worth searching the contract itself for any undisclosed minting fees.
If something looks too good to be true, it probably is. Projects offering a free NFT mint can, in some rare circumstances, be legitimate. But more often than not the promise of a free NFT is a vehicle for a scam designed to steal your crypto assets. Free mints tend to fall into one of four categories: marketing for a legitimate project; royalty farming on secondary sales; hidden minting fees; and malicious contracts.
Keep in mind, I am specifically referring to free mint offers - that is, you can connect to a smart contract and mint an NFT for free (minus gas fees). Giveaways that award someone with an NFT are different, and generally much safer as it only involves them transferring the already-minted NFT to your wallet.
With that out of the way, let’s dive in…
Sometimes, a project is looking to prime the pump on their minting. Let’s say a 10k project wants to build some hype: they might run a giveaway for a free mint on the first X NFTs as a marketing gimmick, then all mints after those will be paid. Often times people will have to jump through a few hoops before they can mint, such as tweeting hashtags/retweeting the team, inviting people into their discord, or otherwise shilling the project.
This is a legitimate use case for free mints, and depending on how many tasks you have to complete it’s not a bad way to get into some projects. That said, keep a close eye on the project’s socials, make sure they’re being open and transparent about their terms, and that they are actually following through with letting people mint.
In this case the mint is indeed free, and the project owner is hoping to make some money from royalties on the secondary sales. These projects are often spun up quickly, so it’s not uncommon for them to use stolen art, or art that is a lazy derivative of a popular project.
Basically, if there is a ton of hype around a particular project, dozens of copycats will will spring up hoping to cash in on it. Take a look at what their royalties are set to - if they are well above the normal amount (OpenSea defaults to 2.5%, for example), it’s probably just a cash grab. Minting one of these won’t necessarily put your own assets at risk, but you will be supporting a potential scammer and content thief all the same. The choice is yours, but personally I think the NFT space could do without projects like this.
Now we’re getting into true fraud. Sometimes, a free mint isn’t actually free. Instead, there is a small, undisclosed charge of around .005 ETH that most people don’t notice. After all, they’re still paying a gas fee for the mint, so the tiny amount on top of that flies under the radar. While each minter might only lose $10-$15 from the hidden fee, the total amount pulled in by the scammer can add up fast, especially if they have multiple such projects active.
You can see the mint fee clearly in the smart contract, even if you’re not a coder. A quick way to find it is to copy/paste the entire contract into a text editor, then do a page search for words like “mint”, “fee”, and “price”:
These scams are usually riding the hype from some other popular project, and they want people to mint quickly before A) the hype dies down, and B) people catch on that there’s actually a mint fee. Watch for lots of urgency and FOMO-inducing language in their socials, including counters on their site showing how many free mints are left (which are often faked, and will reset if the page is reloaded). Remember, there is always time to research a project to keep yourself and your assets safe.
These are contracts that are designed to drain one or more assets from your wallet as soon as you connect it. Sometimes, the contracts are are part of a targeted phishing campaign, and coded to look for and transfer specific high-value items like BAYC or Azuki NFTs. More often though, the contract will attempt to transfer out any and all tokens held by the wallet, and it can do so based on the permissions a user gives it when connecting.
I’ve written previously about wallet safety, but it’s always worth repeating: pay close attention to the permissions a site asks for whenever connecting your wallet. If a free mint site is asking for unlimited approval and automated transactions, that’s a huge red flag. Also worth repeating: the wallet you use to mint, store assets, and navigate Web3 sites should not be the same - use a separate wallet for each of those things.
Free mints are very rarely free. Assuming the project is legitimate and not charging hidden fees or trying to steal your funds, you will often still pay with your time and attention (this exchange sums things up nicely). For any NFT minting, always use a fresh wallet, and pay close attention to the permissions being asked for before connecting. Remember, there is always time to DYOR on a project, even a “free” one.
Have a question, comment, tip, inside info, or anything else? Email KnowYourCrook@ProtonMail.com
Free NFT mint offers can be legitimate, but more often than not they are a scam designed to steal your crypto assets in one way or another. If you decide to participate in a free mint, use a fresh wallet with no assets held on it, and pay close attention to the permissions requested from the minting smart contract. It is also worth searching the contract itself for any undisclosed minting fees.
If something looks too good to be true, it probably is. Projects offering a free NFT mint can, in some rare circumstances, be legitimate. But more often than not the promise of a free NFT is a vehicle for a scam designed to steal your crypto assets. Free mints tend to fall into one of four categories: marketing for a legitimate project; royalty farming on secondary sales; hidden minting fees; and malicious contracts.
Keep in mind, I am specifically referring to free mint offers - that is, you can connect to a smart contract and mint an NFT for free (minus gas fees). Giveaways that award someone with an NFT are different, and generally much safer as it only involves them transferring the already-minted NFT to your wallet.
With that out of the way, let’s dive in…
Sometimes, a project is looking to prime the pump on their minting. Let’s say a 10k project wants to build some hype: they might run a giveaway for a free mint on the first X NFTs as a marketing gimmick, then all mints after those will be paid. Often times people will have to jump through a few hoops before they can mint, such as tweeting hashtags/retweeting the team, inviting people into their discord, or otherwise shilling the project.
This is a legitimate use case for free mints, and depending on how many tasks you have to complete it’s not a bad way to get into some projects. That said, keep a close eye on the project’s socials, make sure they’re being open and transparent about their terms, and that they are actually following through with letting people mint.
In this case the mint is indeed free, and the project owner is hoping to make some money from royalties on the secondary sales. These projects are often spun up quickly, so it’s not uncommon for them to use stolen art, or art that is a lazy derivative of a popular project.
Basically, if there is a ton of hype around a particular project, dozens of copycats will will spring up hoping to cash in on it. Take a look at what their royalties are set to - if they are well above the normal amount (OpenSea defaults to 2.5%, for example), it’s probably just a cash grab. Minting one of these won’t necessarily put your own assets at risk, but you will be supporting a potential scammer and content thief all the same. The choice is yours, but personally I think the NFT space could do without projects like this.
Now we’re getting into true fraud. Sometimes, a free mint isn’t actually free. Instead, there is a small, undisclosed charge of around .005 ETH that most people don’t notice. After all, they’re still paying a gas fee for the mint, so the tiny amount on top of that flies under the radar. While each minter might only lose $10-$15 from the hidden fee, the total amount pulled in by the scammer can add up fast, especially if they have multiple such projects active.
You can see the mint fee clearly in the smart contract, even if you’re not a coder. A quick way to find it is to copy/paste the entire contract into a text editor, then do a page search for words like “mint”, “fee”, and “price”:
These scams are usually riding the hype from some other popular project, and they want people to mint quickly before A) the hype dies down, and B) people catch on that there’s actually a mint fee. Watch for lots of urgency and FOMO-inducing language in their socials, including counters on their site showing how many free mints are left (which are often faked, and will reset if the page is reloaded). Remember, there is always time to research a project to keep yourself and your assets safe.
These are contracts that are designed to drain one or more assets from your wallet as soon as you connect it. Sometimes, the contracts are are part of a targeted phishing campaign, and coded to look for and transfer specific high-value items like BAYC or Azuki NFTs. More often though, the contract will attempt to transfer out any and all tokens held by the wallet, and it can do so based on the permissions a user gives it when connecting.
I’ve written previously about wallet safety, but it’s always worth repeating: pay close attention to the permissions a site asks for whenever connecting your wallet. If a free mint site is asking for unlimited approval and automated transactions, that’s a huge red flag. Also worth repeating: the wallet you use to mint, store assets, and navigate Web3 sites should not be the same - use a separate wallet for each of those things.
Free mints are very rarely free. Assuming the project is legitimate and not charging hidden fees or trying to steal your funds, you will often still pay with your time and attention (this exchange sums things up nicely). For any NFT minting, always use a fresh wallet, and pay close attention to the permissions being asked for before connecting. Remember, there is always time to DYOR on a project, even a “free” one.
Have a question, comment, tip, inside info, or anything else? Email KnowYourCrook@ProtonMail.com
No activity yet