Generative NFTs

The Dark Side of the Generative NFT Space: Scammers and Hackers and FUD, Oh My!

No idea what this pic means, but somehow it seems appropriate. Photo by Fábio Lucas on Unsplash

At the end of August, OpenSea reported its first week surpassing $1 billion USD in trading volume. In case there are still any doubters out there as to the escalation and seriousness of the NFT market, that milestone should be a wake-up call. As many of you know, I’m immersed in this world full-time as the founder of a team who brings generative art mint-on-demand drops to life for NFT teams worldwide. (Here’s info on that!)

We’re in the space daily. (I could almost say 24/7, but actually it’s more like 18/7, as I think we’re averaging 18-hour days lately.) As exciting as it all is, I really want newcomers to know that the volume of money floating around this space naturally attracts a darker element. It seems near daily that I learn of some new pitfall out there awaiting unsuspecting individuals or teams.

So, let’s look at some of these things:

Shadowy Anon Characters

I actually didn’t include this in my original draft of this article, but I remembered some things from when I was first starting out. (So, if you’re reading this, this part is a bonus section.)

Most people know of my for my numerous articles on generative art coding in the NFT space. (Just click this publication’s title and you’ll see about 20 articles on NFTs and generative art programming.) Back then, I only had about half of the NFT puzzle solved — the generative art part. But, the minting aspect came later on.

For a long time, I really wasn’t aware of how generative NFT sets were marketed, or why people bought them. I just thought they were cool. And the idea of making a smart contract seemed too technical and even impractical at the time. I just wanted to upload some cat NFTs and play around.

But of course, everything finally clicked, and I soon knew I needed to meet some Solidity experts. And that was my first introduction to the anonymous coders seemingly all over the place. These were people who’d do things like write smart contracts for you, for a fee, and you could never know who they are, where they live, or basically anything about them other than maybe their Discord handle or whatever. If you’ve been on any NFT teams, perhaps you know the type I’m describing.

Thankfully, by this time, I knew I wanted to make some kind of business out of generative NFT projects (making the art for clients and getting them online as well). And, as a pro web dev for 10 years, I just didn’t see how I could approach a client, meet with them, and convince them that we would outsource something as critical as the smart contract to someone like “CryptoShadow#2345” on Discord. I’d have been laughed out of every corporate Zoom call, right?

Not to make this about my own business, but I really do think this is a plus for us. We’re all fully documented, verified, LinkedIn listed, available, responsive, actual people, and we want to work with professionals who value that. Keep in mind that the smart contract dictates everything about your drop from a functional and financial standpoint. The last thing you or anyone wants is someone anonymous deploying that code on your behalf.

Ape Thieves

Just a “normal” ape — not necessarily one that was ever stolen. Note that it sold last for 45.445 ETH! Apes are among the most valuable possessions in the NFT world, so it’s no wonder their owners are often targets.

Of the many Discord-based scams out there, one recent social manipulation case stood out as a glaring warning for others — a guy who had three Bored Apes, plus a bunch of other NFTs (all totaled worth $800k) stolen. Like so many others before him, it all started with an OpenSea issue, and he was online seeking help for it. Follow that link for the entire story, as it’s just absolutely painful to read — and, if anyone is honest, it’s something that could happen to many users, even tech-savvy ones.

And, while the guy was clearly scammed (and thus arguably bears some of the blame for having allowed himself to be tricked), it’s also crystal clear that he uncovered some troubling vulnerabilities within Discord, Metamask, and OpenSea, all of which, in my opinion were probably not doing enough proactively to stop such vectors.

And it’s more than apes being stolen, too. If they get into your wallet, they’ll take your crypto as well!

Bottom line on this one: NEVER give out private keys or passwords, never believe anyone is who they appear to be (esp. in a situation in which you’re DM’d), and never share your screen in a crypto tech-support type scenario (and/or esp. during any interaction with any financial sites whatsoever). Bonus points for looking into cold wallet NFT storage possibilities (to be covered at a later date, but here’s one promising solution from Ledger).

BTW, there was an interesting piece written some three months back on another scam where people would make offers on apes in USD, when the real price was in ETH. In the article, it showed how Bored Ape #6874 was offered $2.75 (USD) when the actual price was 2.75 ETH. The owner saw the $2.75 and quickly assumed that it was the 2.75 desired, and bam… that ape was sold. I’m not sure if OpenSea addressed this issue yet, but it’s certainly something to be aware of — always review offers thoroughly before accepting.

(Of course, with the Bored Ape floor currently at 33.2 ETH(!!), buying it for the full 2.75ETH asked just three months ago would have been a real steal!)

Scam Sales

With scores of drops happening daily now, and many of them finding success with collectors, it’s no surprise that entire scam sites crop up quickly. What I’m seeing routinely now is this: A drop happens and then, as expected, the secondary market starts up almost immediately. This is a GOOD thing for the NFT teams, of course, as a healthy secondary market is always desirable.

But, the nature of NFTs is that they’re usually basically just graphics — especially within the generative art space that we’re talking about. So, these scammers immediately grab some of the graphics (usually the rare ones, of course), and they’ll setup a completely bogus collection on OpenSea, taking the time to manually setup meta data and everything.

And then they’ll drop links to their bogus item in the team’s Discord or other places online. Non-savvy users might then swoop in and think they’re snagging a rare item from the actual collection (because, well, it’s literally a perfect copy of the PNG), when in actuality it’s a counterfeit. Money = lost.

How users can avoid this: Make sure you’re looking at the official collection page on OpenSea. Your NFT team should be posting this on their social channels so that you know — and of course the mint site should be linking to it. Furthermore, for a successful set, you’ll see the number of owners on the collection page. If it’s zero or some low number, you’re looking at a fake.

How NFT teams can avoid this:

Manage your social channels vigilantly during and after the sale.
Be there and immediately ban those who post scam links.
Have mods in place to also recognize and ban these as soon as possible.
Post reminders periodically containing the actual OpenSea collection link.
Consider limiting the amount of NFT previews you offer, which limits the number of images these scammers can grab prior to a sale. The more you share prior to sale, the more the scammers will grab and post posing as your team.
Consider down-sizing the images posted in social media and/or on your web site prior to sale. If your images are, say, 2000px square, downsize your previews to, say, 500px square. This somewhat limits what scammers can do with the images.
Far prior to your launch, go into OpenSea and create various collections using the actual URL / alias that you want, as well as any close variants of this. For example, if your collection is called CoolCattleDogs, you can setup a collection with the URL https://opensea.io/collection/coolcattledogs. (The “coolcattledogs” part is what you get to designate when you setup a new collection.) So, get your intended name and also setup variants (like “cool-cattle-dogs” and “coolcattledogsnft”). Then, when you’ve actually launched your collection via a smart contract, you can change your reserved “coolcattledogs” to something else, which frees up the actual “coolcattledogs” for your deployer wallet to use when setting up the actual collection. This is a process you’ll want to approach carefully and quickly. (I always do it in realtime with clients. I have them login, change their “coolcattledogs” to something else, and then I’m also logged in with the deploy wallet and I quickly claim “coolcattledogs” for the collection. Works well this way.)

Scam Example

Funny, just a short time after writing this, I saw a prime example come to my Discord screen. Here’s a DM I got:

Indeed, “I-m-S-p-o-o-k-e-h” (not gonna spell the person’s handle correctly here) is a typical scammer, and I suppose truly IS spooky. At least victims can’t say they weren’t warned.

This is clearly about the extremely well-known / popular Galaxy Eggs project. How many of the above three links do you suppose are legit.

Since I own one of the eggs, I can tell you that the REAL OpenSea collection link is: https://opensea.io/collection/galaxyeggs9999 Ergo, we’re 1/1 on scams so far. Let’s go on:
The Galaxy Eggs URL indeed is correct, in an attempt to make the above valid.
This also appears correct, as it was auto-generated by #2’s appearance there.

That all said, the point of the above SCAM is to get people to go to the #1 link and purchase a fake. If you go to that link, it SHOULD be pretty clear that this is a scam. Yet, newbies to the field may well fall victim to it.

The screen-grab below shows what looks graphically correct. But, the tip-off of course is that there are 40 items (should be 9,999), 3 owners (obviously s/b thousands),and low volume. Just NEVER, NEVER listen to DMs. Just assume they’re 100% fake and you’ll do okay on Discord.

A quick peek at the REAL one (as of today, 09–15–21):

REAL OpenSea link is: https://opensea.io/collection/galaxyeggs9999 for this collection.

Here are some other scam DMs, just to show them. Note the similar-looking URLs, which are NOT to OpenSea:

FUD

Fear, uncertainty, doubt. It’s ubiquitous online, and especially so in the NFT space. I tell people al the time that the NFT space is like (1) a giant art gallery, (2) a home for collector enthusiasts, (3) a casino, and (4) the stock market — all rolled into one crazy environment, and without free drinks!

All of those categories contain good people, of course. But, as you progress from art lover to collector to speculator to investor, behavior and attitude changes among participants. One buyer of a given set might be a true lover of the artwork, and noting more. Another might not care at all about the art, but believes that the hype surrounding the project indicates an opportunity to flip NFTs for a quick profit.

And it would almost be okay if those were the only extremes. But, the whole space is actually more chaotic than that because nowadays the entire dynamic is no longer the glory days of “one team does a drop and hopes to sell out.” It’s now expanded into “eight teams (or ten, or twenty) are dropping today, many at the same time, all of them hoping to sell out amid the inevitable Ethererum gas war this will cause.”

And that creates more complicated motivations. I was hanging out in a Discord lately during a drop and watched FUD being spread by users with usernames indicating that they were proponents of a completely different, competing drop. So, while a given NFT team may have a loyal fan base built up, there could be members lurking within who are not there to support, but to manipulate what’s effectively a market — the market of your NFT drop.

What can be done to mitigate this risk? Again, solid and thorough participation and presence within your social channels (banning FUD-mongers and assuring supporters). Clear communication the whole way through — being absolutely proactive in terms of managing every last aspect of a drop. Have your verified contract and FAQs posted, and manage the entire sale from launch through sell-out, including the entire reveal process, which is naturally fraught with opportunities for FUD. (“Hey, I bought an NFT and it’s the same as everyone elses!” or “It’s been 24 hours and my NFT has not yet revealed — must be a scam!!!”)

I’ve learned a ton watching these things roll out (many successfully, a few unfortunately) and I’ve come to develop a process for managing every possible thing I can think of that could affect NFT teams during launches. It’s something I’m now proactively sharing with our generative art NFT clients, as I truly want them all to have the best chance possible for success.

Rugs and Pump & Dumps

Now that we’ve covered FUD, we get to the ultimate bad word in the NFT industry — “rug.” This is when a team completely abandons a project and absconds with the ETH. And this is what FUD-mongers usually suggest to scare off potential investors. I love how just months ago, we didn’t really have verbs like ape and rug and moon. But such is the lexicon of this frontier.

Pumping and dumping is similarly treacherous. It’s basically all of the DMs you get tipping you off to the next great drop — just a barrage of marketing, hugely inflated followings because of this, and no real substance ot the drop team itself. Of course, this term is particularly well known and comes from the stock market. (So it should be no surprise, as one attorney told me, that the government is actually looking at NFTs as securities.)

How can buyers avoid these? I’d say avoiding impulsive decisions (that play on people’s FOMO) would be key to either, although these days, with the savviness of scammers (as discussed herein), I would not be surprised at a team being highly convincing that a rug would be impossible, and yet still rugging a project after a lackluster sale (which can still equate to hundreds of thousands of dollars).

To be honest, there’s no way to ever know for sure, especially with smaller, lesser-known projects with little outside support such as affiliation with a known player, or possibly endorsement by someone trustworthy. (Though, even influencers who endorse teams can be bought. Many of them are just individuals with giant followings, and you pay them for favorable mention. So, I wouldn’t necessarily rule out a rug or a pump & dump just because Celebrity X says it’s cool. You’d think celebs would want to be careful out there, but even celebs can be scammed.)

And that said, in this often upside-down world, one can imagine a project possibly starting out as a planned rug by scammers, but winding up an actual success. There’s little logic in it. But then again, here we all are buying and selling JPGs. Who’d have thought this even 6 months ago?!

Be careful out there. Do your research. Protect your passwords. Don’t do anything even remotely sketchy. If it feels off, it probably is. And most of the time, you’ll be okay.

Information Regarding Generative NFT Coding Services

What it is, and how my new company GenerativeNFTs.io approaches it.

medium.com

Jim Dee is a prolific writer, developer, and multi-media creator from Portland. You can find him, his businesses, his books, and more at JPD3.com. Thanks for reading! Cat image here courtesy of Midjourney AI.