Common NFT scams

  • Updated

Fake NFT mints, airdrops, and giveaways are among the most common scams targeting Phantom users.

Phantom is a non-custodial wallet, which means only you have access to your private keys—and only you can keep them safe. We can’t recover lost assets, but we can help you avoid the most common traps.

This guide explains trending scams like phishing links and fake NFTs, and how to protect yourself before something goes wrong.

Top tips

  • Keep Phantom updated. Use the latest version to benefit from new security and scam-prevention tools.
  • Use the Explore tab. Discover verified apps directly within Phantom to reduce the risk of connecting to malicious sites.
  • Double-check URLs. Verify links through official sources such as the project’s website, Discord, or X. Watch out for ads or slightly altered domain names.
  • Treat all unsolicited NFTs as suspicious. Assume any unexpected NFT airdrop is a scam. Don’t click links or approve transactions related to them.
  • Pay attention to transaction warnings. Phantom flags potentially malicious transactions through its simulation tool. If a warning appears, stop and verify the source.
  • Use a burner wallet for risky interactions. Fund it only with what’s needed to keep your main assets safe.

NFT airdrop scams

Scammers airdrop fake NFTs promising rewards, whitelist access, or VIP perks to lure users into visiting malicious sites.

How these scams work

  • Countdown timers and FOMO. Fake sites use urgency to push users into acting quickly.
  • Cloned communities. Fraudulent Telegram, Discord, or X accounts mimic real ones—always cross-check official URLs.
  • Unrealistic rewards. Guaranteed profits or rare NFT drops are typical red flags.
scam-nft.png

When you interact with one of these NFTs, by clicking a link or confirming a transaction, you may be:

  1. Tricked into revealing your recovery phrase on a phishing site.
  2. Authorizing a malicious transaction that transfers your assets to the scammer’s wallet.

In either case, the result is the same: loss of funds and control.

How to recognize and avoid NFT airdrop scams

Important: Any unsolicited NFT airdrop should be considered a scam NFT.

Phantom automatically checks NFT metadata and hides potentially malicious items in the Manage Collectibles section of your.

Unless you’ve manually hidden it, assume any NFT in that section is suspicious and report it as spam:
Select the NFTMoreReport as Spam (in both the browser extension and mobile app).

report-nft-as-spam.png

If you’re unsure, cross-check the NFT’s source through the project’s verified social channels. Never visit unknown sites or connect your wallet.

NFT mint scams

Scammers often promote fake NFT mints to steal your funds.

How these scams work

Fraudsters create convincing websites, social accounts, and ads for a “new” NFT project. When you try to mint, the transaction you sign can:

  • Send your funds to another wallet.
  • Grant token approvals that let scammers drain your assets later.

How to avoid NFT mint scams

  • Do your research. Check who built the project, their community reputation, and whether they have a public roadmap.
  • Verify official links. Only connect your wallet to URLs posted on the project’s verified X or Discord pages.
  • Watch for social media hijacking. Even verified accounts can be hacked—always confirm across multiple sources.
  • Ignore urgency tactics. Timers and limited-time messages are designed to make you act impulsively.
  • Review permissions. Be wary of contracts requesting token access.
  • Pay attention to Phantom’s warnings. If a simulation warning appears, stop immediately.

Evolving phishing trends

Scammers continually adapt their methods. Stay alert for these tactics:

  • AI-generated content. Scammers use AI to create convincing fake sites, marketing materials, and bios.
  • Ad-based phishing. Paid search ads may lead to cloned project pages.

Stay safe:

  • Visit official project sites by typing the URL directly or using verified social links.
  • Look for verified partners in Phantom’s Explore tab.
  • Watch for inconsistencies in domains or communication style—if it feels off, it probably is.

How Phantom protects you

Phantom provides several tools to help keep your Web3 experience safe:

  • Spam detection. Machine learning and partners like SimpleHash identify and hide spam NFTs and tokens.
  • Transaction previews. Phantom simulates transactions to flag phishing attempts or malicious contracts.
  • Community reporting. User reports improve detection accuracy across the network.
  • Verified banners and Explore tab. Access legitimate, reviewed apps directly from Phantom.

Consider using a burner wallet

A burner wallet is a separate, temporary wallet used for high-risk transactions like testing new apps or NFT mints. Using a burner wallet isolates potential risks, keeping your main wallet, and its contents, secure.

How to use a burner wallet

  1. Create a new wallet. In Phantom, you can create multiple wallets with just a few clicks or taps.
  2. Fund it minimally. Transfer only what you need for the transaction.
  3. Disconnect and delete. After the interaction, revoke token approvals and move any remaining funds before deleting the wallet. 

What to do if you suspect fraud

Even with precautions, scams can happen. Act fast:

  1. Revoke token approvals. Disconnect from malicious apps and revoke token approvals to block further access.
  2. Move your funds. Transfer remaining assets to a new or secure wallet.
  3. Report the incident. Use Phantom’s in-app tools to flag phishing NFTs or sites.
  4. Contact Phantom Support.

Important: Acting quickly can minimize losses. Stay calm, follow these steps, and we’ll help you through it.

Was this article helpful?

99 out of 115 found this helpful
Can't find what you're looking for?

Start a chat