let’s make something together

Give us a call or drop by anytime, we endeavour to answer all enquiries within 24 hours on business days.

Find us

PO Box 16122 Collins Street West
Victoria 8007 Australia

Email us


Phone support

Phone: + (066) 0760 0260
+ (057) 0760 0560

Metaverse Scams and How to Avoid Them

  • 19 January 2023

In September 2021, the metaverse was on an upward trajectory. Investors were pouring more and more money into the virtual world, and NFTs were being sold for higher and higher prices. But while some were enjoying the excitement of this new frontier, others were ruing their investments. One large group of crestfallen individuals was mourning the loss of 798 ether, then worth $2.7 million, to the Evolved Apes NFT project. A collection of 10,000 NFTs that were to be used in a yet-to-be-developed fighting game immediately became useless (for this purpose at least) as the project’s developer, known as Evil Ape, disappeared with the money. This was supposed to have been used to pay the artist, give out NFT prizes and cash giveaways, develop marketing, and much more, but none of these things happened. The game, of course, was never made either. More than a year has passed since that time, but this kind of metaverse scam still occurs, as do others. So, what can you do to protect yourself? In this article, we will look at some of the different scams being carried out in the metaverse and how you can avoid them.

Rug Pulls

The Evolved Ape scam is known as a rug pull. This refers to a situation when the developer of an NFT project leaves with all the investors’ money, essentially ‘pulling the rug’ from under their feet. These projects are often surrounded by a huge amount of hype to build excitement and encourage plenty of investment. Another well-known example involves the SQUID digital token, which took advantage of the popularity of the Netflix show Squid Game to entice people in. Sold as a play-to-earn game, it ended the same way as Evolved Ape – the creators ran off with the money, and the token lost all its value, leaving its owners out of pocket.

So, how can you avoid a rug pull? Well, firstly, approach any project that you want to invest in with extreme caution. Don’t be influenced by hype and certainly don’t be rushed into anything. Do your research and find out as much about the project as you can before investing. Some of those stung by Evil Ape admit that they were drawn in by the excitement and as a result may have missed certain red flags; the increasingly unprofessional nature of the developer’s announcements and many of the key leaders of the project no longer being around are just two of the signs that could have been picked up on. Of course, with an incredibly sophisticated scam, it may be hard to find red flags, so another key rule is not to invest money you aren’t willing or cannot afford to lose.

In terms of the SQUID token, the easiest way to avoid losing your money on new, untested tokens is to avoid decentralized crypto exchanges. Many of these new tokens are listed on exchanges which are not controlled or regulated, and which have poor Know Your Client (KYC) measures in place, so scammers can get away with what they are doing far more easily. For some, sticking with centralized exchanges like Coinbase or Binance might go against the DeFi ethos of the metaverse, but it is considered to be safer. However, with the recent collapse of the FTX crypto exchange, even supposedly more trustworthy platforms might be seen as less secure in the future. At its peak, FTX had a valuation of $32 billion, but was forced to file for bankruptcy in November of 2022. There are still questions over what occurred, but some will worry about Binance’s connection to FTX and whether they can be trusted now. Previously, Binance was seen as one of the most secure exchanges, but they had an acquisition agreement with FTX, which they had to withdraw when the company crashed. Ultimately, this shows that we should be approaching every exchange with caution. It is absolutely essential to do your own research and find out as much as you can about both the token you are buying and the exchange you are using before going ahead with your investment.

Pump-and-dump schemes

Unfortunately, many more kinds of scams already exist in the metaverse. In a so-called pump-and-dump scheme, groups of scammers artificially inflate the price of a cryptocurrency or token that they have bought very cheaply. They can do this through building hype on social media and forums, sometimes using popular influencers to spread the message. As more and more people buy the token, the price skyrockets until a point when the scammers sell everything they have for a huge profit, thus creating a sudden influx of supply and crashing the price, leaving buyers with a low value asset. One example of this occurred at the end of 2021, when an announcement went out to say that Walmart would be accepting Litecoin – a barely used cryptocurrency from 2011. Some people rushed to buy it, but then Walmart revealed that they had not made the announcement; it was a fake. Though not too much was lost in this example, the blockchain, where crypto transactions are carried out, moves so quickly that people can make a lot of money in a short space of time if they pull off such a scheme effectively, meaning that those who lose money do so just as quickly.

Like with a rug pull, one of the main ways to protect yourself is to do thorough research. Carefully check the currency’s transaction history and wallet records. If any unusual patterns appear, such as a steady low price followed by a sudden rise with no apparent explanation, it could be a pump-and-dump. You could also try to find out if another reputable business has audited the code for the project or even check it yourself if you have the technical know-how. While many people won’t be able to do this, it might be possible to find out online if someone has, so it’s always worth a look. Ultimately, avoiding new tokens and cryptocurrencies and sticking to well established coins might be the best option to stay safe when investing.

Unlock the future with Mazer: Your innovation partner.

Phishing, fake profiles, and phony NFTs

Fakes make up a large part of the scamming world, including in the metaverse. Phishing is a classic trick for any fraudster. Convincing websites that apparently represent metaverse businesses can be created to get people to pay for NFTs or metaverse projects that are worthless or don’t even exist. Email links and ads can also take users to metaverse platforms that realistically mimic ones that they already use, but when they put in their data, the fraudsters hack their accounts and steal everything inside. Earlier this year, actor and comedian Seth Green had NFTs from the popular Bored Ape collection phished from his wallet, and one user had $1.4 million in Moonbird NFTs taken from their account after signing a smart contract on a phishing website that gave the scammer access to his digital wallet. All it takes is for your wallet to be connected to the wrong site and everything can be lost.

These kinds of tricks are sometimes legitimized through fake social media accounts. Representing real organizations or celebrities, tricksters promote phony crypto giveaways and sell fake NFTs. Sometimes, the accounts used are real ones which have been hacked. In May 2022, Beeple, an NFT artist whose collection of digital artworks was auctioned for over $69 million, had his twitter account compromised. The hackers were able to fool users into sending them $270,000 in Ethereum and stole a total of 45 NFTs. Like many scammers, they made use of urgency and exclusivity to lure people into the fake deal by offering the chance to win never-before-released digital art made by Beeple in collaboration with Louis Vuitton.

Counterfeit NFTs are also sold on some platforms. Scam artists take advantage of the lack of regulation currently implemented in the metaverse to set up duplicate versions of NFTs or tokens, which are sold using some of the techniques described above. This process has been made easier by cheap websites like Uniswap which allow new tokens to be created for a very low price. But fake NFTs don’t just appear in places like this – some people discover unpurchased NFTs in their accounts without any idea where they have come from. If the user interacts with the NFT, it triggers an action that drains their account of all its funds.

Once again, caution is key. Don’t click on links in emails or ad pop ups. Always type URLs directly into your web browser and double check that they are correct before taking action. On social media, check accounts for the blue tick that shows they have been verified and see if other reputable people follow them. Of course, if an account has been hacked, this won’t help you, so be wary of promotions offered on social media and don’t impulse buy, especially if the offer seems too good to be true. Research social media accounts associated with NFT creators, check forums for reports of illegal activity, and search for them on other platforms. If they appear on multiple NFT marketplaces, they might be fake. You can even contact creators directly via social media to check if a seller is legitimate. Also avoid linking your social media accounts to crypto or NFT exchange sites as this can be a source of phishing attacks. These can seem all the more realistic as they can be targeted to match your portfolio and interests. Finally, if an NFT appears in your account that you didn’t buy, do not interact with it.

How to avoid scam in the metaverse – general security

With the unregulated nature of the metaverse, it is important to have good general security practices to make sure that your data is safe. One of the key aspects of safety when it comes to cryptocurrency, NFTs, and the metaverse is holding your funds in a wallet. Though many cryptocurrency exchanges allow you to hold your funds and NFTs in a custodial wallet on the exchange itself, this gives you less control and security as they ultimately hold the private keys to access your wallet. Of course, generally speaking, this won’t be a problem, and it is certainly easier to move funds around, but for security’s sake, it’s probably best to use your own private wallet, especially if you have a lot invested.

Once you have decided to move your assets off the exchange, you must then decide which kind of wallet to get – a hot or cold one. A hot wallet is a form of digital storage that holds your crypto and NFTs and can be accessed on your computer or other device. Hot wallets are connected to the internet, which exposes them to hackers and fraudsters. Similar to online banking, there are a series of codes and other security measures in place to prevent this, but the risk is always there. Each hot wallet has a seed phrase made up of 12-24 words, making it extremely hard for hackers to crack, and of course you should never give this out to anyone. With your money safely in a hot wallet, you can carry out transactions easily, but the underlying security issues still remain.

To ensure absolute security, it is better to purchase a cold wallet. Also called a hardware wallet, this is a device similar to a USB drive that can be used to store your assets without them being accessible by internet hackers. You can move funds between your hot and cold wallets, but if you have a lot of cryptocurrencies and NFTs, it can be a good idea to keep the bulk of them on your cold wallet to be certain that no one can access them, even if they hack your hot wallet. Of course, you will need to keep the physical device safe too – if you lose it or it gets damaged, your assets will be gone. It’s also important to avoid second-hand devices as they could have been tampered with so that hackers can access them easily once they are plugged in to your computer. With a hot wallet for carrying out transactions and a cold wallet for safe storage, you can ensure the highest level of security for your digital valuables.

Final thoughts

Like with the internet, metaverse scams are always going to be a part of the virtual world. Cryptocurrencies, NFTs, and the blockchain, while offering certain benefits, are also susceptible to attacks, so it is important for both metaverse businesses and individuals to remain aware of what these might be and how they can be avoided. The metaverse is potentially a wonderful place, and there will no doubt be many incredible developments within it over the next few years and decades. The key advice is to do plenty of research, keep the majority of your investments in a cold wallet, and be highly sceptical of any new scheme, especially ones which are trying to push you to buy immediately – don’t get taken in by the fear of missing out. By protecting yourself against the possible pitfalls of the metaverse, you can set yourself up to make the most of this exciting new world rather than becoming a victim of it.

Read also: How The Metaverse Will Change The World

What is a rug pull in the metaverse?

A rug pull is a type of scam in the metaverse where the developer of an NFT project leaves with all the investors’ money, leaving the project’s value worthless. The projects are often hyped to attract investment, and examples include the Evolved Apes NFT project and SQUID digital token. To avoid being a victim of rug pulls, approach any project with caution, do thorough research, and don’t invest money you can’t afford to lose.

How can you avoid losing money on new and untested tokens?

The easiest way to avoid losing money on new and untested tokens is to avoid decentralized crypto exchanges. These exchanges are often not regulated and have poor Know Your Client (KYC) measures in place, making it easier for scammers to get away with what they are doing. To be safe, stick with centralized exchanges like Coinbase or Binance, but do thorough research on the token you’re buying and the exchange you’re using.

What is a pump-and-dump scheme in the metaverse?

A pump-and-dump scheme is a type of scam where groups of scammers artificially inflate the price of a cryptocurrency or token that they have bought very cheaply. They do this through building hype on social media and forums, sometimes using popular influencers to spread the message. As more and more people buy the token, the price skyrockets until the scammers sell everything they have for a huge profit, thus creating a sudden influx of supply and crashing the price, leaving buyers with a low-value asset.

How can you protect yourself from a pump-and-dump scheme?

To protect yourself from a pump-and-dump scheme, do thorough research, carefully check the legitimacy of any announcement or news before investing, and don’t be influenced by hype or rushed into anything. Additionally, don’t invest money you can’t afford to lose.

Unlock the future with Mazer: Your innovation partner.

Leave a Reply

Your email address will not be published. Required fields are marked *


Rafał Siejca

Rafal was a true early adopter of virtual reality and has a deep passion for the subject. He bought his first VR device more than two decades ago, was the first Oculus PL backer on Kickstarter, and has become one of the most prominent experts on VR and XR technologies in his home country of Poland. His personal interest has extended into his corporate life as well, where he worked as an IT Manager for PZU Group and an Expert at Bank Millennium before moving into the world of corporate VR, where he has amassed a decade of hands-on experience designing VR solutions. He is also a true metaverse fanatic who has put his heart and soul into building Mazer Space with the help of his talented team of developers, achieving magnificent results. As CEO and CTO, he ensures that each project is delivered on time to the highest possible standard.

Our Products