Lately, NFT fraud on Telegram has become extremely rampant. If you hold NFTs on Telegram (such as collectible usernames, +888 anonymous numbers, Gifts, etc.), you have likely received quite a few fraudulent messages at one point or another. Based on a synthesis of recent experiences, this article will teach you how to prevent your NFTs from being scammed.
Common Scam: The High-Price Purchase Order
If you've ever owned an NFT, you probably know that they are generally acquired via Telegram, Fragment, or other third-party marketplaces. Malicious actors love to comb through on-chain transaction logs, find your corresponding account (usually because your profile is linked to that specific NFT), and slide into your DMs. Typically, the scammer will offer an absurdly high price to buy your NFT—for instance, offering 100 TON or more for a username that might only be worth 10 TON. (The price is always guaranteed to be higher than what you paid, since their goal is to bait you.)
Then, they will ask you to complete the transaction on a website link they send you. In reality, Telegram allows users to disguise the text displayed in a message so that it differs from the actual destination URL (commonly known as "masking" or "hyperlink spoofing"), as shown below:
Although Telegram will pop up a confirmation window whenever you attempt to visit an external website, the domain names used by scammers are often extremely close to the official ones, and you might easily overlook the mismatch. The scammer will deploy a fake smart contract on their phishing site—such as creating a counterfeit token with the exact same logo as TON to execute a bait-and-switch. The moment you authorize the NFT transfer within your wallet, you end up receiving nothing but worthless "shitcoins."
Advanced Scam: Fake Telegram Bots
I have also encountered even more advanced scams where fraudsters build a custom Telegram Bot. Using the exact same tactic as mentioned above, they overlay a malicious link and disguise the bot as Fragment (or other reputable third-party trading platforms).
With AI being so advanced nowadays, scammers can effortlessly replicate a pixel-perfect front-end interface. Crucially, launching a Web App within a Telegram Bot does not trigger any additional security confirmation prompts. Confronted with an identical name and logo, it is completely impossible to tell a fake bot apart from the genuine Fragment platform. Once you authorize the transaction inside your connected wallet, your NFT is instantly drained.
With that being said, how do you protect yourself from these scams?
The solution is actually incredibly simple: anyone who genuinely wants to buy your NFT can make an official "Offer" directly on Fragment or any legitimate third-party marketplace. However, these platforms generally do not send you a direct DM notification. While someone might ping you on Telegram to remind you to accept an offer, you should bypass their messages entirely and head straight to the official Fragment website or their verified Bot to review and accept the bid. (Official Telegram Bots will always feature a verified blue checkmark next to their name.)
In short, never click on any unverified links sent in DMs. These scams are evolving constantly and are incredibly hard to avoid. I even reported a fake Fragment bot last month, and it still hasn't been banned yet qwq.
Comments NOTHING