You may receive unsolicited NFT airdrops that appear to be vouchers, promising free money if redeemed on a third-party website. These NFTs often contain links to external sites.
Be warned: these NFT vouchers are scams. Their aim is to lure you to third-party sites or apps where you'll be asked to share your 24-word recovery phrase or to sign a malicious transaction with your Ledger device, granting the scammer access to your accounts.
Given the transparent nature of blockchain addresses, stopping these scams is impossible. Even creating a new account won't help. However, you can protect yourself with some very simple steps.
When faced with an unwanted NFT voucher with links, it's best to observe the following rules:
- NEVER share or type your 24-word recovery phrase into any website or app. This phrase is the master key to all your accounts. Anyone gaining access to it could compromise your accounts and steal your funds.
- Avoid any interaction with links or websites associated with the NFT
- Do not send the NFT to another account or a burner address. Doing so requires interaction with the NFT's underlying smart contract, which could be malicious.
- Simply hide the NFT in Ledger Live by right-clicking on the NFT then selecting Hide NFT Collection.
I followed a link to a malicious website
Clicking or following a link embedded in a malicious NFT is not enough to compromise your wallet. The only scenarios that place your wallet at risk are sharing or typing out your 24-word recovery phrase, or signing a malicious transaction with your Ledger device.
If you suspect you've signed a malicious transaction using your Ledger device, act quickly. Use revoke.cash to immediately revoke all permissions associated with your account, and then contact customer support for further assistance.