It's no secret that trust and safety concerns are limiting web3 from reaching more users and gaining mainstream adoption. One specific problem that has cropped up is NFT spam and scams. It's a real headache for web3 savvy and web3-curious users alike – at its very best it clutters platforms and products, reducing the quality of user experiences and their potential to delight and engage folks. At its worst, spammy NFTs are created with malicious intentions and pose legitimate threats to your users.
Even if you and your platform are not responsible for the creation of spammy NFTs, if your users encounter it on your platform (or any platform, for that matter), it affects how they see your product and how they perceive the web3 ecosystem as a whole. Trust takes a hit. That's why us builders need to step up and protect our users from spam so we can help people explore safely, while boosting the credibility of the entire ecosystem.
Let’s dive into the issue of spammy NFTs and discuss how you can keep your users safe and build an excellent user experience for them. Together we can build an ecosystem that people can confidently be a part of!
Types of Web3 spam
Before we address how to keep users safe from scams and spam in web3, let’s look at the two points of origin for spam: on-chain and off-chain.
Off-chain initiated spam occurs through channels like social media, telegram or discord. Spammers flood people's timeline or messages with impersonations of credible projects to get users to visit malicious links, share their private keys or authorize access to funds.
On-chain initiated spam occurs when tokens, transactions or NFTs that are visible on-chain, but may still not be legitimate, flood user wallets and marketplaces.
For example, a fake NFT may have metadata that makes it seem affiliated with the popular Bored Ape Yacht club. To the untrained eye, it could look exactly like the real deal. This type of spam is highly-prevalent across the major chains. When platforms such as marketplaces and wallets, don’t filter it out, it gets displayed alongside legitimate content. To begin articulating just how prevalent spam is, 80% of NFTs minted on OpenSea in 2022 were spam, scam, or fraud.
Unfortunately, you can’t actually take much action beyond education, to prevent users from engaging with off-chain initiated spam and scams. But, there is a lot you can do in protecting users from on-chain initiated spam.
The consequences of spam NFTs
At the time of writing this, our team had detected nearly 70 million spam NFTs total on Ethereum and Polygon (and nearly 100k spam collections). As new protocols emerge and gas prices drop, it’s increasingly easy for spammers to enter web3, so spam is bound to continue getting more prevalent.
At its best, spam creates noise and clutter, adding friction and frustration to the user experience. Wading through an NFT marketplace to find quality NFTs in the midst of spam becomes burdensome. Looking in a wallet to find important transactions in the midst of unsolicited airdrops and transactions becomes tedious. Noise acts as a deterrent for users to participate in the ecosystem.
At its worst? It causes harm. According to a report from Wired, crypto scams generated a shocking $5.9 billion in revenue during 2022. While not all of this revenue was driven by spam and fraudulent NFTs, they were responsible for at least a portion of this. Without safeguards in place for users, it’s frustratingly easy to accidentally interact with spam contracts and inadvertently authorize the release of funds or assets to a bad actor. Yikes.
How web3 builders can fight back against spam and scams
Fortunately, spam is a problem as old as the internet (do you remember email before spam filters?) and while stopping spammers and bad actors in their tracks completely is a tall order, there are ways to protect users (and your user experience) from spam.
There are three lines of defense builders can leverage to help users steer clear of spam: education, filtering, and flagging. Let’s explore them.
Educate users about web3 scams and spam
The first line of defense is to educate users on how to identify and steer clear of spam and potential scams themselves. People once had to learn how to determine if an email address, content, or subject line might indicate spam. In the same way, we can teach users about common indicators of spam and tactics frequently employed by bad actors in web3.
Your approach to education as a line of defense can range from providing formalized courses that walk through common malicious behaviors, to tooltips and popovers in the onboarding process, or throughout any transactions. If you’re looking for an immediate solution, a curated guide of existing resources is a good first step to give your users a foundation in identifying web3 spam.
Here are a few resources to consider putting into your guide:
It’s important to continuously evolve your guides and educational material to align with changes in tactics – web3 is growing quickly, and so are the tactics bad actors are employing.
Remove spam NFTs from your platform
Education is just a small part of the solution. The second line of defense to protect your users (and your UI!) from spam and scams is to filter out spam NFTs from your users’ view.
If you’re building a marketplace, you could have an option for users to hide spam NFTs when viewing the marketplace or pre-emptively excluding spam collections from the marketplace altogether.
If you’re building a wallet, you can mirror the social media DM approach, with a focused inbox for messages that the user can expect to trust and a separate inbox for likely spam. You can adapt this concept by having a focused wallet view in which users view transactions they initiated, signed or directly interacted with; and a separate tab for NFTs or deposits flagged as spam.
Flag bad actors
In addition to tackling spam itself with filters and labels, you can take your protection a step further by flagging (or blocking from your platform completely) wallets that are known bad actors. If a particular wallet is originating spam contracts, help your users steer clear of them and warn them before making transactions with them. You could also consider preventing known bad actors from connecting their wallets to your platform or logging in using some sort of a watchlist system.
How to protect your users from spam NFTs and scams with Mnemonic’s API
Here's the bottom line: if we can't keep users safe from spam and scams, they won't feel comfortable adopting web3. It's crucial for us builders to prioritize user protection and establish practices that shield them from these threats…but creating spam detection capabilities in house or identifying bad actors at scale are complex, resource-intensive projects that demand continuous upkeep and support.
That’s where Mnemonic comes in. Our trust and safety capabilities enable builders to create exceptional experiences while doing their part in keeping users safe from spam, scams, and bad actors, without dedicating an entire data science team to this.
Here's how we can help:
Filter and label spam NFTs
Our proprietary spam detection capabilities can detect even the sneakiest of spam collections and spam NFTs. We’ve brought our spam detection capabilities to Ethereum and Polygon and enable you to flag or filter out NFTs from spam collections with an easy-to-use API. Learn more about spam detection and filtering
Identify bad actors
In addition to keeping spam at bay, we also enable builders to identify bad actors in web3 using predictive wallet categories which label wallets with a history of minting spammy contracts. Learn more about predictive wallet behaviors.