Real NFT Marketplace vs Fake-Mint Site
How to distinguish a legitimate NFT platform from a fraudulent mint site designed to drain your connected crypto wallet.
Last reviewed: 1 June 2026
Most NFT mints are unremarkable. The project announces a date well ahead of time, the same URL appears on its website, its verified social account and its community server, the contract address is published so anyone can look it up on a block explorer, and the transaction you sign asks only to move the stated mint price. The fraudulent version is convincing because it appears in the narrow window when everyone is refreshing for a link and nobody wants to be late. The page is often a pixel-perfect copy, the countdown is ticking, and the wallet prompt looks like every other wallet prompt you have approved without reading. The distinction that matters most is not how the site looks, it is what the transaction actually asks for. Permission to spend a fixed amount is normal. Permission over everything you hold is not.
Side-by-side comparison
| Legitimate NFT marketplace or mint | Fake mint or wallet-drainer site | |
|---|---|---|
| URL and domain | Official domain is announced by the verified project account well in advance and matches the project's established online presence | Domain was registered recently; URL has minor differences from the official one (extra hyphen, different TLD, or misspelling) |
| Social verification | Project's official verified Twitter, Discord, and website all point to the same mint URL consistently | Mint link is shared by unverified accounts, in Discord DMs, or via paid social media advertisements not linked from the official project |
| Smart contract | Contract address is published on the official site and verifiable on a block explorer; code is audited and source-verified | No published contract address before launch; contract on-chain has not been audited or source code is not verified |
| Wallet permission request | Mint transaction requests a specific, limited permission to transfer a defined amount for the mint price — nothing more | Transaction requests unlimited approval of all tokens in your wallet, or a 'setApprovalForAll' permission on your existing NFTs |
| Gas fees and pricing | Gas estimates are reasonable and consistent with network conditions; mint price is clearly stated and consistent across all official channels | Transaction requires unusually high gas with urgency pressure; price on the site differs from what was announced officially |
Common red flags
- Mint link received via DM, advertisement, or from an unverified account — not from the official project channel
- Domain registered within days of the mint announcement
- Wallet connection requests unlimited token approval or setApprovalForAll
- Contract address cannot be found or verified on a public block explorer
- Urgent countdown or 'only X remaining' pressure with no prior announcement through official channels
Verification steps
- Navigate to the mint only through a link published by the project's verified official account — never through DMs or ads
- Check the contract address on Etherscan or the relevant chain explorer before approving any transaction
- Review the exact permissions requested by the transaction before signing — if it requests more than the mint price, reject it
What not to do
- Do not connect your main wallet to any mint site you found through a DM or social media advertisement
- Do not approve any transaction requesting unlimited or broad token permissions
- Do not rely on a site looking identical to the official project page — fake sites can be pixel-perfect copies
A safe response
Reject the transaction and close the tab. Nothing is lost by missing a mint, and a genuine project will still be there in an hour. Before you go back, reach the mint only through a link published on the project's own site or verified account, typed in yourself rather than followed from a message or advert, and read the permission line in the wallet prompt before signing. If you have already connected and approved something, open an approval checker such as Revoke.cash or the token approval page on the relevant block explorer, revoke anything granted to a contract you do not recognise, and move remaining assets to a fresh wallet. Then report the fake site to the real project and to your browser's phishing report tool.
Frequently asked questions
My wallet still shows my assets, so does that mean I am safe?
Not always. An approval does not move anything by itself, so your balance can look untouched for hours or days while the permission sits there waiting to be used. That gap is why checking approvals matters even when nothing appears wrong. Open an approval checker for your address, look at what each contract is allowed to touch, and revoke anything unfamiliar. If a large approval was granted, moving assets to a new wallet is the safer choice.
Is it safe to connect a hardware wallet to a mint site?
A hardware wallet adds security but does not protect you from malicious transaction approvals. If you sign a transaction that grants unlimited token access, a hardware wallet will still execute it. Always read the exact permissions requested before confirming any transaction.
How can I revoke permissions I already granted?
Visit Revoke.cash or use Etherscan's token approval section for your wallet address. You will see a list of all outstanding approvals. Revoke any approvals granted to unknown or suspicious contracts immediately.