“All My Apes Gone”: Protect Yourself From NFT Scams
Every month, NEST®, the first blockchain digital identity solution of its kind, discusses what’s hot and trending in the NFT world with the latest NFT news roundups.
Investors lose millions on OpenSea phishing scam
On December 30th 2021, Chelsea art gallery owner Todd Kramer lost 8 NFTs from his Bored Ape Yacht Collection (BAYC) and 7 NFTs from his Mutant Ape Yacht (MAYC) collection.
For the uninitiated, Bored Ape is a collection of 10,000 ape-themed NFTs that were based on a vision of millionaires congregating at an exclusive club to discuss business and make memes. After celebrities like Jimmy Fallon and Snoop Dogg bought NFTs from these collections, their floor prices reached more than $300,000.
Kramer’s collection of 15 apes was valued at an astounding 615 ETH ($2.2 million), and according to a Twitter user, he had lost it due to a phishing scam.
After the attack, Kramer tweeted “all my apes gone,” hoping to get help from Open Sea and the online NFT community.
But the community was uncharitable and mocked him for not storing his JPEGs in an offline wallet. Many users also quote-tweeted him with popular jokes and parodies, and “all my apes gone” became an internet catchphrase.
However, not all hope was lost as other buyers in the crypto community traced the buyers of the pilfered apes and helped Kramer get some of them back.
Open Sea also came forward and froze the sale of the stolen NFTs on their platform. In a statement, one of Open Sea’s representatives said they take theft seriously and will not allow stolen items to be bought or sold on their platforms. They also added that the platform is prioritizing on building security tools so they can maintain their site’s integrity and empower users.
The backlash against centralized intervention
Users pointed out that the intervention was a centralized response which was against self-sovereignty and immutability, the key tenets of blockchain technology.
Self- sovereignty gives individuals control over their digital identities and guarantees the authenticity of the transaction by establishing trust between the parties in a transaction. Immutability, on the other hand, makes the distributed ledger tamper-proof. So, the users contended that the transaction was valid and fair, and the rightful owner of the NFTs is the one who holds them after the transaction is complete.
Therefore, according to them, Open Sea’s intervention was “unnecessary” as Kramer no longer owned his stolen NFTs. The backlash continued but Kramer took to Twitter to thank community members who helped him recover some of his apes.
NFT scams are sadly too common
This isn’t the first time an NFT scam of this scale has occurred. In other news, January was the worst month for NFT scams.
- 54 NFTs worth $13.7 million were stolen after the Bored Ape Yacht Club’s Instagram and Discord were hacked. Hackers posted fraudulent links claiming that users could mint land on the upcoming OthersideMeta. The attackers redirected users to a copycat of the Bored Ape website and launched a safe TransferForm attack which asked users to connect their MetaMask to their wallet so they could participate in a fake AirDrop. However, Yuga Labs alerted their users quickly and attempted to reach out to the affected users to recover their assets.
- Blockverse NFT was a play-to-earn game built on the Minecraft universe. Investors could purchase playable characters on Open Sea and the creators even launched an exclusive cryptocurrency called $Diamond for the project. But whoever’s behind the game took the $1.2 million invested in the project and took off after deleting its website, Discord, and Twitter.
- 9,041 people were collectively scammed off $1.2 million by the Big Daddy Ape Club creators. The scammers persuaded people to try and mint NFTs for 1 Solana ($135.) Although the transactions always failed, the crypto would go through. According to SolRarity, the scammers have already pulled this stunt at least thrice based on the wallets where the money was funneled.
- Mercenary launched a medieval-themed NFT game with play-to-earn capabilities. The company bought ads on Twitter and reputed crypto news sites like BSC to get the attention of people and gain their trust. But it was a bluff and the game’s creators made off with at least $760,000, according to Peck Shield, a company which tracks crypto fraud in the community.
- If you like Pirate games, then we’d definitely not recommend Crypto Bay VIP. The game had an authentic-looking website that promised a lot of fun pirate-themed games, but as it turns out this was another scam. Whoever was behind the game made off with $1,098 WBNB on January 26th ($411,000,) according to Peck Shield.
- The Frosties NFT project promised that they would build a Metaverse in addition to minting NFTs. But unfortunately, the project turned out to be a scam and investors lost $150,000 on it.
- Doodled Dragons NFT was all set to donate money to The World Wildlife Foundation, but the founders changed their mind and pocketed at least $30,000 in cash from the scam.
- Attackers made off with at least 35 NFTs worth at least $900,000 in a widespread phishing attack. They hacked high-profile Twitter accounts to promote links to a URL impersonating the recently launched ApeCoin tokens.
- A similar incident occurred with Taiwanese pop star Jay Chou who also reported that he lost a Bored Ape to a phishing scam. Open Sea records show that the hacker transferred the item to another NFT platform called Looks Rare, where it was sold for over 155 ETH ($500,000.)
Does this mean that scams have been happening more recently because the Bored Ape collection is an easy target for hackers?
Not at all.
Even before “all my apes gone” became popular, Calvin Becerra, an NFT collector, lost 3 apes worth $1 million to a phishing scam on Discord on October 31st, 2021. He complained that the attackers took everything from him after posing as buyers and pretending to troubleshoot problems. Unsurprisingly, online commentators weren’t sympathetic and slammed Becerra on Twitter for his carelessness.
So, how to protect your NFTs?
Incidents like these are only the tip of the iceberg, and although the NFT space shows great promise for the future, it’s teeming with scams and thefts in the present. This is scary because the promise of a decentralized, independent system with no central authority also brings the challenges of ownership and authenticity with it.
In other words, “code is not law,” and you’ve got no way of proving that you own your digital assets. This is because the NFT space is still unregulated, and the current Web 3.0 ecosystem has no way to protect your digital wallets and assets from being hacked.
This is where NEST® comes in. It’s the world’s first truly decentralized Web 3 identity authentication app which allows you to prove that you own your NFTs.
Our application’s patented self-sovereign distributed identity (SSDID) marks every purchase, exchange, and transaction with an individual encryption key. This creates traceability and provides proof of ownership in the NFT space like physical documents would in the real world. So, even if all your apes are gone, the ownership details can be traced back to you.
When it comes to warding off phishing attacks and scams, NEST® adds additional steps for authenticating a transaction so hackers can’t fake your signature and execute a smart contract. It also provides a device-side storage that’s safe from hackers and can only be accessed with your encrypted private key file.
So, if you’re ready to join the Web3 revolution with next-gen digital assets management, sign up for our waitlist here, or follow NEST® on Twitter, Telegram and Medium.