A non-fungible token (NFT) collector today declared that his collection of Bored Ape Yacht Club NFTs worth $1.9 million was "hacked," and then said NFT marketplace OpenSea had "frozen" the assets for him.
Todd Kramer, who runs the Ross+Kramer art gallery in New York, tweeted that he had clicked on a link that appeared to be a genuine NFT dapp (decentralized application). But it turned out to be a phishing attack—and 16 of his NFTs were stolen. “I been hacked,” he wrote. “All my apes gone.”
NFTs are cryptographically unique digital tokens that prove ownership of physical or digital content such as art, GIFs or music files; Bored Ape Yacht Club is one of the most popular PFP (profile picture) collections, a series of cartoon ape images with randomly-generated attributes. They’ve proven popular among celebrities and influencers, with the likes of Snoop Dogg and Jimmy Fallon among those who own Bored Apes. So far nearly $1 billion has been spent on trading Bored Ape Yacht Club NFTs.
The NFTs stolen from Kramer’s collection included eight Bored Apes, seven Mutant Apes—generated by exposing a Bored Ape to “mutant serum”— and a single Clonex NFT. Per Dappradar’s NFT Value Estimator, the total value of the Bored Apes stolen is around $1.9 million.
Despite the obvious stress of Kramer's ordeal, many Crypto Twitter users were quick with the jokes, including multiple people suggesting Kramer must change his Twitter profile picture if he no longer owns the Ape.
The big freeze
Kramer later said tweeted that “All Apes are frozen” and that OpenSea, the biggest NFT marketplace, was helping him recover his stolen assets.
The news prompted criticism from some corners, with some people arguing that appealing to a third party to freeze NFTs flew in the face of crypto’s claims to be decentralized. “Feels pretty anti-crypto to be asking third parties to do this and ideally they shouldn’t be able to,” said Twitter user Forculus. “True decentralized ownership no one should be able to step in.”
Kramer added that he would use a hardware wallet in the future to keep his assets safe. Decrypt has reached out to Kramer and OpenSea for comment and will update this story if and when they respond.
Phishing is a growing problem in the wider crypto space, with cybersecurity company PhishLabs reporting a tenfold increase in phishing attacks on crypto exchanges in the first half of 2021 compared to a year earlier.
As NFTs have shot up in value over the course of 2021, they’ve become a tempting target for hackers and phishing attacks. In March, tens of thousands of dollars worth of NFTs were reported stolen from the Nifty Gateway marketplace by cyber thieves, while in August, pseudonymous developer Stazie lost 16 CryptoPunks NFTs to a phishing attack involving a malicious pop-up that requested their MetaMask wallet seed phrase.
Daily Debrief Newsletter
Start every day with the top news stories right now, plus original features, a podcast, videos and more.