OpenSea Freezes 16 NFTs Worth $2.2 Million Following Phishing Scam

By Robert Drage January 04, 2022 In Crypto News, NFTs, Scams

A Bored Ape collector’s NFTs have been stolen in a phishing attack, prompting top NFT marketplace OpenSea to step in and freeze the assets on its site as some community members tried to get them back.

On December 30, an NFT collector was the victim of a successful phishing attack which led the hacker to a collection of Bored Ape Yacht Club (BAYC) and other NFTs worth an estimated US$2.2 million:

Collector Todd Kramer, who runs the Ross+Kramer art gallery in New York and East Hampton, revealed in a series of tweets that he was hacked after clicking a malicious link fronting as a Dapp. The attack resulted in him losing 16 of his NFTs, with Kramer stating in a now deleted tweet: “I have been hacked. […] all my apes gone. [T]his just sold [referring to his profile picture] please help me”, further pleading with the OpenSea and NFT community to assist in any way.

BAYC has been one of the most successful NFT projects so far, with celebrities including talkshow host Jimmy Fallon and rapper Eminem also owning a few. So far, nearly US$1 billion has been spent on trading Bored Ape Yacht Club NFTs. 


Community Works to Return Stolen NFTs

Some buyers found the activity questionable as these NFTs were being sold for fractions of their value and had been flagged as suspicious by the marketplace:

After word got out, some community members approached Kramer to either sell back (albeit at a loss) or give back some of his NFTs.

The end result of the stolen BAYC and MAYC NFT fiasco has not been disclosed publicly, but it seems a few individuals helped ease Kramer’s worries and have assisted him in retrieving some of his stolen NFTs.

Freezing NFTs Brings Up Questions

After Kramer’s NFTs were stolen, OpenSea – the largest NFT marketplace – froze the assets, so they can’t be traded. In an earlier tweet, Kramer said: “All Apes are frozen […] Waiting for OpenSea team to get in”. This can be seen on OpenSea, where the items can no longer be bought or sold.

This comment attracted criticism from the community since a third party was getting involved, which goes against the idea of true decentralisation. One Twitter user commented: “Feels pretty anti-crypto to be asking third parties to do this and ideally they shouldn’t be able to.”

Even famed software engineer Grady Booch added his opinion about the lack of decentralisation in this case when he commented:

Silly me. And here I thought that the code is the law and that one of the very ideas of cryptocurrencies was the elimination of any possibility of centralised intervention. Hypocrites; every one of you.

Grady Booch

Lack of Operational Security Partly to Blame

In the end, one can be sure that if other owners were in Kramer’s shoes, they would be thankful. One other mistake on his part was not practising good operational security – Kramer’s stolen NFTs were stored on a hot wallet connected to the internet, rather than using a cold wallet that requires physical action on the part of the holder to verify transactions.

Phishing has been a growing problem in the crypto space, with cybersecurity company PhishLabs reporting a tenfold increase in such attacks on crypto exchanges in the first half of 2021, compared to the previous year.

Robert Drage

Robert Drage

Robert is a freelance researcher, with a background in information science currently interested in blockchain technology and technical developments in the field.

You may also like