Skip to timeline

Web3 is Going Just Great

...and is definitely not an enormous grift that's pouring lighter fluid on our already smoldering planet.

Created by Molly White. Subscribe to her newsletter for weekly recaps.

NFTs reportedly stolen from influencer CryptoNovo, flipped for at least $525,000

A pixel art human head, wearing a grey hoodie and with a brown goatee, on a red-brown background.CryptoPunk #4608 (attribution)
Crypto influencer CryptoNovo tweeted, "I just got hacked!!! Are you kidding me!?!" with a screenshot of valuable CryptoPunk NFTs being transferred from their account. An attacker apparently transferred from CryptoNovo's wallet two or three CryptoPunks, one Bored Ape, one Mutant Ape, three Meebits, and two CloneX NFTs — all "blue chip" NFTs that fetch high prices.

The thief quickly flipped all of the NFTs for around 417 ETH ($525,000). It's unclear if one of the CryptoPunks was stolen, as it was transferred to a wallet to whom CryptoNovo has previously made transfers, but that NFT too was sold for 75 ETH ($94,200).

The thief made a pretty penny, but the loss to CryptoNovo is more substantial based on how much money they spent on the NFTs. They had purchased the Bored Ape in August 2021 for 30 ETH (then around $100,000), and CryptoPunk #4608 in September 2021 for 290 ETH (then $850,000).

The attack appears to have been phishing-related.

Theme tags: Hack or scam
Blockchain tags: Blockchain: Ethereum
Tech tags: NFT

Scammer steals fourteen Bored Apes from one victim, flips them for over $1 million

A Bored Ape with grey fur, wearing a red baseball cap, a green army jacket, and a blindfold over its eyesBAYC #2060, which the scammer claimed to want to license (attribution)
A scammer spent a month setting up a con in which they stole fourteen Bored Ape NFTs belonging to one individual. Posing as a casting director at a real film production company—complete with a fake website, a fake partner company, and fake individuals pretending to have signed deals with the company—a scammer was able to convince the collector that they were interested in paying $13,000–$17,000 to license a Bored Ape for use in an animation.

After some back-and-forth, with legitimate-looking contracts and falsified emails appearing to come from the real company's real founding director, the NFT collector was asked to use their crypto wallet to sign a contract, via the fake company partner website that had been set up.

When the collector did so, the smart contract drained the collector's wallet of its fourteen pricey Bored Ape NFTs, then accepted the highest offers that were outstanding on each of the Bored Apes, netting 852.9 ETH. The scammer converted the stolen ETH to the DAI stablecoin, making off with $1,075,000 in DAI.

Theme tags: Hack or scam
Blockchain tags: Blockchain: Ethereum
Tech tags: NFT

Collector loses four Bored Apes valued at over $500,000 to phishing attack

An illustration of a white-furred ape, with a bandage around its eyes, wearing a toga.Bored Ape #2393, the one stolen NFT yet to be sold (attribution)
An NFT collector who goes by ASEC_APE lost four Bored Ape Yacht Club NFTs to a phishing attack. The attacker quickly flipped three of the four NFTs for a total of around 200 ETH (~$387,000). The fourth is listed for sale on the NFT platform X2Y2 for 84.59 ETH (~$159,000) — a total profit of $546,000 for the scammer if they find a buyer at that price.

ASEC_APE had just purchased the four NFTs between July 15 and August 13 for a combined total of 326 ETH (~$532,000 based on ETH prices at the time of each purchase; ~$631,000 at the price on the day of the theft).

One of the stolen NFTs, Bored Ape 9012, had just been stolen a week before from Cameo CEO Steven Galanis when his wallet was compromised, as were a handful of other pricey NFTs. ASEC_APE had purchased it from the person who purchased it from the hacker shortly after the August 6 theft.

Theme tags: Hack or scam
Blockchain tags: Blockchain: Ethereum
Tech tags: NFT

"Animate your Bored Ape" scammers linked to more phishing attacks amounting to more than $2.5 million

Screenshot of an Instagram post promising to animate users' Bored Ape NFTs. Text reads "Wanna turn your Ape or Mutant into a cool GIF? - High quality - All attributes working - Only gas fees to pay (50$) boredapeyachtclub.github.io (LINK IN BIO) PM @exyt to get gas fees refunded!"Screenshot of an Instagram post promising to animate users' Bored Ape NFTs (attribution)
Crypto sleuth zachxbt has uncovered a French scam duo, Mathys and Camille, who he believes were behind the March "turn your BAYC animated" phishing scam in which they stole a collector's Bored Ape NFT and flipped it for 264 ETH (at the time worth $764,000). He has also tied them to four other Bored Ape holders who fell victim to fake "animator" phishing schemes that also stole pricey NFTs including Doodles and Mutant Apes. Among them, they lost NFTs collectively valued at $1.7 million. In his investigation, zachxbt also uncovered other crypto wallets that appeared to contain proceeds from other phishing scams, totaling around 497 ETH (~$851,000). "Undoubtedly there is more to uncover, but there is only so much that can be tracked through Tornado Cash," he wrote.
Theme tags: Hack or scam
Blockchain tags: Blockchain: Ethereum
Tech tags: NFT

Bored Apes Discord compromised again, 32 NFTs stolen and flipped for $360,000

Phishing message from Bored Apes DiscordPhishing message from Bored Apes Discord (attribution)
Scammers were able to compromise the Discord account of a Bored Apes community manager, then use it to post an announcement of an "exclusive giveaway" to anyone who held a Bored Ape, Mutant Ape, or Otherside NFT. When users went to mint their free NFT, the scammers were able to steal their pricey NFTs. The scammer quickly flipped the stolen NFTs for a total of around 200 ETH (about $360,000), then began transferring funds to Tornado Cash.

The Bored Apes Discord was also compromised on April 1, along with those of several other big-name NFT projects.

Theme tags: Hack or scam
Blockchain tags: Blockchain: Ethereum
Tech tags: NFT

Four pricey NFTs stolen from actor Seth Green, complicating his plans for an animated series

Portrait of Seth Green speaking into a microphoneSeth Green (attribution)
Actor Seth Green tweeted that he had been targeted with a phishing attack that resulted in the theft of four pricey NFTs: a Bored Ape, two Mutant Apes, and a Doodle. The thief quickly flipped three of the four NFTs for sale, netting 145.5 ETH (about $300,000).

The theft occurred on May 8, though Green only seemed to notice on May 17 when he tweeted, "Well frens it happened to me. Got phished and had 4NFT stolen."

The loss of the Bored Ape was later revealed to have put Green in a bit of a pickle, when he released the trailer for a new animated series he was developing that starred his pilfered primate. Given that BAYC ownership grants commercial usage rights (which are presumably transferred to the new owners when the NFT changes hands), the person who bought the NFT flipped by the phisher could have possibly brought a lawsuit against Green if he moved forward with the series.

Green ultimately spent about $300,000 to buy his ape back from the hacker.

Theme tags: Hack or scam
Blockchain tags: Blockchain: Ethereum
Tech tags: NFT

Phishing attack targets users of sites including Etherscan and CoinGecko

Popular cryptocurrency websites including Etherscan, CoinGecko, and DeFi Pulse were showing users a pop-up prompting them to connect their MetaMask wallets. CoinGecko founder Bobby Ong stated that he believed the culprit was a malicious advertising script from a crypto ad network called Coinzilla. The advertisement appeared to be from a site mimicking the popular Bored Apes Yacht Club NFT project, which was taken down after the scam was discovered. It's as yet unclear how many users accepted the prompt, or what malicious actions (if any) were taken.
Theme tags: Hack or scam

Phishing sites appearing to be the "Otherside" Bored Ape land project steal NFTs valued at $6 million

In what should surprise nobody, some of the historically phishing-prone fans of the pricey Bored Apes project fell for scams that pretended to be the Bored Apes' new land project, called "Otherside". In collectors' hurry to mint the metaverse land NFTs, some fell for phishing sites pretending to be the real deal.

Blockchain sleuth zachxbt found one such address that had netted around $1 million in NFTs just today, and tracing its transactions led to two other scammer wallets containing $5.1 million of other stolen NFTs.

Theme tags: Hack or scam
Blockchain tags: Blockchain: Ethereum
Tech tags: NFT, metaverse

133 NFTs valued at $2.4 million stolen when hacked Bored Apes Instagram advertises fake land airdrop

An illustrated ape with green fur covered in sores, wearing an orange beanie and 3D glassesBAYC #7203 (attribution)
The Bored Ape Yacht Club's Instagram account was compromised and used to advertised a fake airdrop for metaverse land. This was particularly believable, as the much-anticipated project announced it would be launching this week.

The post invited people to visit a website that prompted users to connect their wallets in order to receive the airdrop. Users who did so found their NFTs transferred out of their wallet to the scammer. So far, 44 people have fallen for the scam site, transferring a total of 133 NFTs with an estimated value of around $2.4 million. The stolen NFTs included items from pricey collections including Bored Apes, Mutant Apes, Bored Ape Kennel Club, and CloneX. Several of the NFTs had previously been sold for over $100,000 each.

Theme tags: Hack or scam
Blockchain tags: Blockchain: Ethereum
Tech tags: NFT

Apparent scammers drop NFTs appearing to be from the Bored Ape Yacht Club project

3D-rendered piece of "land" crudely made from simple polygons, with block text reading "1x1" underneathFake BAYC land NFT (attribution)
An apparent scammer was able to create transactions that appeared as though they were coming from the smart contract belonging to the Bored Ape Yacht Club. OpenSea's UI doesn't differentiate these spoofed transfers from those that are actually coming from the project's contract, and so only users who carefully look at the transaction details can spot that the NFT is suspicious. "This is unfortunately just how the blockchain works", wrote gofannon.eth, the Director of Engineering for the company behind BAYC.

Whoever was behind these transactions airdropped fake NFTs purporting to be a part of an upcoming BAYC metaverse land project, sending them to owners of pricey NFTs and various NFT influencers. It's not clear whether the NFT can perform malicious actions, or if any individuals have been impacted by it if so. However, part of the scam appeared to be to try to entice other users hoping to get in on the next new BAYC project to fall for a phishing scam. Tracing the transactions back showed an OpenSea profile with a fake "verified" badge and a mint link to what appears to be a phishing website, which invites people to connect their wallets to supposedly mint their own BAYC land NFTs.

Theme tags: Hack or scam
Blockchain tags: Blockchain: Ethereum
Tech tags: NFT

No JavaScript? That's cool too! Check out the Web 1.0 version of the site to see more entries.