When chastised by other NFT collectors who assumed he had stored the ape on a hot wallet, Moulène clarified that the NFTs had been stored in a Ledger hardware wallet. He later tweeted, "Since I've got a platform, here's what I learned today: COLD WALLET, does not just mean storing assets in a series of ledgers/trezors. It means a wallet that is NEVER Linked to anything besides MM or OS." Moulène went on to threaten legal action, saying, "Oh I will spend 10x that ape tracking these fucks down and suiting [sic] them into oblivion." and "I'm going to pursue legal action in the states and internationally (if need be) to find the people responsible and hold them accountable."
Another collector loses a Bored Ape to a phishing scam
NFT collector Cameron Moulène was excited to see a link promising a merch drop in the bio of an account with the same branding as Bored Ape Yacht Club, but with the handle BoardApesYC (rather than BoredApesYC). Clicking the link, which matched the BAYC website link except with a character swapped in ("yarht"), the trader connected his wallet and soon found his favorite NFT transferred to the phisher. He had originally purchased Bored Ape #5778, which he described as his "forever ape" that he never planned to sell, in August 2021 for 53.88 ETH ($166,684 at the time). The scammer flipped the Ape within an hour for 110 ETH ($368,660).
- Tweet by Cameron Moulène
- Bored Ape #5778 on OpenSea
Hacked verified Twitter accounts impersonate BAYC founders, scam $1 million with fake ApeCoin airdrop
Some scammers obtained hacked verified Twitter accounts, then rebranded them to claim to be founders of the Bored Ape Yacht Club. They then tweeted about how their team's ApeCoin launch had been so successful, they'd decided to airdrop more tokens. Users who clicked the link and connected their wallets quickly discovered they'd been scammed when their high-value NFTs were transferred from their accounts, then flipped for resale. One victim of the scam said they'd lost $600,000, and tweeted: "@BhawanaCAN put out a tweet refering for more $ape available- I trusted the blue checkmark @twitter @jack now the ape and my gutter cat is gone - fuck you @BhawanaCAN". @BhawanaCAN, prior to the hack, was an account belonging to the former CEO of the Cricket Association of Nepal.
There were multiple scammer accounts involved in the scheme, and one researcher has estimated that the scammers had made around $1 million from reselling the NFTs as of March 24. A similar hack had occurred several days earlier, in which a hacked verified account impersonated a BAYC founder and successfully stole three pricey Bored Apes from a collector.
Phishing scheme promising to animate one's apes nets attacker a collector's three pricey Bored Apes
An NFT collector fell for a scam website promising to "turn your BAYC animated". After connecting their wallet, the attacker transferred their three pricey Bored Ape NFTs to their own wallet, then quickly flipped them for resale for a combined total of around 264 ETH ($764,000). Zachxbt, a crypto fraud sleuth who first noticed the scam, estimated the NFTs' actual value at closer to $900,000.
It appeared from the victim's retweets that they had fallen for a scam shared by a verified Twitter account that claimed to be one of the Bored Apes founders. However, a closer look at the Twitter handle showed it was a hacked account with the username "volt_france", which previously had belonged to the French branch of the Volt Europa political movement.
NFT collector files $6 million lawsuit against OpenSea, LooksRare, and the company behind Bored Apes for not doing more to discourage thefts
Robert Armijo is the former owner of three valuable NFTs — one Bored Ape and two Mutant Apes — which he bought for a total of around $300,000 between November 2021 and January 2022. On February 28, he filed a lawsuit against the NFT marketplaces OpenSea and LooksRare, as well as the company behind the Bored and Mutant Ape projects, Yuga Labs. The lawsuit was filed only ten days after another former Bored Apes owner filed suit against OpenSea for allegedly failing to secure their platform.
On February 1, he was the victim of a phishing attack in which he lost the three pricey NFTs. He had agreed to trade one of his Mutant Apes for another NFT he was interested in, but he and the prospective buyer had to perform the transaction through a platform other than OpenSea or LooksRare because it was a swap rather than a purchase for ETH. Armijo turned down several suggestions of platforms by the other party, saying he was unfamiliar with them, and instead suggested one of his own choosing. However, the other party was still able to send him a trading link that appeared to be from the site he had suggested, and Armijo approved what turned out to be an illegitimate transaction that allowed the other party to take all three of his NFTs for nothing in return. Armijo alleges that although he quickly realized he'd been phished, he was not able to get OpenSea or LooksRare to freeze sales of the stolen NFTs, and they were flipped for resale within days.
Armijo alleges that OpenSea and LooksRare have "utterly failed to protect consumers or do anything to disincentivize or stop the thefts" because they profit from each trade on their platform. He has also named the company behind the Apes NFTs, Yuga Labs, in his lawsuit, stating that they have not done enough to disincentivize theft by failing to "monitor its proprietary and exclusive ape community by denying entry to individuals whose access is predicated on a stolen BAYC NFT". Once again, my heart goes out to the judge hearing this case.
In terms of damages, Armijo states he has been "deprived not only of the significant monetary value of the NFTs he owned, but also [has been] strip[ped] of his membership in the BAYC community and the commercialization rights he possessed in his underlying Bored Ape and Mutant Ape images", and as such is seeking damages "in no event less than $6 million". Interestingly, the name Robert Armijo also appears as a defendant in SEC charges from June 2021, where the individual is alleged to have unlawfully sold securities managed by an organization also alleged by the SEC to be a Ponzi scheme. It's not immediately clear if this is the same person, or someone who shares a name.
- Armijo v. Ozone Networks, Inc. d/b/a Opensea, CourtListener
- "SEC Charges Additional Unregistered Brokers Who Sold EquiAlt Securities to Retail Investors", U.S. Securities and Exchange Commission
- "SEC sues La Mesa financial adviser over selling investments linked to a Ponzi scheme", The San Diego Union-Tribune
All "iloveponzi"'s apes gone! Veteran hacker makes $700,000 stealing and flipping big name NFTs
NFT collecter "iloveponzi", aka Larry Lawliet, apparently authorized what he thought was a legitimate application to access his NFT wallet. Unfortunately for him, he had actually authorized another person to transfer all his NFTs: one Bored Ape, five Mutant Apes, and one Doodle. The hack, which affected iloveponzi and several others, was made possible after the Discord for the "Moshi Mochi" NFT project was compromised, and the attacker sent out an "official announcement" for a final round of NFT minting that actually enabled them to steal NFTs. The attacker then flipped the NFTs for a total profit of a little less than $700,000. Iloveponzi said they believed that the attacker could've sold the NFTs for millions (though they admittedly have a vested interest in the NFTs sounding valuable). Iloveponzi also said they believe the hacker just sold quickly and cheaply to try to beat OpenSea freezing the NFTs, which OpenSea did later do. The hacker appears to be an old hand at shady NFT dealings — although they netted "only" $700,000 from this scam, the wallet used has moved around 600 ETH in total (worth around $1.5 million) through the cryptocurrency tumbler Tornado Cash. Slightly over a month earlier, iloveponzi reported that another of their Bored Apes had been stolen, "because of some coincidences and my carelessness".