Text | Yang Xiaohan
Edit | Lin Yixin
On April 1, Jay Chou posted on social media that his boring ape NFT had been stolen by a phishing website. "I thought I was joking about April Fool's Day, but I went to check it out and it was really gone..."
Boring Ape is one of the hottest NFTs in the world, and the cheapest series of items on the whole network has reached 108 Ether, equivalent to $350,000. Jay Chou's stolen boring ape was previously traded at 130 ether on the NFT trading platform LooksRare, which is about equal to $420,000.
You know, when the Boring Ape project first went live last April, these various ape images sold for only about $200 each (because the transaction was paid for in Ether). That said, even the cheapest boring ape has skyrocketed by 1749% in less than a year.
The huge speculative space of the NFT not only attracts retail investors who are eager to get rich overnight, but also makes a group of daring scammers of the art elite shake their fists. Stories of sudden wealth are rare, and fraud and theft become the main theme of this unregulated trading activity.
Statistics show that recently, on the NFT trading platform OpenSea, 17 users were stolen from NFT assets in phishing attacks, involving a total value of about $1.7 million. According to a report released in February by third-party research firm Chainalysis, money from suspicious addresses in the NFT trading market has been soaring, with the amount of these suspicious transactions equivalent to $1 million in the third quarter of 2021, and further increasing to $1.4 million in the fourth quarter of 2021.
Hack the account before posting phishing information
After the theft, Jay Chou's OpenSea platform account appeared a red exclamation mark, prompting: the account may have been compromised. At present, there is no such number to search for this account on the OpenSea platform.
On Ethereum analytics platform Etherscan, the encrypted wallet address of Jay Chou's bored ape suspected of stealing it was also marked with a warning, "This address has been reported to have been used for phishing scams, and users should be vigilant when trading with this address." ”
OpenSea's trading records show that the boring ape that once belonged to Jay Chou was relegated three times in a row in the hours after it was stolen.
According to foreign media reports, on April 1, the chat community of a number of mainstream NFT projects was hacked to release phishing information to trick users into handing over their NFT collections, and the Boring Ape Project was one of the attacked projects. The Boring Ape Project's Twitter account also posted confirmation that phishing attacks did occur. Jay Chou may just be one of the players who were tricked into playing NFT in this massive phishing attack.
Media investigations show that the attack on multiple mainstream NFT projects involved two cryptocurrency wallet addresses, and the assets stolen by the phishing attack eventually flowed to an unusually active cryptocurrency wallet address. The wallet has a total of 1447 Ether ($5 million in contract), 6 million Tether ($6 million in contract), and a large number of other cryptocurrencies.
Similar phishing thefts have occurred more than once in the NFT community.
Just in January, the funds of its members of CityDao, a community blockchain city project on Ethereum, were stolen in a similar way: hackers stole the Discord accounts of key figures in the CityDao community and used this account to distribute links in a fake virtual way. In this way, the hackers managed to earn 29.67 ethers (about $100,000) in one day and continued to earn money.
Earlier, in October 2021, a 17-year-old hacker successfully stole 88 Ether from the CreatureToadz project in a similar way. However, it eventually returned the 88 ethers to its original owners to avoid leaking its identity information.
The project sponsor rolled up the money and ran away
In addition to the above-mentioned phishing stealing technology flow scam, this other common trick called "Rugpull" in the NFT circle is much simpler and more straightforward. As Rugpull literally said, the carpet was pulled up – the project party collected the money and rolled it up and left.
Recently, the U.S. Department of Justice notified an NFT Rugpull case that occurred in the local area.
According to the criminal complaint released by the court, in January this year, two suspects Ethan Nguyen and Andre Llacuna launched the NFT project Frosties, and within 48 minutes of the project going online, 88 NFTs were all sold out, and each NFT was sold for 0.04 ether, resulting in $1.1 million in the two suspects.
After about 3 hours of selling out, Ethan and Andre transferred all 356.56 Ether from Frosties' wallet address to their personally controlled wallet address, and the two did not give dividends to any investors who purchased the NFT.
Fortunately, the local authorities in the United States traced the IP addresses of the two people involved in the case and eventually arrested the two in Los Angeles. Before their arrest, the two were also preparing to launch another NFT fraud project, Embers. The project, which was originally scheduled to be released on March 26, was said to generate $1.5 million in revenue for the two men.
The two were eventually charged with fraud and money laundering.
According to the media GIZMODO, in the past March, investors were defrauded of more than $1.7 million because of Rugpull's scam. In January and February, investors lost $4 million and $8.5 million to the Rugpull scam.
Whether it is issuing coins or issuing NFTs, the fraud routines of these projects are the same: the project party first releases a certain amount of cryptocurrency or NFT, convinces investors to trust the project and invests in various advertising means, and after all the sales control, the project party runs away with money, and the project-related websites and social accounts are all emptied and cancelled, resulting in investors unable to recover losses.
Riches chances or being cut into traps?
In fact, even if it is not stolen or scammed, NFT is not an investment target that can easily make people rich.
Nandu Weekly interviewed an NFT player J in September last year. At that time, she bought an NFT for a project called Shiba Shabu for $800 worth of Ether. In addition, she has purchased two plots of land in a metaverse game called Ccrytovoxels, one of which has risen from $100 when it was originally bought to more than $4,000 last September.
J bought the Shiba Shabu NFT, which she used as her WeChat avatar
In early December, J sold one of the plots of land and netted $20,000 worth of Ether. Instead of cashing out the $20,000 directly, she continued to invest the ether in more and more different NFT projects.
At the time of writing, I contacted J again, and at this time J was completely devoid of the excitement and ease shown in the previous two exchanges.
"The rest of the land, all kinds of messy projects are basically covered, and NFTs are not the same as stocks, and projects will return to zero when they are stopped." Many projects cannot be carried out, and the NFTs of the projects have no liquidity, and they are likely to be stopped, so the risk is quite large. J said that the NFT market has performed dismal recently, and this market has been going on for several months, and she has no longer had much expectation of the market going higher, "I am a leek." ”
J's current WeChat avatar is also an NFT
Jay Chou said at the end of his post about his boring ape theft, "ShouldN't you ask your big brother (referring to Huang Licheng) for a more powerful (boring ape)." "Jay Chou obviously does not care about the loss caused by the theft of a small boring ape, after all, phanta Bear, the first joint NFT project launched by his brand PHANTACi, was sold out on the first day of launch, achieving 78 million Hong Kong dollars in revenue...
![The metaverse has not yet been warmed up, what is the ghost of Web3?[fig]](data:image/gif;base64,R0lGODlhAQABAIAAAP///wAAACwAAAAAAQABAAACAkQBADs=)