You’d think that phishing attacks merely focus on a careless consumer clicking on a link in Facebook or an email. Sometimes, though, the best informed techie can get scammed, with far-reaching consequences.
Actor Seth Green has lately been promoting a new television show called White Horse Tavern, which combines animation with live performers. It sounds like an original idea–use a Bored Ape to represent “your friendly neighborhood bartender” as Green put it, in a world where “it doesn’t matter what you look like—what only matters is your attitude.”
Green had just put the finishing touches to a trailer and things were running smoothly until he hit a roadblock. More like a wall. Green found himself in the strange position of no longer being the owner of Bored Ape Yacht Club #8398, the roughly 10,000 unique Bored Ape NFTs, meaning he could no longer continue production.
The liquidity of tokens
Now, Green is a relatively tech-savvy businessman—tech-savvy enough to understand what NFTs are, what the blockchain is, and how these can be used in today’s showbiz environment. He had obtained the Ape and its commercial rights legally, and he couldn’t remember selling Bored Ape #8398. So what happened? Green was apparently the victim of a sophisticated phishing scam that ended with four of his NFTs stolen by hackers.
Let’s backtrack: An NFT, or Non-Fungible Token, is a financial security or the equivalent in the form of digital data that is stored in the blockchain. The blockchain (for those of our readers who are afraid to ask) is, in very broad terms, a digital ledger, or online recording of ownership that exists simultaneously in several computers—usually using an environment referred to as Ethereum. Ownership (though not necessarily of intellectual property) of an image, for example, can then be transferred or traded through the blockchain, which acts as an online registrar (somewhat like a land-registry that records the ownership of a property, regardless of whose name appears on the letterbox).
An interesting example of NFTs is the Gutter Cat Gang—a set of 3,000 animal NFTs, each owned by members of an online social club. NFTs of street cats and other animals can serve as the basis for membership in a community that may hold both online and live events. Earlier, Green had joined one such group, the Bored Ape Yacht Club, in order to purchase his Bored Ape NFT. He then approached another group, Gutter, for additional character NFTs owned by members of the Gutter Cat Gang. Instead he was taken to a scam (copycat) site where his Bored Ape NFTs were unknowingly removed from his digital wallet—just one more victim to fall prey to phishing hackers..
Green posted on Twitter, “I’m crazy careful with separate wallets and security but still got got.”
Hacking away at the ‘system’
This may seem unfair, and Green can try to take the new owner of Bored Ape #8398 to court. There are not a lot of legal precedents for NFTs, so it’s unclear whether Green would prevail or the new owner. Would the courts consider the Bored Ape Yacht Club’s terms and conditions as binding or would they apply New York State law?
A court battle is often a waste of time and money and doesn’t guarantee a victory. For now, Green is trying to utilize his public image to apply pressure to OpenSea and DarkWing84 to return the NFT.
From Green’s story, the lesson is that even tech-savvy celebrities can get phished. Hackers are getting incredibly sophisticated at their phishing activities—primarily making fake sites look real, and these fake sites are so easy to generate, that tens of thousands appear online each day. The only way to protect yourself is with a browser extension that scans sites in real-time.