The long-term security and reliability of decentralized systems in the metaverse have long been a subject of debate as to whether or not it is safe to invest so much in non-fungible tokens (NFTs). The greatest fear of investors and digital art enthusiasts did come to pass, and gallery owner Told Kramer became a victim of a phishing scam, draining his Ethereum wallet of 15 NFTs, which is equivalent to $2.2 million. His loss included four apes from the Bored Ape Yacht Club, one of the most popular NFT communities in the metaverse today.
On December 30, Kramer of New York’s Ross + Kramer Gallery posted a tweet saying, “I have been hacked. All my apes are gone. This just sold. Please help me.” Unfortunately, whoever hacked his account managed to sell off many of the tokens in his personal collection.
Twitterverse was abuzz with several opinions on Kramer’s misfortune, some of whom blamed him for investing in an unregulated system that has no ability to help him. As it turns out, some NFT investors and the OpenSea platform itself assisted Kramer in his dilemma. With their help and intervention, Kramer was able to retrieve some of his NFTs. Five hours after his original tweet, he posted, “Update. All Apes are frozen. Waiting for the OpenSea team to get in. Lessons learned. Use a hard wallet,” the gallery owner shared.
The involvement of OpenSea, however, triggered an uproar online as some people alleged that NFTs could not be fully decentralized after all if the platform was able to freeze some tokens, making them unsellable. There were quite a number of crypto enthusiasts, however, who pointed out that OpenSea only froze Kramer’s ability to interact with the NFT in a single site. In reality, the tokens can still be sold and bought on another platform.
“We take theft seriously and have policies in place to meet our obligations to the community and deter theft in the wider ecosystem,” explained an OpenSea representative in an email. “OpenSea is a blockchain explorer, meaning our goal is to provide the most comprehensive view into NFTs across different blockchains. We do not have the power to freeze or delist NFTs that exist on these blockchains, however, we do disable the ability to use OpenSea to buy or sell stolen items. Since this issue emerged, we’ve built security tools and processes to combat theft on OpenSea. We are actively expanding our efforts across customer support, trust and safety, and site integrity so we can move faster to protect and empower our users.”
With the increase in the value of NFTs over the last few years, phishing scams also increased in number. It is highly recommended that investors and crypto enthusiasts shift to using the hard wallet or cold wallet, which is a physical wallet that is only activated when plugged into a device and engaged. Kramer was using what is called a hot wallet, which remains connected to the internet even when the user has already logged out. This poses a potential threat that makes any e-wallet vulnerable.
Kramer has not released an official statement regarding his predicament to the press to date.