Maybe when a celebrity takes a hit, his millions of fans will start spreading word of the volatility of crypto assets…
Although people tread April Fools’ day cautiously and expect every adverse statement as a joke—just in case—sometimes we really wish a piece of extreme bad news is really just a joke.
That is what happened when singer-songwriter Jay Chou was informed that the US$500,000 non-fungible token he owned had been stolen from right under his nose (or in this case, fingertips)!
The Bored Ape NFT, a work from the Bored Ape Yacht Club, was a gift to Chou and it is considered “one of the world’s most valuable collections” in some circles.
According to a cybersecurity expert, the attacker in this incident had run a phishing website and this had tricked Chou to submit a ‘SetApprovalForAll’ request that subsequently granted the attacker full access to Chou BoardAppeNFT’s 3738 NFT. This transaction can be seen here: https://etherscan.io/tx/0xb8a5c47dad2637b98b09e4cf97d2b7ff2ee08e344af70ae4cf2ba0e725651bb0.
Said Oded Vanunu, Head of Products Vulnerability, Check Point Software Technologies: “After Chou inadvertently submitted the request and granted the attacker access, the attacker then transferred the NFT to his wallet, and later sold the NFT on the marketplace LooksRare for 155ETH, roughly worth US$520,000 at the time.”
The cyber expert advises NFT users to acquaint themselves with the various wallet requests: some of them are used just to connect the wallet, while others may provide full access to NFTs and crypto funds.
“Users should protect from the flash loan by verifying that the Ape holder holds it for at least more than a day as doing so this way would not enable the attacker to borrow an Ape, redeem the tokens and return them in the same transaction,” Vanunu explained.
This NFT-phishing incident is just another one of many recent high profile cyber thefts involving the loss of hundreds of millions of dollars and many punters’ life savings. NFT-investors beware!