Ape Theft Is an Expensive Way to Learn About Crypto’s Security Philosophy

People are losing their valuable NFTs to scams. Should platforms be held responsible?

AccessTimeIconJan 3, 2022 at 9:14 p.m. UTC
Updated May 11, 2023 at 4:54 p.m. UTC
AccessTimeIconJan 3, 2022 at 9:14 p.m. UTCUpdated May 11, 2023 at 4:54 p.m. UTCLayer 2
AccessTimeIconJan 3, 2022 at 9:14 p.m. UTCUpdated May 11, 2023 at 4:54 p.m. UTCLayer 2

Last week, an NFT trader named Todd Kramer made a simple plea on Twitter.

“I been hacked,” he wrote. “All my apes gone. This just sold please help me.”

Kramer was referring to his cache of Bored Ape Yacht Club NFTs (non-fungible tokens) – now the single most valuable franchise of crypto collectibles. They’ll run you about $276,000, at the cheapest, and Kramer had eight of them, along with seven from a spin-off collection called the Mutant Ape Yacht Club, before his tokens were siphoned away in a phishing scam.

Almost immediately, Kramer’s “apes gone” post went viral.

This article is excerpted from The Node, CoinDesk’s daily roundup of the most pivotal stories in blockchain and crypto news. You can subscribe to get the full newsletter here.

NFTs already have a terrible reputation among the non-crypto crowd (which is to say, most people), thanks to their fraught relationship with the concept of “digital property rights” and the environmental impact of proof-of-work blockchains like Ethereum. More than a few brands have reneged on planned NFT drops after facing intense backlash on social media.

And while it’s not exactly surprising that the anti-NFT crowd would find a little schadenfreude in Kramer’s tweet, what’s more so is that crypto’s true believers – the kinds of people who are already immersed in NFTs – were equally derisive.

That’s because the culture of crypto places an outsize emphasis on personal responsibility. One of the nice things about banks and other centralized financial institutions is that they’re required to take certain steps to protect your money. Those protections can come in the form of deposit insurance and fraud protection, but also little security features like “forgotten password” mechanisms.

So-called “unhosted” crypto wallets like MetaMask ask users to keep track of their own private keys; if you lose them, there’s no way of getting them back. “Not your keys, not your coins,” goes one longtime crypto mantra.

There’s something inherently silly about having a significant chunk of your net worth (Kramer claims it was around $2.2 million) tied up in illiquid JPEG files. But for me, the “apes gone” controversy mostly speaks to a kind of widespread hypocrisy in the NFT market.

The billionaire Mark Cuban, who spent the first half of last year breathlessly championing DeFi (“decentralized finance”) programs and pumping his crypto investments in appearances on major TV news networks, made a similar plea last summer after some of his holdings went to zero. In a statement to Bloomberg, Cuban explicitly called for greater regulation of the crypto space. He was a lot quieter in the second half of the year.

Consumer protection laws, though they’re never perfectly conceived or enforced, exist for a reason. Saturated, unregulated markets like crypto are natural targets for scammers, and even the savviest traders can lose millions with a stray click.

OpenSea, the largest NFT marketplace, was able to halt trading on the stolen assets and flag them as having been involved in a scam. But because OpenSea is mostly just a front-end trading interface, and Bored Ape Yacht Club NFTs are hosted on the Ethereum blockchain, the company couldn’t actually return any of the tokens.

He did get some of them back, though. And ironically, the Twitter users dunking on Kramer may have played a crucial role, amplifying Kramer’s plea and rallying members of the Bored Ape community to help retrieve the tokens.

Kramer isn’t the first trader to lose his Bored Apes to a phishing scam. Another NFT enthusiast, Calvin Becerra, made a similar splash on Twitter after losing three tokens in November. He even wrote a note to the apes’ captors, asking to work out a deal for their safe return (he also listed the note as an NFT, naturally).

Accepting decentralized infrastructure means accepting these risks. If you’re going to advocate for a new, independent financial system – one without regulation, fraud protections and many of the other safeguards that help people hang onto their money – then there’s no point in appealing to centralized mediators when the system starts to work against you.

Learn more about Consensus 2024, CoinDesk's longest-running and most influential event that brings together all sides of crypto, blockchain and Web3. Head to consensus.coindesk.com to register and buy your pass now.


Please note that our privacy policy, terms of use, cookies, and do not sell my personal information has been updated.

CoinDesk is an award-winning media outlet that covers the cryptocurrency industry. Its journalists abide by a strict set of editorial policies. In November 2023, CoinDesk was acquired by the Bullish group, owner of Bullish, a regulated, digital assets exchange. The Bullish group is majority-owned by Block.one; both companies have interests in a variety of blockchain and digital asset businesses and significant holdings of digital assets, including bitcoin. CoinDesk operates as an independent subsidiary with an editorial committee to protect journalistic independence. CoinDesk employees, including journalists, may receive options in the Bullish group as part of their compensation.

Will Gottsegen

Will Gottsegen was CoinDesk's media and culture reporter.