NBA Player Cole Anthony's Metamask Was Hacked. Find Out Tips To Keep Your NFTs Safe
Updated: Feb 8, 2022
NBA player Cole Anthony joined the Bored Ape Yacht Club and was hacked a day later.
“Finally got my hands on a @BoredApeYC #MutantApeYachtClub #290, Anthony tweeted yesterday morning along with a photo of his mutant ape.
Anthony’s mutant ape was Mutant Ape #290. Mutant Ape #290 is a six trait M1 red fur mutant with crazy eyes, a biker vest and a bored unshaven cigarette mouth. Anthony purchased Mutant Ape #290 for 10.75 Eth or roughly $43,000 USD.
Anthony’s membership in the BAYC was short lived as the NBA player’s Metamask was compromised.
“I have a serious problem someone hacked my opensea and MetaMask,” he tweeted.
In the hack, Mutant Ape #290 was sold for 8.4872 Eth to KJ_39 and sold 10 minutes later to ZyaNFT for 10.75 Eth.
“I need help y’all ya boy is down bad,” Anthony tweeted.
Since the hack, BAYC members have tried their best to help the NBA star and Opensea has labeled Anthony’s account as compromised.
These situations are very sad, but can also be an opportunity to remind the BAYC community about the importance of crypto security. The Bored Ape Gazette previously spoke with BAYC member RDM_41 about ways apes can keep their NFT's safe. Check out the Gazette's previous interview below:
1.What’s the number one threat to apes accounts?
“The number one threat in my opinion is email links. Email is the largest global security risk the corporations face and the BAYC will be no different."
2. How can apes protect themselves?
“Apes can protect themselves by reading their emails from a device that is not connected to a browser with MetaMask installed. I know this is inconvenient, but all good security is inconvenient.”
3. What are some cold/ hot wallet options for apes that are concerned about safety?
"The absolute best wallets in my opinion are multi sig, social recovery smart contract wallets. Gas in smart contract wallets cost more but it is worth it in my opinion. If you’re going with a hardware/cold wallet then I would go with Trezor. But absolutely only ever buy it from the legit company website. Any 3rd party sale is likely to have security issues including preloaded scripts on the wallet, exposure of private keys, etc."
4. Is metamask a safe place to store your ape and nfts? If not where should apes store things?
“Yes MetaMask is safe to the extent you pay attention and you are safe. These MetaMask looking signature links are very scary to me. There are going to be so many normal people that would fall for this. Hackers have mainly targeted high end individuals with this so it must be a time consuming hack to pull off but it’s a very scary one to me. Always need to pay close attention when signing a MetaMask transaction. Ultimately yes MetaMask is safe, but the analogy I would use is MetaMask is a vehicle & like a vehicle in real life if you don’t pay attention you can get hurt & you might blame MetaMask but the truth is you were the security vulnerability not MetaMask.”
5. I’ve been told lots of apes do everything on their iPhone. Is metamask on an iPhone safe? How specifically can apes protect themselves while on their phone?
"MetaMask on the phone is safe. Apes may feel more safe on the iPhone because they are in the Apple ecosystem which is much less prone to security issues. Another reason mobile works well is downloading & running executable files (like the one that got fvckvender) is much more difficult. Also as far as how apes can protect themselves on the phone using MM, don’t click links you are unsure of, don’t use MM on the same phone/device/computer that you use your email on, & consistently disconnect from unused sites that your MM wallet is connected to."
7.When you say don’t use email and Metamask on the same device, does that just mean not using email in MetaMask browser or not using any type of email app on the same phone as your metamask?
"Not using any type of email app on the phone that you also use MetaMask on. Also it would be way worse to use email in the MM browser than just use an email app on the phone but both are potential security vulnerabilities. Absolute most security is to avoid email at all costs due to phishing scam links that happen often. It’s a much bigger problem on a desktop which is another reason apes might prefer mobile, but honestly another concern on mobile is using android. There are plenty of fraud apps in the google play App Store vs the iPhone App Store is much more secure."
6. How would you recommend apes keep their seed phrase safe?
"Seed phrase is a tough one, lots of good ways to do it, I’m not a fan of paper, much more a fan of something like https://simbit.com. I have something similar to this at my house. The one tip here would be don’t ever order one of these devices from a website that makes you put in your private keys to the website. You should order a kit and build out the private keys yourself. They will send a full kit with multiple copies of the alphabet on sheets of metal for you to ouch yourself and build the private key storage device with your private keys."
Do you have any other tips?
"One thing you didn’t mention is running at least two wallets is a good plan as well. One multi sig smart contract wallet to hold long term hold funds & MetaMask for NFTs and small amount of liquidity.