This Bored Ape Yacht Club Member's Wallet Was Hacked. Find Out Ways To Protect Your NFTs Here:
Updated: Feb 8, 2022
Notable Bored Ape Yacht Club member Friesframe woke up to a flurry of notifications alerting him that his wallet had been hacked.
“woke up this morning to frantic phone calls from people trying to warn me about the hack,” Friesframe told the Bored Ape Gazette.
Friesframe does not know how his hot wallet was compromised. But he does know that the hacker sold one of his bored apes, Bored Ape #5977, and several other NFTs. Thankfully for Friesframe, this wasn’t his only wallet.
“luckily I had moved some stuff to cold storage was hoping to wait for lower gas to transfer more,” Friesframe said.
Since the hack, Friesframe’s account has been labeled as possibly compromised by Opensea.
While these kinds of situations are terrible for those involved, they can also teach the community at large valuable lessons about crypto safety.
“I would tell folks to not only buy a ledger but keep assets in multiple secure cold wallets - even though my cold storage is safe currently now I’m thinking I might buy a few more just to split it up a bit just in case,” Friesframe said. “the only reason I was saved a little here was using cold storage and multiple wallets.”
Along with his message about using cold wallets, Friesframe also recommends NFT collectors just pay the gas fees and move their items out of their hot wallets. “Also, don’t try to time the gas.Paying a couple hundred is far better than losing over 500k in assets.”
The Bored Ape Gazette previously interviewed BAYC member RDM_41 and spoke to him about ways apes can keep their NFTs safe. Check out the full interview below:
1.What’s the number one threat to apes accounts?
“The number one threat in my opinion is email links. Email is the largest global security risk the corporations face and the BAYC will be no different."
2. How can apes protect themselves?
RDM_41: “Apes can protect themselves by reading their emails from a device that is not connected to a browser with MetaMask installed. I know this is inconvenient, but all good security is inconvenient.”
3. What are some cold/ hot wallet options for apes that are concerned about safety?
RDM_41: "The absolute best wallets in my opinion are multi sig, social recovery smart contract wallets. Gas in smart contract wallets cost more but it is worth it in my opinion. If you’re going with a hardware/cold wallet then I would go with Trezor. But absolutely only ever buy it from the legit company website. Any 3rd party sale is likely to have security issues including preloaded scripts on the wallet, exposure of private keys, etc."
4. Is metamask a safe place to store your ape and nfts? If not where should apes store things?
RDM_41: “Yes MetaMask is safe to the extent you pay attention and you are safe. These MetaMask looking signature links are very scary to me. There are going to be so many normal people that would fall for this. Hackers have mainly targeted high end individuals with this so it must be a time consuming hack to pull off but it’s a very scary one to me. Always need to pay close attention when signing a MetaMask transaction. Ultimately yes MetaMask is safe, but the analogy I would use is MetaMask is a vehicle & like a vehicle in real life if you don’t pay attention you can get hurt & you might blame MetaMask but the truth is you were the security vulnerability not MetaMask.”
5. I’ve been told lots of apes do everything on their iPhone. Is metamask on an iPhone safe? How specially can apes protect themselves while on their phone?
RDM_41: "MetaMask on the phone is safe. Apes may feel more safe on the iPhone because they are in the Apple ecosystem which is much less prone to security issues. Another reason mobile works well is downloading & running executable files (like the one that got fvckvender) is much more difficult. Also as far as how apes can protect themselves on the phone using MM, don’t click links you are unsure of, don’t use MM on the same phone/device/computer that you use your email on, & consistently disconnect from unused sites that your MM wallet is connected to."
6.When you say don’t use email and Metamask on the same device, does that just mean not using email in MetaMask browser or not using any type of email app on the same phone as your metamask?
RDM_41: "Not using any type of email app on the phone that you also use MetaMask on. Also it would be way worse to use email in the MM browser than just use an email app on the phone but both are potential security vulnerabilities. Absolute most security is to avoid email at all costs due to phishing scam links that happen often. It’s a much bigger problem on a desktop which is another reason apes might prefer mobile, but honestly another concern on mobile is using android. There are plenty of fraud apps in the google play App Store vs the iPhone App Store is much more secure."
7. How would you recommend apes keep their seed phrase safe?
RDM_41: "Seed phrase is a tough one, lots of good ways to do it, I’m not a fan of paper, much more a fan of something like https://simbit.com. I have something similar to this at my house. The one tip here would be don’t ever order one of these devices from a website that makes you put in your private keys to the website. You should order a kit and build out the private keys yourself. They will send a full kit with multiple copies of the alphabet on sheets of metal for you to ouch yourself and build the private key storage device with your private keys."
Do you have any other tips?
RDM_41: "One thing you didn’t mention is running at least two wallets is a good plan as well. One multi sig smart contract wallet to hold long term hold funds & MetaMask for NFTs and small amount of liquidity.