My Apes Are Gone - Lessons From Runaway Apes

Todd Kramer, the owner of Ross + Kramer Gallery, was reported to have tweeted on December 30, 2021 to seek help: "I have been hacked. All my apes gone. This just sold please help me,"

According to the news, Mr. Kramer's Ethereum wallet was breached by a phishing scam, through which the hacker was able to steal a total of 15 NFTs that were worth $2.2 million in aggregate, including four NFTs from the well-known "Bored Ape Yacht Club" collection. It was said that the hacker had sold several stolen pieces shortly after the breach, but Mr. Kramer, with help from OpenSea (the involved NFT marketplace) and other bona fide buyers of the stolen NFTs, was able to retrieve some of the pieces afterwards. Five hours from the first tweet indicating "all apes are gone", Mr. Kramer shared an update in his second tweet: "All Apes are frozen… lessons learned. Use a hard wallet".

While it is good news that Mr. Kramer was able to track down and regain some of the stolen NFTs, what we can all learn from this incident, as suggested by Mr. Kramer's tweet, is that using a hard wallet (also called a "cold wallet") could sometimes offer more protection to one's NFT collection.

In general, a wallet used to store NFTs can be categorized as a "hot wallet" or a "cold wallet". The hot wallet is the primary storing method for NFT collectors because "it is accessible online and is always connected to the internet and blockchain network", and it also becomes the default storing method for NFT collectors because NFT marketplaces or cryptocurrency exchanges usually provide their users with a hot wallet when such users register for services. In short, a hot wallet is just like an online bank account- it is always connected, ready and accessible, but is exposed to the risk of being breached and compromised due to its 24/7 connection to network. It is thus not uncommon to hear the news of a hot wallet breach in the blockchain world.

A cold wallet, on the other hand, is like a safe, maintained and insulated in a secured location. It is essentially a flash drive that keeps NFTs or cryptocurrency completely offline and functions like any other flash drive, by storing files transferred from a computer, except that the cold wallet is specifically designed to store NFTs and cryptocurrency. Because a cold wallet would require users to connect it to a device (e.g., a laptop) before the digital assets stored therein can be accessed, it is less exposed to the risk of being breached and compromised and thus offers more protection for digital assets.

All that being said, a cold wallet is not 100% safe because it may still be subject to certain risk, such as loss of private key and coordinated scams. When NFTs or cryptocurrencies are lost due to unlawful schemes, a few people might resort to forensic services for help, but in most cases it would turn out to be the wild west for victims, who are not sure what to do or whom to sue. It is worth observing how conventional legal remedies would be available for cases like this. In the meantime, do not forget to adopt adequate measures to protect your Apes, CryptoPunks, Cool Cats or other NFTs.