After a year of numerous hacks and frauds on the NFT platform OpenSea, plaintiffs who lost access to their Bored Ape Yacht Club NFTs have filed three different cases against the corporation.
Timmy McKimmy of Texas and Michael Valise of New York claim to have lost Bored Apes in a hack that took advantage of an OpenSea security flaw. Robert Armijo of Nevada says that he lost his Apes as a result of a social engineering attack that he believes OpenSea’s incompetence failed to prevent.
Despite the fact that McKimmy’s NFT was not advertised for sale, OpenSea requires users to connect a wallet so that others can view what NFTs are in the wallet and make bids on unlisted NFTs.
Ash Tadghighi, McKimmy’s lawyer, said,
“Exploiting a security vulnerability, the hacker made an offer, hacked the code, and accepted the offer on behalf of Mr. McKimmy. So he basically sold it to himself and within the hour sold it to another user.”
The hacker sold the NFT to themselves for 0.01 ETH and then sold it to the user for 99 ETH, according to publicly available transaction data, after which the wallet used to perform these transactions vanished.
The case is “the first of its kind,” according to Tadghighi, who became acquainted with the crypto and NFT sphere after assisting certain inventors with copyrights. According to him, there hasn’t been anything like this before.
Following the public disclosure of this case, Tadghighi and his colleague Andrew Dao were bombarded with requests for legal assistance about missing assets.
In the end, Tadghighi and Dao chose to defend Michael Valise, the owner of Bored Ape #8858, who was allegedly hacked via a security flaw, according to the lawyers. The hacker sold Valise’s NFT to himself for 24.89 ETH on January 26 (before the McKimmy hack) and then promptly resold it for 92.9 ETH.
Valise and McKimmy are suing for negligence, claiming that it caused them to lose not only valuable NFTs but also the opportunity to profit from owning Bored Apes.
BAYC just announced the launch of ApeCoin, its cryptocurrency. Holders were first in line to claim coins, however, McKimmy and Valise were unable to do so due to the theft of their assets. Tadghighi and Dao argue that OpenSea continued to operate while being aware of security issues that were hurting users who had followed OpenSea’s instructions to the letter.
The case of Robert Armijo is quite different. In a social engineering hack, Armijo lost Bored Ape #4329 and two Mutant Bored Apes, #1819 and #7713.
Armijo used the Cool Cats Discord chat room to discuss trading one of his Mutant Bored Apes for a couple of Cool Cat NFTs. They began speaking about how to trade their assets once a member responded.
According to court documents, Armijo recommended a website, and the user emailed him a link to it, claiming to have already submitted their NFTs. Aramijo only needed to upload his. Aramijo followed the link, which turned out to be a fake. His wallet was emptied, containing his two Mutant Apes and his Bored Ape, as well as some cryptocurrency.