Why it matters: The creator of the most recognizable NFTs available is again in the news for the wrong reasons. Bored Ape Yacht Club creator Yuga Labs recently made its Otherdeed collection available for purchase. It advertised the NFTs as a way to provide users with the ability to obtain land in its upcoming crypto-based MMORPG. Unfortunately, many fans instead walked away with nothing but disappointment, high transaction fees, and stolen funds.
Yuga Labs sold Otherdeed NFTs via Opensea. The collection sold (or at least tried to sell) tokens to claim real estate and resources in Yuga’s upcoming metaverse game, Otherside. The NFT drop netted approximately $310 million in just a few short hours.
Unfortunately for Yuga Labs, the sale generated far more traffic than expected on the Ethereum blockchain. This increase in traffic resulted in Ethereum gas fees of up to $14,000 for some users and failed transactions for others. Gas fees are charges passed on to users to compensate for the computing energy of processing Ethereum transactions.
To make matters worse, some who experienced failed purchases were still charged for the energy costs. According to Crypto Briefing, users paid $165 million in gas fees during the sale due to Otherside’s poorly developed smart contract code.
Smart contracts are a feature of Ethereum’s ERC-20 token and the bread and butter of Ethereum-based applications. The contracts are small programs stored on the Ethereum blockchain that execute automatically at a specified time. The contracts require no input or action from a third party. Instead, they initiate action between two entities when all pre-defined criteria are met and the transaction has been validated across the Ethereum network. In this case, the poorly developed smart contracts and their ill-defined execution criteria resulted in massive congestion and high transaction fees across the Ethereum network.
But what good story about NFTs is complete without scammers trying to take their cut of the action? In addition to the technical challenges and outrageous transaction fees, some NFT collectors were drawn in and taken advantage of by phishing attacks via fraudulent sites offering gas refunds and additional NFT minting opportunities. Many scammers required users to register and connect their wallets for a full gas refund and access an Otherside Lands raffle list, leaving their assets vulnerable to unintended access.
The attack resulted in millions of dollars in NFTs being stolen and sent to scammer’s wallets. ZachXBT, a self-proclaimed crypto “rug pull” (scam) survivor and on-chain transaction investigator, has identified several fraudulent sites and wallet addresses, one of which appears to have earned more than $5 million from unsuspecting users.
We have refunded gas fees to everyone who made a transaction that failed due to network conditions caused by the mint. The fees have been sent back to the wallets used for the initial transaction. Here’s how to find your refund… 🧵
— Yuga Labs (@yugalabs) May 4, 2022
This week, Yuga Labs stated that they’ve started returning gas fees to users who initiated transactions that failed due to network conditions caused by the NFT minting event. While the move may make some attempted investors whole again, users who fell victim to the phishing scam are out of luck (and whatever funds they lost).
That hack is by no means the first targeting NFTs or the Bored Ape Yacht Club itself. In April, the company’s social media accounts were hijacked and populated with fraudulent land minting event links. The hack resulted in millions of dollars in NFTs being transferred from user wallets to the hacker’s wallets.
The volatility and potential for quick financial windfall make NFTs and crypto an attractive option for many who may not understand the underlying technology. Unfortunately, this creates a target-rich environment for hackers looking for unsuspecting victims. With no third party involved, users have an increased responsibility to stay vigilant and protect their information and assets.