Introduction

When he played Oz on Buffy the Vampire Slayer, Seth Green had a knack for navigating computers. Whatever cyber-skills he picked up from the role and in his real life since, they couldn’t save him less than two weeks into May, when he became the target of a phishing scam. Four NFTs that he owned were stolen, but those lost expenses are just where his trouble began.

This is a rare, real-time example of how phishing scams can go after individuals just as easily as businesses. It’s also an opportunity to see how these attacks happen, why people fall for it and what can happen if you get caught in a trap. Seth Green got phished, and it could happen to you too.

The Background

OpenSea lauds itself proudly as the “world’s first and largest digital marketplace for crypto collectibles and non-fungible tokens (NFTs).” It’s had its own cyber-threat scares lately: Back in February, a rash of overnight attacks racked up $1.7M worth of stolen tokens. Although only 32 users were initially suspected to have been affected, the number was later reduced down to 17. The other fifteen had been misattributed after interacting with hackers, but they did not lose any funds. This attack puts into perspective how high NFTs can be valued and just how much there is to lose in cyber-scams, particularly when digital currency is involved.

That attack put a lot of people on edge. Then in mid-May, more fuel got added to the fire:

An attack on a public figure like Green only draws attention to how anyone could become the target of a cyber-scam. In this case, the hack stole a Doodle, two Mutant Apes and a Bored Ape. The last three are all products of the Bored Ape Yacht Club.

Bored Ape is a collection of NFTs whose prices vary depending on the “rareness” of that ape’s traits (fur color, certain accessories, etc.) but are valued at around a half million dollars. They run on the Ethereum blockchain, but the actor didn’t just lose bitcoin in this attack.

What Happened?

White Horse Tavern is – maybe was – the name of Seth Green’s brand new show, set to premiere in 2022. It featured a walking, talking ape, played by Green, that interacted with real-live actors and other NFT cartoons alike. Unfortunately, this phishing scam cost him all copyright to the image that was used for Fred Simian’s likeness. That’s how NFTs work.

The phisher sold the stolen Bored Ape to somebody else, who now owns all usage rights to it. The new owner, under the same OpenSea and Twitter handle DarkWing84, could sell it back to Green…but they don’t have to. Legally, they paid for it and it’s their property.

What now? Well, that depends largely on DarkWing84. OpenSea is currently in litigation for similar phishing attacks that stole Bored Apes from other users. Green has publicly reached out on Twitter, pleading for the return of his stolen goods. This looks like it will come down to goodwill and direct communication with Fred’s new owner.

Conclusion

The worst part of this situation is that Green is reportedly careful, keeps his financials separate, and uses cybersecurity, but fell victim to a phony website anyway – and just look what happened. This just goes to show that you can be careful 9 days out of 10, but one misstep can leave you completely vulnerable and ultimately cost you thousands. It can even puts creative projects, which may have been in the works for a long time, on the line.

What is the lesson here? For one, you can never be too careful. Secondly, cybersecurity requires hypervigilance at all times. You can never invest too much in automated and top-of-the-line cybersecurity practices. Finally, when you play with high stakes like NFTs, you need to practice strong cybersecurity to safeguard your assets no matter what threat tries to break through.

References