This week has been a complicated one for the Bored Ape Yacht Club brand. Millions of dollars worth of NFTs were stolen when their Instagram account was hacked, but they also had a successful launch of a new collection of NFTs. In fact, the launch was so successful that it affected the Ethereum blockchain.
What is Bored Ape Yacht Club?
Bored Ape Yacht Club is one of the more successful, and pricier, NFT collections on the internet. While these NFTs are popular and successful, they are also controversial. The artwork is generated programmatically, meaning that there is no true artist involved in the process. Instead, they are procedurally generated based on random values applied to over 170 traits. Most are artistically uninteresting, but that does not limit the value of the NFTs.
These NFTs cost 0.08 Ethereum, which at the time of writing was about $225. In addition to the bizarre artwork itself, this price gives you access to the Yacht Club, a virtual environment. Currently, the only member-only area is called THE BATHROOM, which is basically a middle school bathroom where you can find and add your own graffiti. The point of this is still questionable, but the popularity is not.
A hacker hits the community
Because of the popularity of the collection and the general confusion over exactly what an NFT is, a hacker was able to steal a bunch of these NFTs from their owners. This was accomplished simply by hacking into the Bored Ape Yacht Club Instagram account. The hacker, after gaining access to the social media account posted a link promising a gift to those who followed it.
Many users followed the link, attached their Ethereum wallets, and immediately lost their NFTs. Users lost millions of dollars worth of NFTs (according to their last sale price). This was possible because the link was obvious not connected to the Bored Ape Yacht Club platform. This was accomplished because of a public statement from the company, which states on its website,
Note: Thirty apes are being withheld from the sale. These will be used for giveaways, puzzle rewards-and for the creators' BAYC memberships.
This disclaimer makes it clear that the company is willing to give some away for free for certain promotions. Some users thought this was one of those promotions. It's important to note that if this was an actual promotion from the company, you would not need to connect your wallet to the platform to receive the gift, as they already know who you are because you already own one.
A new sale breaks the blockchain
Another reason why owners thought the hack could be real is because the company was active once again. The company's expansion of its Yacht Club, called Otherside, put up virtual land for sale. The 100,000 "land deeds" were offered up on the Ethereum blockchain, and the sale brought the chain to its knees.
Users trying to buy land were hit with failed transactions, which came along with failed transaction fees. This is similar to what happens if you write a bad check from your bank - both the bank and the recipient are likely to charge you for the inconvenience of dealing with a bad check. More importantly, the land rush caused the entire blockchain to become essentially unusable for hours. This is because the system was unable to distribute the immense workload to enough systems to keep the operations running.
Clearly, this presents a clear issue with the concept of distributed computing - particularly when financial interests are involved. It seems to work well when loads are low, but when you really need it, the entire ecosystem could come crashing down. By allowing others to build on top of a system like this, it means that the system's performance can be negatively affected, or even halted, because of outside forces. An intrepid attacker could literally halt an entire financial ecosystem by building a false system on Ethereum and then essentially DDoSing the network with transactions for nothing.
This is not to say that it is a bad idea, but there are aspects of the technology that have simply been ignored in an attempt to get people to adopt the technology.