Yuga Labs has been struck by a phishing attack once again, with Bored Ape Yacht Club Non-Fungible Tokens (NFTs) stolen from the blockchain company's Discord server.
BYAC announced the theft through Twitter, though not before Twitter
However, for anyone who keeps current on blockchain developments, Yuga Labs being phished is becoming something of a recurring headline. In general, the NFT market is heavily rife with theft and fraud, contributing to the rapid cooling of the once white-hot market. However, while the instability and high risk of the token market is undoubtedly a significant concern, there is a concerning lack of solutions that undergirds the repetition of seemingly daily NFT thefts.
The recent hack shares striking similarities with the $1.7 million phishing attack that struck Bored Ape NFT holders in April, the recent theft of NFTs owned by Robot Chicken creator and actor Seth Green, and countless other hacks in the blockchain space. Attacks are either conducted using basic phishing methods to gain access to privileged accounts; following that, phishing links are circulated like in the recent hacks, or an inherent flaw in the project's coding is exploited to steal assets, such as OpenSea's $1.7 million breach in February. The shocking regularity in which hackers can repeatedly re-use the same tactics to steal crypto-assets reflects a concerning lack of security reform in the crypto-space.
The lack of security reforms, such as greater security oversight on the developer side, or improvements to code to close vulnerabilities, leaves the NFT market on a shaky foundation of legitimacy. While constant theft of assets is enough to make many question the value of non-fungible assets, the mentality of "code is law" could blow massive holes in the legitimacy of NFTs. By the virtues of "code is law," whomever the code of an NFT dictates as the owner is the owner, full stop; even if said owner is a thief, or in Seth Green's case, a customer who unknowingly bought a stolen asset.
Seth Green's efforts to recover his stolen NFT are the perfect example of the conundrum that NFTs are caught within. Green's efforts began with attempts to convince the buyer of the stolen asset to return it but have escalated to the actor seeking legal action against the thief (with the help of the recipient of the stolen Ape, according to rumors). A legal case that determines the ownership of the NFT does not seem to have any outcome that seems optimistic; if Green wins and regains ownership, he undermines "code is law" and the notion of NFTs as a form of ownership, if he loses, the precedent is set that code truly is law and theft isn't a factor in determining ownership.