In a twist reminiscent of a cybercrime thriller, cybersecurity researcher ZachXBT has revealed that law enforcement apprehended the wrong individual in connection with a 2022 theft of Bored Ape non-fungible tokens (NFTs) valued at over $1 million. In a post on May 9, ZachXBT detailed how the investigation led to the wrongful detention of Sam Curry, a former security researcher for Yuga Labs, the company behind the iconic Bored Ape Yacht Club collection.
The incident dates back to December 2022, when an anonymous hacker made off with 14 Bored Ape NFTs, each trading for approximately $86,000 at the time. ZachXBT claims that law enforcement mistakenly linked Curry to the theft after reviewing logs from OpenSea that included his home IP address. However, Curry’s involvement was purely professional; he had been investigating the theft as part of his role at Yuga Labs and had even interacted with a private key embedded in the hacker’s JavaScript.
ZachXBT, employing forensic tracing techniques—including the use of the Ethereum mixer Tornado—asserts he has identified a more credible suspect. He urged law enforcement to delve deeper into the social media accounts and on-chain transactions associated with this individual for a more accurate investigation.
As the Bored Ape Yacht Club continues to hold a significant place in the NFT market, with a collective market cap exceeding $300 million, this case underscores the complexities and challenges of digital asset security. The misstep in detaining Curry not only highlights the pitfalls of rapid investigations but also raises questions about the adequacy of current protocols in tracking down cybercriminals in the ever-evolving landscape of cryptocurrency.
