The Story of Stolen CryptoPunk V1 1234

CryptoPunk V1 1234 was stolen from me in a scam. For you, I hope, the story will be educational and cautionary. For me, the story is also sad.

CryptoPunk V1 1234 is an NFT (non-fungible token). If you don’t know much about NFTs, or if you’d like to know more, I recommend reading about NFTs on the Ethereum Foundation website. It will help you understand this story better.

Basically, CryptoPunk V1 1234 is a work of digital art and associated data stored on the Ethereum blockchain. It is one of 10,000 unique CryptoPunk V1 NFTs (hereafter V1s). They are the original CryptoPunk NFTs that Larva Labs created in 2017.

After distributing the V1s, Larva Labs became aware of a bug in their code. So they created and distributed 10,000 more CryptoPunk V2 NFTs (hereafter V2s), using the same digital art and fixed code. Some V2s have since sold for millions of dollars. Today, the lowest asking price for a V2 is 63.95 ETH ($80,848.15).

In late 2021, someone figured out how to work around the V1 bug. Soon, people began trading V1s. Their prices were much lower than those for V2s. But, in early 2022, V1 prices began rising rapidly.

I’ve been investing in NFTs since January 2021. For the most part, the investments have been profitable. So, when the V1s came to my attention, I purchased CryptoPunk V1 5982 for 14.5 ETH ($38,992.53). About a week later, I sold it for 18.3358 ETH ($57,037.76).

Using some of the profit, I purchased CryptoPunk V1 1234 on 7 February 2022 for 14.995 ETH ($47,104.99). At the time, I wasn’t sure whether I would sell it soon or hold on to it for the long term. But three events occurred that ended up making that decision for me.

First, the largest NFT marketplace, OpenSea, delisted V1s. Apparently, Larva Labs was unhappy that people had begun trading V1s. So they sent a DMCA takedown notice to OpenSea. Although the legality of the DMCA was controversial, OpenSea complied.

Consequently, it became much harder to sell V1s. Yuga Labs eventually acquired the CryptoPunks IP from Larva Labs. And OpenSea eventually listed V1s again. But, by that time, there was another problem.

Second, the blockchain industry (like most other industries) descended into a bear market. Based on experience through multiple boom and bust cycles in blockchain investing, I was expecting a bear market. But I wasn’t expecting it so soon. Maybe the war in Ukraine accelerated it.

In any case, there was no longer a realistic possibility that I could sell CryptoPunk V1 1234 for a profit in the short term. I could sell it for a loss. Or I could hold on to it, perhaps at least until the next bull market. But, as it turns out, there was another problem.

Third, I was scammed.

The Scam

On 16 May 2022, I wasn’t at my best. On top of the usual daily challenges associated with running a startup business, the air conditioning in our home, where I work, was being repaired. And, most concerning, my son was in exploratory surgery, after months of intermittent severe gut pain and numerous inconclusive tests. Suffice it to say, I was unusually unfocused and emotionally fatigued when, late in the day, I saw a tweet from “adidas Originals.”

The tweet claimed that Adidas, the well-known sports brand, was offering NFT avatars. I was already aware that Adidas had initiated an NFT marketing campaign at the end of 2021. And my initial impression, from the tweet, was that Adidas was extending that campaign with a new offering. Because investments in the original Adidas NFT campaign had performed well, I was interested.

In hindsight, the tweet presented some red flags that I should have, and ordinarily probably would have, noticed and considered more carefully. For example, although the account that posted the tweet had thousands of followers, it was relatively new. And many, if not most, of the retweets and likes also came from relatively new accounts with few followers.

Despite those red flags, I clicked on the link in the tweet to check out the website. The website claimed that Adidas was giving away free NFT avatars to people who already possessed some other popular NFTs. All I had to do, apparently, was connect my NFT wallet to the website to verify that I possessed one of the popular NFTs, and then approve payment of a network fee to transfer a free NFT avatar to my wallet. I knew of legitimate NFT projects that had used similar marketing strategies to get traction.

But, again in hindsight, the website raised some red flags that I should have noticed. For example, its domain name (adidas-nft.claims) wasn’t the standard Adidas domain name. And Adidas had been using its standard domain name (adidas.com) for previous NFT marketing campaigns.

Despite more red flags, I connected my NFT wallet to the website. Then I clicked a button, purportedly to claim my free NFT avatar. The website asked me to approve a transaction, with permissions described in overly-broad terms that were yet another red flag that I should have noticed. But, not giving that sufficient attention, and thinking I was approving payment of a network fee, I approved a transaction.

Nothing appeared to happen. I thought the transaction may have failed. And I should have checked blockchain records to confirm. But instead, I clicked the button again and approved another transaction.

Nothing appeared to happen. That’s when my brain finally started working. The red flags came into focus. I felt a pit in my stomach, as I quickly navigated to check blockchain records.

At Etherscan, I saw two new blockchain records. The first record showed that I had indeed paid a network fee. But instead of receiving a free NFT avatar, I had actually been scammed into sending CryptoPunk V1 1234 from my wallet to an anonymous address. The second record showed that I had paid another network fee for a transaction that failed, presumably because the contract couldn’t find another popular NFT in my wallet to steal.

I wasn’t happy, to say the least. But I went to work immediately, taking two steps that I recommend to anyone else who may find themselves in a similar situation:

1. I used revoke.cash to revoke permissions on my NFT wallet. This would mitigate the risk of additional attempts to exploit permissions I had approved for my wallet.

2. I reported the theft to OpenSea. This would hinder some attempts to sell my stolen NFT.

Harold Espinosa

On 18 May 2022, I noticed that my stolen CryptoPunk V1 1234 had been transferred from the anonymous address to another address. The other address was associated with a profile on OpenSea. The profile name was “themiamiharold.” And the profile description was: “Digital Advertiser during the day Creator of all things during the night.”

That name and description matched information that I found elsewhere on the web for Harold Espinosa. His Twitter handle was “themiamiharold.” His LinkedIn profile described him as an “aspiring marketer,” living in the Fort Lauderdale area of Florida. And his website provided a contact form.

So I attempted to contact Harold via his website, informing him that he was in possession of my stolen property, and advising him that he should return it. I also tried to contact Harold via Twitter.

The next day, my stolen NFT was transferred from Harold’s address to another anonymous address. Then the anonymous address listed my stolen NFT for sale on OpenSea. This was possible because OpenSea had not yet acted on my theft report.

At this point, I decided to report the theft to Fort Lauderdale police. They directed me to report the theft to my local police department in Orem, Utah. And Orem PD directed me to report the theft to the FBI. So I ended up filing theft reports with all three agencies.

I repeated attempts to contact Harold via Twitter on 24 May 2022 and 7 June 2022. He responded via Twitter private message on 7 June 2022, commenting on the transfers of my stolen NFT to and from his address, as follows:

“It seems someone transferred it to my account somehow, and then transferred it out. Not sure how they were able to do that.”

Harold also commented on the timing of his response, as follows:

“And sorry for the late response. I sincerely thought I was being trolled until I actually checked. My apologies for that.”

Harold shared his email address with me. So I contacted him via email, sharing my FBI report. And I encouraged him to file an FBI report too. He did so, and shared with me the report, in which he described the incident as follows:

“My OpenSea account was somehow hacked and used as a medium for a fraud account.”

Shane Lavalette

On 19 May 2022, I noticed that my stolen CryptoPunk V1 1234 was sold by the second anonymous address for 4 WETH ($8,089.69) to another address, again associated with a profile on OpenSea. The profile name was “shanelavalette.” The profile description was: “Shane Lavalette is an artist in photography and books.” And the profile was linked to a Twitter profile with the same handle.

Shane’s websites described him as a “photographer,” whose “photographs have been shared widely.” And his work appeared to be available for sale as NFTs, as well as via traditional art channels. So I used an email address available on his website to contact him, informing him that he possessed my stolen property, and advising him to return it. I also attempted to contact Shane via Twitter.

Shane responded via Twitter private message the same day. He commented on his purchase of my stolen NFT as follows:

“I put WETH bids on various v1 punks the other day and one recently sold to me, so I’m sorry if that’s the one you are speaking of which you owned prior to someone else. Certainly, I’d be fine with returning it to you for what I just paid if that would be helpful in this scenario?”

Replying to Shane, I advised him that the law requires return of stolen property. I encouraged him to file police reports and seek compensation from whomever sold my stolen property to him. And I offered to help him with that. As our communication shifted to email, Shane informed me that:

“I’ve contacted the folks at Orem PD yesterday to ask about this situation and reiterated that I am happy to be helpful where I can be. They’ve told me they will likely be in touch soon, so I’ll await any updates from them.”

At this time, OpenSea still had not acted on my theft report. So, supposing that Orem PD would soon intervene, and supposing Shane would soon return my stolen NFT, I contacted OpenSea again. And I asked them not to take action on the theft report. Although they didn’t respond, the NFT remained tradable on their platform.

On 24 May 2022, I contacted Shane again. I asked him to return my stolen NFT. And I asked him whether he had heard back from Orem PD. His reply included the following:

“No, I have not yet heard more from Orem PD or other authorities since reaching out to them last, but they said they will be in touch with me should there be a need. I of course will want to just verify the case details and see all their evidence/proof that the NFT was stolen from their end, so I will wait to find out more about the case and hear this from them. … In the meantime, I hope it’s helpful to hear that I am not planning to list/sell the NFT unless it’s to you so do not worry about that.”

On 31 May 2022, Shane contacted me. His message included the following:

“Just wanted to send you a note to let you know that I did hear from Orem PD today and spoke to an officer. He also recommended I file a report with IC3/FBI, so I did so today. So, I’ll await hearing more information from them once they process the case and can update us on it.”

As of 20 June 2022, neither the police nor the FBI had responded to my requests for updates on the case. So I contacted Shane again, asking how we could proceed with return of my stolen NFT. His response included the following:

“I remain willing to sell the NFT that I purchased to you for the V1 Punks floor price (or perhaps less as long as I cover my costs) if you’d like to acquire it from me, but otherwise I’d like to wait to get any sort of confirmation from an authority that can show clear proof of theft so I know for certain that I’m not being scammed in some way myself.”

I replied, again advising Shane of the legal requirement to return stolen property, and informing him that I would not purchase my stolen property. But I offered to sign an agreement to help him seek compensation from whomever sold my stolen property to him. And I offered, as part of that agreement, to give him a loan for half the amount that he paid for the stolen NFT, with payback due only if and when he received the compensation.

In reply, Shane’s last message to me included the following:

“I hope you understand that I would prefer to simply wait for a formal determination from the authorities as to whether there is proof this asset is indeed stolen or if there is not sufficient evidence. … I am not in a rush here, and so will be patient and trust in what authorities determine, if anything, and will absolutely let you know if I hear anything on this end about that.”

On 14 July 2022, Shane sold my stolen NFT for 7.213 WETH ($8,591.55). At this time, I had heard nothing from Shane since his message on 20 June 2022. I had never received any guidance from the FBI. And I had received no additional guidance from Orem PD.

When I noticed the sale on 16 July 2022, I contacted OpenSea again and asked them to proceed with halting additional sales of my stolen NFT on their platform. I began seeking legal advice. And I contacted Shane for the last time to inform him of these actions. Shane’s lawyer replied to my message.

LooksRare

OpenSea halted sales of my stolen CryptoPunk V1 1234 on 16 July 2022. Since then, it has been sold a couple more times on the LooksRare marketplace. Unlike OpenSea, LooksRare doesn’t halt sales of stolen NFTs. Instead, they put a warning flag on stolen NFTs, but still allow sales to proceed.

On 18 July 2022, a LooksRare account with OpenSea handle “g3f” sold my stolen NFT for 6.37 WETH ($10,001.04) to an address with ENS domain “0189.eth” (since changed to “681.eth”). I tried, unsuccessfully, to contact the owner of the “g3f” account prior to the sale. But I didn’t have much to go on. And OpenSea wouldn’t help me.

On 19 July 2022, the “0189.eth” address sold my stolen NFT for 6.8502 WETH ($10,547.48) to a LooksRare account with OpenSea handle “PunkyPunkster.” I tried to contact the owner of the “PunkyPunkster” account, including multiple attempts via Twitter. None of those attempts were successful.

I’ve had conversations with people who believe the LooksRare policy is better than the OpenSea policy. Their argument, usually, is that OpenSea hurts people who unknowingly acquire stolen property by making it hard to resell that property. I wonder if they think it should be legal to resell other stolen property, like jewelry and automobiles. I wonder if they’ve watched, powerlessly, as others profit by reselling their stolen property in public marketplaces.

On 22 August 2022, I received word from Orem PD that they had assigned a detective from their cyber task force to my case. To help initiate their investigation, they requested information. And of course I provided everything that I could.

Current Status

Consequent to the scam, I no longer possess CryptoPunk V1 1234, which I bought about ten months ago for about $47,104.99. It’s been nearly a year since it was stolen from me. During that time, four people have resold my stolen NFT:

1. The owner of the second anonymous address sold my stolen NFT for about $8,089.69, grossing about $8,089.69 within about three days.

2. Shane Lavalette sold my stolen NFT for about $8,591.55, grossing about $501.86 within about two months.

3. The owner of the “g3f” account sold my stolen NFT for about $10,001.04, grossing about $1,409.49 within about four days.

4. And the owner of the “0189.eth” address sold my stolen NFT for about $10,547.48, grossing about $546.44 within about one day.

As of 16 January 2023, the owner of the “PunkyPunkster” account still possesses my stolen NFT. None of my attempts at contact appear to have been successful, although I suspect they’ve been ignored. And yesterday, on 15 January 2023, the owner of the “PunkyPunkster” account listed my stolen NFT for sale on the Sudoswap marketplace.

CryptoPunk V1 1234 is currently worth at least 5.99 ETH ($9,323.97), based on the lowest asking price for any CryptoPunk V1 on the market. That’s far below what I paid for it. But of course I still want my stolen property back, and remain hopeful that it will happen eventually.

I still haven’t heard anything from the FBI. Maybe they consulted with Orem PD regarding the case that I filed. I don’t know.

I’m now eagerly watching the progress of the investigation by Orem PD.