I just got stolen from my newly released Collection of NFT's.
I recently created 3 NFT's collections to start trying my luck in this market.
The first thing I came across was the need to find a way to bulk upload to OpenSea, since, by the common OpenSea form, you can only upload one NFT at a time.
After the necessary research, I found out that the bulk upload had to be done through a Smart Contract.
Since I'm a programmer, I thought I'd learn a little bit of Solidity (the programming language for the Ethereum network) to start writing my own smart contract myself.
Eventually I ended up copying or writing based on guidance from a YouTuber, which I believe is being done by the millions of internet users trying to upload 10,000 NFT's to OpenSea in record time.
So, after finding out how the magic is done, I started the operation.
I came across a series of initial hurdles, of course. One of those obstacles was the very high fees that have to be paid. For a penniless like me, it's obvious that this was a huge hurdle. But there I found a way to do the thing for cheaper.
I won't go into too many technical specs here. I'll leave that for another article.
Here what is important to point out is that, I WAS ROBBED.
They ROBBED ME of about 10% of my collection.
“Oh, accounts hacked and stuff”, NO, NO, NO.
When uploading some of the NFT's, some transactions were suspended (on hold) until they were registered in the Blockchain.
When the transaction ended, I found that part of my collection belonged to 22 other users besides me. So it is. 22 users together stole part of my collection.
I went to see the Usernames or Display Names of those users and they all had strange names like 03De90 or ab45zf. Strange things like that. If the reader is an advanced computer user like me, you must have already suspected the same as me.
Exactly. Robots. Bots, or whatever you want to call them. Written, of course, by great Solidity engineers/hackers.
Therefore, they immediately put my NFT's on sale, at prices that were not even set by me, and even before I even finished uploading the entire collection (because I will have to upload in stages, because of the gas fees).
I still searched the transactions on Polygon Network Scanner to see if I could find out how they did it, but nothing, there's no record. The NFT's were "minted" directly from the null address to their address, without ever having gone through mine.
And so it is. I have the NFT's there, some of them for sale, without having been put up for sale by me or for the prices I would like to establish (some even for pennys like 0,0005 ETH).
And if it went directly to them, without ever having gone through me, I can only suspect that it was done during the transaction on the Blockchain. While it was “drawn” (and it was for several hours), the boys got there and dodged a few.
I can't complain to themselves, because OpenSea does not exchange messages between users, and all I have is an email from OpenSea where I can report the theft, but it will be a discarding of blame, and many of them will be attributed to me, because I copied a Smart Contract from a supposed YouTuber without understanding enough Solidity to write my own Smart Contract and without having the slightest idea of its possible vulnerabilities.
Of course me, like everyone else, what we want is to upload our 10,000 NFT’s quickly and painless and without costs. I backfired.
The good thing is that they're just graphics and I already know how to screw them up. I'm going to remove the stolen ones from the server, and they're going to get stuck. Because the title is theirs, but the server is mine. (Which IPFS, which, thank goodness I preferred to host them on my own server). And that's it, there I ended up using a series of technical jargon. It might work if they haven't decentralized the files yet.
But for now I'll even let it. I ended up having to put the maximum amount in Royalties (10%) and so if they eventually sell the items I always end up receiving 10% on each item. At least I think so. And some even put them on sale at 1 ETH (which is approximately 4000 dollars) and some even at 3 🤣🤣🤣🤣. If they sell 1 by 3 ETH, if all goes well, and I receive the royalties I'm supposed to, then I'll still get 1200 Dollars, eheheheh. See how it's worth trying despite the risks?
In short, the risks are many. Risks of theft and misappropriation, unexpected transactions, etc. Caution. Be wary of NFT's.
Be careful copying codes from some hacker on YouTube, but still I'm sure the person who uploaded the video to YouTube did it to help. I'm a programmer and the code didn't seem to have any kind of malice or “backdoors”.
So this is the work of smarter boys, more evil intelligence. And it's not hacked wallets or hacked OpenSea accounts that are to blame, but Blockchain transactions themselves hacked, yes, at the machine level where almost no one really knows what's going on. Except for a few smart-asses of course, probably the ones who wrote the rogue robots. But anyway.
Watch out for NFT's. That's just what I tell you. Creating a collection yourself, the only risk you run, which is what I took, is to see it partially stolen, but it's ok, it was just time invested (from which I hope at least to receive royalties), now don't get involved, going there trying to buy NFT's from others without being sure of the trust of the collection, look at the transactions and confirm if the first transaction was actually made from a null address to the creator or if it was made from a null address to a strange name full of numbers (🤖) .
And I'm ending my article for now, because, as usual, this is already very long. Just beware the NFTs for now.
Grateful to have you there.
L. R. Neves.