Today I read about a case that really shows how complicated and risky the world of cybersecurity and digital assets can be. It involved a major misunderstanding by law enforcement, which led to the wrongful detention of Sam Curry, a respected former security researcher at Yuga Labs—the company behind the famous Bored Ape Yacht Club (BAYC) NFTs.
The case dates back to December 2022, when a hacker managed to steal 14 Bored Ape NFTs, each valued at approximately $86,000 at the time. The total loss exceeded $1 million. Authorities trying to track the culprit mistakenly relied on OpenSea's server logs, which included Curry’s home IP address. Based on this, they assumed he was involved.
But the truth was very different. Sam Curry was actually investigating the hack from the inside, doing his job as a security researcher. He had accessed the attacker’s trail using a private key that the hacker had accidentally left in the website's JavaScript. Unfortunately, this key also triggered Curry’s IP to appear in logs, leading to the confusion.
The error came to light when independent cybersecurity analyst ZachXBT posted his findings today on X (formerly Twitter). He had spent time tracing the stolen crypto assets through Tornado Cash, a popular Ethereum mixer used to obscure transaction history. His investigation pointed to a different wallet, which was linked to a now-deleted X account—likely belonging to the real scammer.
ZachXBT is now calling on law enforcement to dig deeper: analyze on-chain transactions, request data from the suspect’s social media accounts, and ensure that justice is done properly.
This incident is a strong reminder of the challenges investigators face when dealing with cybercrime—especially in the world of blockchain, where everything is traceable, yet easy to misinterpret. It also shows the risks security professionals take when tracking bad actors—they can easily be mistaken for one.
As of today, Bored Ape Yacht Club NFTs are still holding strong in the market, with a market cap over $300 million, according to CoinGecko. The floor price on OpenSea is around $30,000, though it varies depending on the rarity of the individual ape.
It’s both fascinating and a little alarming how digital clues can be misread—and how crucial skilled independent researchers like ZachXBT are in helping get things rights.