By Quentin Fottrell
‘My $25,000 ballooned to $63,000 super-fast. I was like, ‘OMG, this is amazing.’"
Vinny Zane has a taste for life — and an appetite for risk.
The 38-year-old teacher and father of a 2-year-old son on Brooklyn’s Coney Island got into crypto in 2017 with $4,000 worth of Bitcoin, and jumped into NFTs, or non-fungible tokens, last year.
"It was a learning curve for me," he told MarketWatch. "We’re still fairly new in the cryptocurrency space even though it’s been around for over a decade. I started FOMO-ing into all these little coins, and everything was doing well at the time. I was, like, ‘Whoa, it’s incredible. I’ve no idea what I’m buying, but I’m going to keep buying.’ My $25,000 ballooned to $63,000 super-fast. I was like, ‘OMG, this is amazing.’"
Zane experienced his first crypto bear market in 2018 when the Securities and Exchange Commission made noises about regulating the space, and he has had a wild, crazy ride ever since. Cryptocurrency is still the Wild West of investing with multi-million-dollar hacks, which in some cases Zane has managed to dodge by the skin of his teeth.
Like many other crypto enthusiasts, he is feeling his way through the latest slump in digital currencies, a bear market wrought deep by red-hot inflation, interest-rate hikes and geopolitical uncertainty. He watched his investments implode in 2018. It was not pretty.
"It was dropping by $7,000 to $8,000 a day," Zane said. "After about two weeks, I was basically even. I thought, ‘Screw it. I’ll leave it there; maybe it will come back up.’ Over the last two years, I have had a huge loss. That original $25,000 investment was sitting at $6,000 for the majority of those two years. In 2019, it went up to $12,000, then at some time in 2020 when it was at $19,000 to $20,000, I jumped into my portfolio and sold off all the alternative coins. The majority of them were down 80%. I sold off whatever I could. I just kept Ethereum and Bitcoin."
Zane found himself at a virtual crossroads. "Do I cash out now and be done with crypto because it’s been a rough two or three years, or keep going?" he said. "I decided to keep going. I eventually invested about $60,000 in total. That $60,000 went all the way up to $150,000 in 2021 when Bitcoin was crushing it."
That was before the current crypto crisis. "There have been tons of ups and downs in 2022," he said.
And so he started dabbling in NFTs last September, buying digital art and other collectibles. Today, he holds about $50,000 in crypto and bought $70,000 in NFTs — with earlier profits made on his crypto-portfolio money.
After years of highs and lows, Zane has — more or less — doubled his money. Out of that original $60,000 investment, he now has $120,000 in total.
He has a high risk tolerance for making a fast buck, but Zane also believes in the long game of compound investing. He puts $500 a month into a Roth IRA, and has a 529 plan for his son. "When he’s 18, he will hopefully have no debts for college if he chooses to go," he said. He and his partner have life-insurance policies each worth $250,000. He is also dollar-cost averaging — investing a fixed dollar amount on a monthly basis — with Vanguard’s S&P 500 ETF (VOO) and Vanguard’s Total Stock Market Index Fund ETF (VTI).
Zane remains optimistic on the stock market, despite its current woes. "From time to time I take a look," he said. "But like I said, I haven’t really looked in a while. You don’t want to get discouraged. There have been good days and bad days. The same with crypto."
First comes crypto, then come hackers
Dramatic price fluctuations are not the only problem. Wallet hacking is a persistent threat among platforms that host crypto and NFTs. Zane has come close to losing it all.
When you "mint" NFTs, you’re allowing your wallet to connect to that website. "With hackers, instead of giving you an NFT, they’re draining your NFTs," he said. "By the time you’ve figured it out, it may be too late."
"The scary part of the crypto space, more so with NFTs, is that you can so easily get compromised and hacked and lose everything," Zane said. "I have had a couple of close calls, and I had to act fast. Very often, the hackers will post fake minting sites, pretending to be an admin, and people will click on that link and give permission to access their wallet and download."
When Zane was an NFT newbie, he fell victim to a phishing scam on the Desperate ApeWives NFT Discord server when a hacker sent him a direct message (DM). "I was driving when I got the notification. I thought it was in the official announcement section of the Discord, rather than a DM. I clicked on it and sent them $500 and didn’t get anything in return, and I realized I messed up.
He changed his wallet, and moved everything over. "You can always start a new wallet" Zane said.
Zane tracked the hacker’s wallet. They made about $150,000 in Ethereum in about two hours, he said. That’s a lot of people falling for that $500 phishing scam. The takeaway: "You have to shut off your DMs, and don’t answer any DMs unless you know them personally."
He also clicked on an erroneous link on the Floppy NFT Discord server, realizing moments later that it was a hacker. He jumped into action. He navigated to Revoke.cash, a site dedicated to reversing such transactions.
"Every time you revoke that access, you pay a fee. That gets a little expensive," he said. "But it’s worth it, if you really have valuable assets. It’s such a useful tool in this space. I realized I got hacked within a minute. It was a little suspicious. Nothing updated. I thought, ‘All right, something’s off here.’ They quickly made an announcement that they got hacked. Thankfully, they didn’t take anything."
Rosco Kalis, the creator of Revoke.cash, said his site relies on donations, but making a "smart contract" on Ethereum — as Zane did — incurs a fee paid to the Ethereum network.
"One of the things that you can do on Ethereum is set up an allowance so that someone else can spend funds or NFTs on your behalf," Kalis told MarketWatch. "As you can imagine, it can also be dangerous to have a lot of those allowances."
Transaction fees have skyrocketed along with crypto’s popularity, Zane said, so while revoking an allowance may have cost $0.02 in 2019, there have been times where it cost more than $20 in 2021 "because so many people wanted to send transactions at the same time."
Not everyone is as fortunate or quick-thinking as Zane. Earlier this month, a hacker stole $360 million worth of NFTs from Bored Ape Yacht Club, according to Yuga Labs, the parent company of BAYC. "Our Discord servers were briefly exploited today," the site’s Twitter (TWTR) account said June 4. "The team caught and addressed it quickly. About 200 ETH worth of NFTs appear to have been impacted." It was the third such attack on a Yuga-run account in recent times.
Bored Ape Yacht Club said on Twitter that it never offers surprise mints or giveaways. (A spokesperson for Yuga Labs declined to comment beyond what the company said on Twitter.)
"Double-check the official links," Zane said. "Double-check to see if that’s the site you used to mint originally. If you’re patient, you’re going to see people fall for it and complain about it. There are thousands of people who use Discord. The ones who get compromised will expose it. These hackers are very, very sneaky."
Attempted takeover of a T-Mobile SIM card
He had an even scarier experience when he was browsing on his phone at 11 p.m. one Sunday in late April and lost his T-Mobile service, even though his Wi-Fi was still connected.
"Sometimes, cell phones get glitchy," Zane said. "I thought nothing of it. I shut off my phone and powered it back on, and I started getting emails. I see an email in my junk from T-Mobile. It says your SIM card number was changed from this to this. I didn’t speak to T-Mobile. I didn’t do anything."
He was lucky he was up late, because that’s when the hacking began in earnest. One more lucky break: He used his girlfriend’s mobile phone to call T-Mobile. "We don’t have a landline," he said. "I don’t think anyone has a landline these days, except my parents."
Zane had two-factor authentication on his accounts, but his prompt was not a text message or a phone call; it was a Google (GOOGL) authentication app that generates a six-digit passcode every 30 seconds. That choice of two-factor authentication was no accident, and it may have saved his bacon. "When hackers take over your phone, they only access your texts and calls, not your apps."
"Somebody got in touch with T-Mobile and accessed my account. I got an email that my Coinbase password was reset. I’m like, ‘This is scary.’ Then my Hotmail password was reset. Right away, I start panicking. I didn’t want to do anything rash."
The first thing he did was change the password on this Coinbase account. "I called T-Mobile and explained everything to them. They suspended my account." The next day, he checked his bank accounts, and everything was fine. He went to T-Mobile store the next day and got a new SIM card.
One lingering puzzle: Zane said he doesn’t know how someone managed to change his SIM card without he himself authorizing it. "It doesn’t make sense."
A spokesperson for T-Mobile told MarketWatch that the company would review what happened in Zane’s case.
Zane suspects the attempted hack that quiet Sunday night was related to an investigation launched by T-Mobile in August 2021 after reports that a hacker was allegedly trying to sell the personal data of more than 100 million T-Mobile customers. Vice’s Motherboard first reported the incident, in which a hacker on an online forum claimed to be selling private data that included names, Social Security numbers, addresses, phone numbers and driver’s license information.
(MORE TO FOLLOW) Dow Jones Newswires
Transparency is how we protect the integrity of our work and keep empowering investors to achieve their goals and dreams. And we have unwavering standards for how we keep that integrity intact, from our research and data to our policies on content and your personal data.
We’d like to share more about how we work and what drives our day-to-day business.
We sell different types of products and services to both investment professionals and individual investors. These products and services are usually sold through license agreements or subscriptions. Our investment management business generates asset-based fees, which are calculated as a percentage of assets under management. We also sell both admissions and sponsorship packages for our investment conferences and advertising on our websites and newsletters.
How we use your information depends on the product and service that you use and your relationship with us. We may use it to:
To learn more about how we handle and protect your data, visit our privacy center.
Maintaining independence and editorial freedom is essential to our mission of empowering investor success. We provide a platform for our authors to report on investments fairly, accurately, and from the investor’s point of view. We also respect individual opinions––they represent the unvarnished thinking of our people and exacting analysis of our research processes. Our authors can publish views that we may or may not agree with, but they show their work, distinguish facts from opinions, and make sure their analysis is clear and in no way misleading or deceptive.
To further protect the integrity of our editorial content, we keep a strict separation between our sales teams and authors to remove any pressure or influence on our analyses and research.
Read our editorial policy to learn more about our process.
© Copyright 2022 Morningstar, Inc. All rights reserved. Dow Jones Industrial Average, S&P 500, Nasdaq, and Morningstar Index (Market Barometer) quotes are real-time.