• Roh

How 5,000 baby apes were stolen from their parents.

Within NFTs, derivatives of existing projects are commonplace. As are blatant copycats, although those are typically given the label of “scam” and quickly removed from the space shared by the community.

Between those two pillars—creative derivative work (often appreciated) and pixel-perfect copies—there’s a gray area. How closely can you approach the source material before it’s too close? Can the art be the same if the mode of purchase is in SOL rather than ETH?

Needless to say, there’s an open discussion to be had about the topic of copyright, dominated in the web3 space through terms like provenance and ownership and often dictated by the public records that sit on the blockchain.

The following, however, sits squarely on one side of the spectrum—a blatant copy of not just the art (although that was shamelessly copied), but an entire project built by three founders.

The Culprit

If you were lucky enough to find yourself on Twitter late into this past Sunday evening/early Monday morning, you likely stumbled across a small BAYC-derivative project called Lil Baby Ape Club.

With most blue-chip derivatives running the risk of rejection by the original community it derives from, these lil apes were widely well-received by fellow Bored Apes and others in the space.

So much so that half a day later, they were trading at over 30x their initial mint price.

However, what loomed behind the faces of these mini primates (and the supposed solo-creator who netted nearly 100ETH through the mint sales alone), was a clear distress signal. They were stolen from their original authors.

The Heist

I’ll break the evidence down into three parts—the contract publication date, the IPFS hash (aka the art/metadata), and the domain registration.

While there are a few other pointers we can look at, these are the most obvious and sufficient in painting the picture.

Before we begin, let me share the links of both token contracts, in case you’d like to follow along:

Original Lil Baby Ape Club: https://etherscan.io/address/0x918f677b3ab4b9290ca96a95430fd228b2d84817

Copycat Lil Baby Ape Club (the sold-out collection that is moving volumes): https://etherscan.io/address/0xb48eb7b72ff5a4b5ef044ea9e706c990bb33884d

1. Contract Publication Date

When a new NFT collection is launched on the blockchain, a creator contract needs to be deployed. This is the code that sits and mints (i.e. creates) each NFT token associated with that collection.

While NFT contracts (ERC721) often share similar attributes/functions, there are a few descriptives that they can uniquely set—one of these are the token tracker (i.e. the name of the NFT collection).

For this argument, the token tracker doesn’t really matter except to make a small reference to the fact that two NFT collections exist, both sharing the name of Lil Baby Ape Club.

One (the original) was published on Nov. 08 2021 while the other (the copycat) was published on Nov. 12 2021.

Of course, there’s a possibility that both of these contracts were projects that simply share the same name. That’s where the next point of concern, arguably far more damning, comes into play.

2. IPFS Hash (Art & Metadata)

With any NFT collection, ERC721 allows each NFT to point to a specific URI as a reference for the metadata. Often, located within this metadata is an image attribute that presents the exact image that is used (among all of the other trait attributes that we’re all familiar with). In more simple speak, the hash is the art.

While some contracts allow a NFT collection’s hash to be changed (this is how pre-reveal projects work), they are often set upon contract deployment. Any changes would be recorded as a subsequent transaction in the records.

If we take a look at the transaction history for the original contract, we can see that the only transaction that took place was its original deployment, meaning the hash pointing to the art was set from the start (Nov. 8th).

If we call on one of the original contract’s functions to see which IPFS hash is being used, we receive the following response:


This was the IPFS hash that was set when the contract was first deployed, and used as the URI for the NFT’s metadata/artwork.

With this, we know that the original creators deployed their contract on Nov. 8th and uploaded their artwork to the above IPFS hash. Now, let’s take a look at the copy-cat contract and see which IPFS hash they uploaded their work to…

What we find is astonishing—they did not upload any original metadata to IPFS. Instead, they pointed to the exact same IPFS hash that the original project created with the exact same metadata.

In fact, if you read the metadata for certain pieces of the copy-cat collection, you can even see the domain (point #3) of the original creators included within the description attribute: https://opensea.io/assets/0xb48eb7b72ff5a4b5ef044ea9e706c990bb33884d/1186

Every single NFT in the copycat collection simply references and points to the exact collection that the original creators uploaded. Whether the copycat collection set their base URI on creation, or switched it afterwards, doesn’t matter—both of those possible dates would’ve occurred after the original creators had already uploaded their art.

3. Domain Name Registration

After the second point, this doesn’t even really matter. However, as a small piece of support, you can check the registration dates of both domain names using a simple WHOIS record check.

Original Creator = https://www.lilbabyapeclub.com = registered on Oct. 23, 2021 [WHOIS]

Copycat = https://lilbabyape.club/ = registered on Nov. 8, 2021 [WHOIS]

While it’s hard to conclusively determine if the copy/content really originated from the original website first (since edits can happen at any point in time), it’s highly unlikely that any sort of creations came from the copycat.

The Next Steps

It’s hard to say what this means for either the original creators, or the copycat collection. At this point, with nearly 3k owners of the copycat collection, there’s a lot of people with a lot to lose.

Personally, I unknowingly purchased 3 of the copycat collection when the floor was around 0.07 ETH. Only then did I stumble across the original creators when their short-lived pleas were banned from the copycat collection’s Discord.

From there, a bit of digging into the blockchain records and a quick discussion with the original team surfaced the fact that months of work from 3 creators was swiftly stolen by a copycat who proceeded to net themselves a hearty 100 ETH.

Whether we rescue the babies and bring them back to the original parents is up to the community to decide—I know where my support lies.

Note: At the time this article was written, I wasn’t aware of the issues that surfaced surrounding the racist traits. This article is solely a statement on who created the art and not a testament to the quality of the art. Those traits are a real concern deserving of a real discussion—one that isn’t had in this article.


Follow the author Roh on Twitter