Illustrated by Aida Amell/Axios
Kevin Rose, a serial entrepreneur dating back to 2004 web pioneer Digg, was tricked into distributing a ton of highly valuable NFTs on Wednesday night.
Important reasons: A multi-part project that began with a seemingly mundane airdrop is a reminder of how easily even founders of NFT-focused companies can fall into the trap.
- In the ever-evolving world of cybercrime, it helps to pay attention to how bad actors use money and valuables to manipulate others.
detail: upon Twitter space On Thursday, Rose explained that a malicious airdrop was essential to tricking him into checking out a website that was designed to trick him into giving up his tokens.
- Arkham Intelligence Estimate The lost NFT value is $1.09 million.
note: Rose stores all of her valuable NFTs in hardware wallets that are typically offline. However, he took it out to sell some NFTs from his collection and went to the OpenSea marketplace to approve the items for sale.
- Connect your wallet The Memes by 6529 collection.
Be smart: An airdrop is someone sending a token to a known address, often to promote something. Still, they can be of value.
How it happened: Rose was on a half-attentive phone call while setting up an NFT sale. So he went to the airdrop website while the hardware wallet was active.
- As he said on Twitter Spaces, everything seemed legit and well-designed. Nothing prompted him to act urgently.
- “It’s also about multitasking, something you should never do when you’re messing around with NFTs,” says Rose.
afterwards: He finds a page that seems to indicate that he just needs to “sign in”, which turns out to be a fatal step. He realizes too late that he has given far more approval than he intended.
- “The moment I signed in, I realized something was wrong. I immediately received a follow-up signature and said, ‘Approve all of you.’ Mebitz‘ [a type of NFT],” he explained.
- We can see many NFTs leaving his wallet wednesdaybut he still has a lot of good stuff left.
environment: The key takeaway from Rose’s Spaces discussion here was that Memes by 6529 is a highly artistic collection of NFTs. Not big and famous. To understand that, you have to be an insider.
- This gave him more confidence than, say, a scam-like Twitter link promising an airdrop of the new Bored Apes, a very famous collection.
- Naming a more bespoke collection makes it seem more targeted.
do not know Even if he knew the attacker was targeting Rose himself, looking at the NFTs in his wallet suggests he must have been an insider.
- So this looks like “spear phishing”. a little the goal.
- The Moonbirds team plans to release a post-hack troubleshooting guide for other victims.
To the point: “We never forget that we are in a very fortunate position to have these NFTs in the first place,” Rose said on Twitter Spaces.