Kevin Rose, co-founder of the non-fungible token (NFT) collection Moonbirds, fell victim to a phishing scam that stole over $1.1 million worth of his personal NFTs.
The NFT creator and PROOF co-founder shared the news with his 1.6 million Twitter followers on January 25, urging them not to purchase Squiggles NFTs until they are flagged for theft. .
i just got hacked. Wait for more info – don’t buy squiggles until flagged (just lost 25) + some other NFTs (autoglyphs)…
— KΞVIN R◎SE (,) (@kevinrose) January 25, 2023
“Thanks for all the kind and supportive words. Full report coming,” he said share In another tweet about two hours later.
It is understood that Rose’s NFTs were exfiltrated after he signed a malicious signature that transferred a significant portion of his NFT assets to abusers.
GM – Oh my God!
I got phishing scam today. Tomorrow, as a reminder, we’ll be covering all the details live on our Twitter space. Technically, it looks like this: https://t.co/DgBKF8qVBK
— KΞVIN R◎SE (,) (@kevinrose) January 25, 2023
Independent analysis Arkham’s research found that the attackers extracted at least 1 Autoglyph (345 ETH), 25 Art Blocks (aka Chromie Squiggle) (332.5 ETH), and 9 OnChainMonkey items (7.2 ETH) .
In total, at least 684.7 ETH ($1.1 million) was extracted.
How Kevin Rose was exploited
While several independent on-chain analyzes have been shared, Arran Schlosberg, vice president of PROOF, the company behind Moonbirds, told his 9,500 Twitter followers that Rose was “a malicious signature. I was tricked into signing it.” Exploiters transferring large amounts of tokens:
1/ This is classic social engineering tricking the KRO into giving them a false sense of security. The technical aspects of the hack were limited to creating signatures accepted by OpenSea’s marketplace agreements.
— Alan (@divergencearran) January 25, 2023
Crypto analyst “foobar” further elaborated on the “technical side of the hack” in another post on Jan. 25, stating that the OpenSea marketplace contract that moves all NFTs every time Rose signs a transaction. explained that it has approved
He added that Rose has always been “one malicious signature” away from exploits.
Be very careful when signing anything, even off-chain signing. Kevin Rose drained $2 million worth of her NFTs from her vault by signing one malicious seaport bundle.Thankfully a few things have been thwarted, like Punk Zombie (1000 ETH) that can’t be traded on the OS pic.twitter.com/GXHR3NQHLf
— Hoover (@0xfoobar) January 25, 2023
Crypto analysts said Rose should have instead “siloed” NFT assets into separate wallets.
“You can prevent this by moving assets out of vault to a separate ‘sale’ wallet before listing on the NFT marketplace. ”
Another on-chain analyst, “Quit,” further explained to his 71,400 Twitter followers that Seaport marketplace contracts (the platform that powers OpenSea) enabled malicious signatures.
Kevin Rose lost over $2 million in assets by signing off-chain signatures that create a list of all OpenSea approved assets at once.
seaport is a powerful tool, but it can be dangerous if you don’t know how it works.
A little context 1/
— Quit (@0xQuit) January 25, 2023
Quit helps exploiters Phishing sites that were able to view NFT assets It’s in Rose’s purse.
The exploiter then sets orders for all of Rose’s approved assets. OpenSea is then transferred to you.
Rose then verified the malicious transaction, Quit said.
foobar, on the other hand, pointed out that most of the stolen assets were well above the minimum price. That means he could have stolen as much as $2 million.
OpenSea users “need to stay away” from other websites that urge users to sign anything they deem questionable, Quit urged.
NFT in motion
On-chain analyst “ZachXBT” shared the transaction map to his 350,300 Twitter followers. This indicates that the abuser sent the asset to his FixedFloat. This is a cryptocurrency exchange on the Bitcoin Layer 2 “Lightning Network”.
The exploiters then transferred the funds to Bitcoin (Bitcoin) Before depositing BTC into the Bitcoin Mixer:
Three hours ago, Kevin was phished for over $1.4 million in NFTs. Today the same scammer stole his 75 ETH from another victim.
Mapping this out, there is a clear trend of sending stolen funds to FixedFloat and exchanging them for BTC before depositing them into Bitcoin mixers. https://t.co/2yrFpfYttT pic.twitter.com/ZlywPYydwx
—ZachXBT (@zachxbt) January 25, 2023
Crypto Twitter member “Degentraland” told his 67,000 Twitter followers that it was “the saddest thing” he had ever seen in the crypto industry, vowing from such a devastating exploit. If anyone could come back, he added, “It’s him.”
The saddest thing I’ve ever seen in crypto.@Kevin Rose My wallet is empty.
If anyone can come back from this, it’s him. pic.twitter.com/HZysg34qji
— Degentraland (@Degentraland) January 25, 2023
Meanwhile, Bankless founder Ryan Sean Adams was furious that Rose was so easily abused. January 25th tweet, Adams urged front-end engineers to get their hands on the game and improve the user experience (UX) to avoid such scams.