Thursday, September 21, 2023
HomeTop NFT CollectionMoonbirds creator Kevin Rose loses $1.1M+ in NFTs after 1 wrong move

Moonbirds creator Kevin Rose loses $1.1M+ in NFTs after 1 wrong move

Kevin Rose, co-founder of the non-fungible token (NFT) collection Moonbirds, fell victim to a phishing scam that stole over $1.1 million worth of his personal NFTs.

The NFT creator and PROOF co-founder shared the news with his 1.6 million Twitter followers on January 25, urging them not to purchase Squiggles NFTs until they are flagged for theft. .

“Thanks for all the kind and supportive words. Full report coming,” he said share In another tweet about two hours later.

It is understood that Rose’s NFTs were exfiltrated after he signed a malicious signature that transferred a significant portion of his NFT assets to abusers.

Independent analysis Arkham’s research found that the attackers extracted at least 1 Autoglyph (345 ETH), 25 Art Blocks (aka Chromie Squiggle) (332.5 ETH), and 9 OnChainMonkey items (7.2 ETH) .

In total, at least 684.7 ETH ($1.1 million) was extracted.

How Kevin Rose was exploited

While several independent on-chain analyzes have been shared, Arran Schlosberg, vice president of PROOF, the company behind Moonbirds, told his 9,500 Twitter followers that Rose was “a malicious signature. I was tricked into signing it.” Exploiters transferring large amounts of tokens:

Crypto analyst “foobar” further elaborated on the “technical side of the hack” in another post on Jan. 25, stating that the OpenSea marketplace contract that moves all NFTs every time Rose signs a transaction. explained that it has approved

He added that Rose has always been “one malicious signature” away from exploits.

Crypto analysts said Rose should have instead “siloed” NFT assets into separate wallets.

“You can prevent this by moving assets out of vault to a separate ‘sale’ wallet before listing on the NFT marketplace. ”

Another on-chain analyst, “Quit,” further explained to his 71,400 Twitter followers that Seaport marketplace contracts (the platform that powers OpenSea) enabled malicious signatures.

Quit helps exploiters Phishing sites that were able to view NFT assets It’s in Rose’s purse.

The exploiter then sets orders for all of Rose’s approved assets. OpenSea is then transferred to you.

Rose then verified the malicious transaction, Quit said.

Related: Bluechip NFT Project Moonbirds Signs With Hollywood Talent Agent UTA

foobar, on the other hand, pointed out that most of the stolen assets were well above the minimum price. That means he could have stolen as much as $2 million.

OpenSea users “need to stay away” from other websites that urge users to sign anything they deem questionable, Quit urged.

NFT in motion

On-chain analyst “ZachXBT” shared the transaction map to his 350,300 Twitter followers. This indicates that the abuser sent the asset to his FixedFloat. This is a cryptocurrency exchange on the Bitcoin Layer 2 “Lightning Network”.

The exploiters then transferred the funds to Bitcoin (Bitcoin) Before depositing BTC into the Bitcoin Mixer:

Crypto Twitter member “Degentraland” told his 67,000 Twitter followers that it was “the saddest thing” he had ever seen in the crypto industry, vowing from such a devastating exploit. If anyone could come back, he added, “It’s him.”

Meanwhile, Bankless founder Ryan Sean Adams was furious that Rose was so easily abused. January 25th tweet, Adams urged front-end engineers to get their hands on the game and improve the user experience (UX) to avoid such scams.