Kevin Rose, co-founder of the non-fungible token (NFT) collection Moonbirds, fell victim to a phishing scam that stole over $1.1 million worth of his personal NFTs.
The NFT creator and PROOF co-founder shared the news with his 1.6 million Twitter followers on Jan. 25, urging them not to buy Squiggles NFTs until they are flagged for theft. .
I just got hacked. Please wait for more details – avoid buying some other NFTs (autoglyphs) until flagged (lost 25) + some other NFTs (autoglyphs)…
— KΞVIN R◎SE (,) (@kevinrose) January 25, 2023
“Thanks for all the kind and supportive words. Full report coming,” he said share In another tweet about two hours later.
It is understood that Rose’s NFTs were exfiltrated after he signed a malicious signature that transferred a significant portion of his NFT assets to abusers.
GM – Oh my God!
I got phishing scam today. Tomorrow, as a reminder, we’ll be covering all the details live on our Twitter space. Technically, it looks like this: https://t.co/DgBKF8qVBK
— KΞVIN R◎SE (,) (@kevinrose) January 25, 2023
Independent analysis From Arkham, we know that exploiters have extracted at least one Autoglyph with a floor price of 345 ETH. 25 of his art blocks, also known as Chromie Squiggle. Worth at least 332.5 ETH in total. 9 OnChainMonkey items worth at least 7.2 Ether.
In total, at least 684.7 ETH ($1.1 million) was extracted.
How Kevin Rose was exploited
While several independent on-chain analyzes have been shared, Arran Schlosberg, vice president of PROOF, the company behind Moonbirds, said to his 9,500 Twitter followers that Rose “signs a malicious signature. I was made to do so,” he explained. Exploiters transferring large amounts of tokens:
1/ This is classic social engineering tricking the KRO into giving them a false sense of security. The technical aspects of the hack were limited to creating signatures accepted by OpenSea’s marketplace agreements.
— Alan (@divergencearran) January 25, 2023
Crypto analyst “foobar” further elaborated on the “technical side of the hack” in another post on Jan. 25, stating that the OpenSea marketplace contract that moves all NFTs every time Rose signs a transaction. explained that it has approved
He added that Rose has always been “one malicious signature” away from exploits.
Be very careful when signing anything, even off-chain signing. Kevin Rose drained $2 million worth of her NFTs from his vault by signing one malicious seaport bundle.Thankfully a few things have been thwarted, like Punk Zombie (1000 ETH) that can’t be traded on the OS pic.twitter.com/GXHR3NQHLf
— Hoover (@0xfoobar) January 25, 2023
Crypto analysts said Rose should have instead “siloed” NFT assets into separate wallets.
“You can prevent this by moving assets out of vault to a separate ‘sale’ wallet before listing on the NFT marketplace. ”
Another on-chain analyst, “Quit,” told his 71,400 Twitter followers that the malicious signature was made possible by Seaport Marketplace Contracts (the platform that powers OpenSea).
Kevin Rose lost over $2 million in assets by signing off-chain signatures that create a list of all OpenSea-approved assets at once.
seaport is a powerful tool, but it can be dangerous if you don’t know how it works.
A little context 1/
— Quit (@0xQuit) January 25, 2023
Quit helps exploiters Phishing sites that were able to view NFT assets It’s in Rose’s purse.
The exploiters then set orders to transfer all of Rose’s assets to themselves. Approved by OpenSea.
Rose then verified the malicious transaction and mentioned Quit.
foobar, on the other hand, pointed out that most of the stolen assets were well above the minimum price. That means he could have stolen as much as $2 million.
OpenSea users “need to stay away” from other websites that urge users to sign anything they deem questionable, Quit urged.
NFT in motion
On-chain analyst ZachXBT shared a transaction map to his 350,300 Twitter followers, showing that exploiters sent assets to FixedFloat. This is a cryptocurrency exchange on the Bitcoin Layer 2 “Lightning Network”.
The exploiters then exchanged the funds for Bitcoin (Bitcoin) Deposit BTC into Bitcoin Mixer.
Three hours ago, Kevin was phished for over $1.4 million in NFTs. Today the same scammer stole his 75 ETH from another victim.
Mapping this out, there is a clear trend of sending stolen funds to FixedFloat and exchanging them for BTC before depositing them into Bitcoin mixers. https://t.co/2yrFpfYttT pic.twitter.com/ZlywPYydwx
—ZachXBT (@zachxbt) January 25, 2023
Crypto Twitter member Degentraland told his 67,000 Twitter followers that it was “the saddest thing” he had ever seen in the crypto industry, saying that someone would die from such a devastating exploit. If he could come back, he added, “It’s him.”
The saddest thing I’ve ever seen in crypto.@Kevin Rose My wallet is empty.
If anyone can come back from this, it’s him. pic.twitter.com/HZysg34qji
— Degentraland (@Degentraland) January 25, 2023
Meanwhile, Bankless founder Ryan Sean Adams was furious that Rose was so easily abused. January 25th tweet, Adams urged front-end engineers to take their game and improve the user experience (UX) to prevent such scams from taking place.