How Kevin Rose was duped into giving away valuable NFTs
Illustration: Aïda Amer/Axios
Kevin Rose, a serial entrepreneur dating back to 2004 internet pioneer Digg, was tricked into giving away a bunch of highly valuable NFTs on Wednesday night.
Why it’s important: The multi-part scheme that began with a seemingly mundane airdrop is a reminder of how easily even the founder of an NFT-focused company could be lured into a trap.
- In the ever-evolving world of cybercrime, it helps to be conscientious about how crooks manipulate others for money and valuable goods.
Details: On a Twitter Spaces on Thursday, Rose explained that the malicious airdrop was essential to trick him into checking out a website, which in turn was designed to trick him into giving up tokens.
- Arkham Intelligence Assumed they lost $1.09 million worth of NFTs.
Of the note: Rose keeps all of her valuable NFTs in a hardware wallet that is usually offline. But he had taken it out to sell a couple of NFTs from his collection, and visited the OpenSea market to approve the items for sale.
- Once he connected the wallet, he saw that he had an airdrop that looked like it came from The Memes by 6529 collection.
Be smart: An airdrop is when someone sends a token to a known address, often done to promote something. Still, they can end up being valuable.
How it happened: Rose was on a phone call that he was only half paying attention to while setting up the NFT sale. So he went to the airdrop site while his hardware wallet was active.
- As he said on Twitter Spaces, everything looked legit and well designed. Nothing pressed him to take immediate action.
- “This is also a story about multitasking, which you should never do when messing around with NFTs,” Rose said.
And then: He found a page that seemed to indicate that he should just “log in”, which turned out to be the fatal step. He realized too late that he had authorized much more than he thought.
- “When I logged in, I knew something was wrong because I immediately got a follow-up signature saying ‘authorize all your Meebits’ [a type of NFT],” he explained.
- A lot of NFTs can be seen leaving his wallet on Wednesday, but he still has a lot of good ones left.
Context: The crucial point here that Rose made in the Spaces discussion was that Memes by 6529 is a very artistic NFT collection. It is not big and famous. You have to be an insider to appreciate it.
- This inspired him more confidence than, say, a fraudulent Twitter link promising a new Bored Apes airdrop, a very famous collection.
- Naming a more tailored collection looks more purposeful.
We cannot know if the attacker knew they were going after Rose himself, but they could tell by looking at the NFTs in his wallet that he must have been an insider.
- In other words, this looks like “spear fishing”, when someone carefully designs a trick for one target or one in a way goal.
What we’re looking at: Rose is now the founder of an NFT focused company called PROOF Collective, best known for creating one of the top collections, Moonbirds.
- The Moonbirds team plans to release a post-hack troubleshooting guide for other victims.
Bottom line: “It’s not lost on me that I’m in a very fortunate position to even have these NFTs in the first place,” Rose said during Twitter Spaces.