Moonbirds creator Kevin Rose loses $1.1M+ in NFTs after 1 wrong move

Kevin Rose, the co-founder of the non-fungible token (NFT) pool Moonbirds, has fallen victim to a phishing scam resulting in $1.1 million worth of his personal NFTs being stolen.

The NFT creator and PROOF co-founder shared the news with his 1.6 million Twitter followers on January 25, asking them to avoid buying any Squiggles NFTs until his team was able to get them flagged as stolen.

“Thank you for all the kind, supportive words. Full debrief to come,” he said shared in a separate tweet about two hours later.

It is understood that Rose’s NFTs were drained after he approved a malicious signature that transferred a significant portion of his NFT funds to the exploiter.

An independent analysis from Arkham found that the exploit extracted at least one Autoglyph, which has a floor price of 345 ETH; 25 Art Blocks – also known as Chromie Squiggles – worth at least 332.5 ETH in total; and nine OnChainMonkey items, worth at least 7.2 Ether.

In total, at least 684.7 ETH ($1.1 million) were mined.

How Kevin Rose was exploited

While several independent chain analyzes have been shared, Arran Schlosberg, the vice president of PROOF – the company behind Moonbirds – explained to his 9,500 Twitter followers that Rose “was phished into signing a malicious signature” that allowed the exploiter to transfer over a large number of tokens:

Cryptoanalyst “foobar” elaborated on the “technical aspect of the hack” in a separate post on January 25, explaining that Rose approved an OpenSea marketplace contract to move all of his NFTs whenever Rose signed transactions.

He added that Rose was always “one malicious signature” away from an exploit:

The cryptoanalyst said that Rose should instead “silo” his NFT holdings in a separate wallet:

“Moving assets from your vault to a separate ‘selling’ wallet before listing on NFT marketplaces will prevent this.”

Another chain analyst, “Quit”, told his 71,400 Twitter followers that the malicious signature was enabled by the Seaport marketplace contract – the platform that powers OpenSea:

Quit explained that the exploiters were able to set up a phishing website that could see the NFT funds in Rose’s wallet.

The exploiter then set up an order to transfer to himself all of Rose’s assets approved on OpenSea.

Rose then validated the malicious transaction, Quit noted.

Related: Bluechip NFT project Moonbirds signs with Hollywood talent agents UTA

Meanwhile, foobar noted that most of the stolen assets were well above the floor price, meaning the amount stolen could be as high as $2 million.

Quit urged that OpenSea users “must run away” from any other site that asks users to sign anything that looks suspicious.

NFTs on the go

On-chain analyst ZachXBT shared a transaction map to his 350,300 Twitter followers that showed the exploiter sending the assets to FixedFloat – a cryptocurrency exchange on the Bitcoin layer 2 Lightning Network.

The exploiter then exchanged the funds into Bitcoin (BTC) and deposited the BTC into a Bitcoin mixer:

Crypto Twitter member Degentraland told his 67,000 Twitter followers that it was the “saddest” thing they’ve seen in cryptocurrency to date, adding that if anyone can bounce back from such a devastating exploit, “it’s him”:

Meanwhile, Bankless founder Ryan Sean Adams was outraged by how easily Rose was able to be exploited. In a January 25 chirping, Adams urged front-end engineers to up their game and improve the user experience (UX) to prevent such scams from taking place.

You may also like...

Leave a Reply

Your email address will not be published. Required fields are marked *