Kevin Rose, co-founder of non-fungible token (NFT) collection Moonbirds, has been the victim of a scam that resulted in the theft of over $1.1 million worth of his personal NFTs.
The NFT creator and co-founder of PROOF shared the news with his 1.6 million Twitter followers on January 25, asking them to avoid buying any Squiggles NFTs unless he marked them as stolen. Do not manage to kill.
I just got hacked, stay tuned for details – please avoid buying squiggles until we flag them (only 25 lost) + a few other NFTs (an autoglyph) …
— KΞVIN R◎SE (,) (@kevinrose) January 25, 2023
“Thank you for all the kind, supportive words. Full debrief coming,” he added shared In a separate tweet about two hours later.
It is understood that Rose’s NFTs were terminated after signing a malicious signature that transferred a significant portion of her NFT assets to the exploiter.
GM – What a day!
Today I was a fish. Tomorrow we’ll be covering all the details live on the Twitter sites as a precautionary measure. Here’s how it went down, technically: https://t.co/DgBKF8qVBK— KΞVIN R◎SE (,) (@kevinrose) January 25, 2023
A free Analysis Arkham found that the exploiter had extracted at least one Autoglyph (345 ETH), 25 Art Blocks — also known as Chromie Squiggle — (332.5 ETH) and nine OnChainMonkey items (7.2 ETH).
In total, at least 684.7 ETH ($1.1 million) were withdrawn.
How was Kevin Rose exploited?
While several independent reviews have been shared online, Arran Schlosberg, vice president of PROOF – the company behind Moonbirds – explained to his 9,500 Twitter followers that Rose was “tricked into signing in bad faith” which Due to Exploit to pass on a large number of tokens:
1/ This was a classic piece of social engineering, lulling the KRO into a false sense of security. The technical side of the hack was limited to generating signatures accepted by OpenSea’s marketplace contract.
— Arran (@divergencearran) January 25, 2023
Crypto analyst “Fubar” further elaborated on the “technical aspect of the hack” in a separate post on January 25, explaining that Rose opened the door to transfer all of his NFTs every time Rose signed a transaction. Approved the C Marketplace Agreement.
He added that Rose was always “a malicious signature” away from an exploit:
Be extremely careful when signing anything, even off-chain signatures. Kevin Rose withdrew $2 million worth of NFTs from his wallet just by signing a malicious port bundle. Thankfully some things have been stopped, like Pink Zombies (1000 ETH) which cannot be traded on the OS. pic.twitter.com/GXHR3NQHLf
— foobar (@0xfoobar) January 25, 2023
The crypto-analyst said that Rose should have “sold” his NFT assets in a separate wallet instead:
“Listing to NFT markets before moving assets from your wallet to a separate “sell” wallet will prevent this.”
Another on-chain analyst, “Leave”, further explained to his 71,400 Twitter followers that the malicious signature was enabled by the Seaport Marketplace contract – the platform that powers OpenSea:
Kevin Rose lost $2m+ in assets just by signing an off-chain signature that listed all of his OpenSea approved assets at once.
Although a port is a powerful tool, it can also be dangerous if you don’t know how it works.
A bit of context 1/
– Quit (@0xQuit) January 25, 2023
Quit explained that the exploiters were able to set up a Phishing site that was able to view NFT assets. Kept in rose wallet.
The exploiter then sets up an order for all of Rose’s assets that are approved. OpenSea will then be transferred to the exploiter.
Rose then confirmed the malicious transaction, Quit noted.
Related: Bluechip NFT project Moonbirds has signed with Hollywood talent agents UTA.
Meanwhile, Fobar noted that most of the stolen assets were well above the floor value, meaning the amount stolen could be as high as $2 million.
The release stressed that OpenC users “need to run away” from any other website that prompts users to sign something that looks suspicious.
NFTs on the go
On-chain analyst “ZachXBT” shared a transaction map with his 350,300 Twitter followers, showing that the exploiter sent assets to FixedFloat — a crypto on the Bitcoin Layer-2 “Lightning Network.” Currency exchange.
The exploiter then transferred the money to Bitcoin. (BTC) And before depositing BTC into Bitcoin Mixer:
Three hours ago Kevin was phished in $1.4m+ worth of NFTs. Earlier today the same scammer stole 75 ETH from another victim.
Mapping this out we can see a clear trend of sending the stolen funds to fixed float and exchanging them for BTC before depositing them in the Bitcoin mixer. https://t.co/2yrFpfYttT pic.twitter.com/ZlywPYydwx
— ZachXBT (@zachxbt) January 25, 2023
Crypto Twitter member “DigentraLand” told his 67,000 Twitter followers that it was the “saddest thing” he’s seen in the cryptocurrency space, adding that if someone backs down from such a devastating exploit, So, “this is it”:
Saddest thing I’ve seen in crypto to [email protected] took out the wallet.
If anyone can come back from this, it’s him. pic.twitter.com/HZysg34qji
— Degentraland (@Degentraland) January 25, 2023
Meanwhile, Bankless founder Ryan Sean Adams was furious at the ease with which Rose could be exploited. In January 25 tweet, Adams urged front-end engineers to raise their game and improve the user experience (UX) to prevent such scams from occurring.
#Moonbirds #creator #Kevin #Rose #lost #1.1M #NFTs #wrong #move
