Moonbirds creator Kevin Rose lost $1.1M+ in NFTs after 1 wrong move.

Kevin Rose, co-founder of non-fungible token (NFT) collection Moonbirds, has been the victim of a scam that resulted in the theft of over $1.1 million worth of his personal NFTs.

The NFT creator and co-founder of PROOF shared the news with his 1.6 million Twitter followers on January 25, asking them to avoid buying any Squiggles NFTs unless he marked them as stolen. Do not manage to kill.

“Thank you for all the kind, supportive words. Full debrief coming,” he added shared In a separate tweet about two hours later.

It is understood that Rose’s NFTs were terminated after signing a malicious signature that transferred a significant portion of her NFT assets to the exploiter.

A free Analysis Arkham found that the exploiter had extracted at least one Autoglyph (345 ETH), 25 Art Blocks — also known as Chromie Squiggle — (332.5 ETH) and nine OnChainMonkey items (7.2 ETH).

In total, at least 684.7 ETH ($1.1 million) were withdrawn.

How was Kevin Rose exploited?

While several independent reviews have been shared online, Arran Schlosberg, vice president of PROOF – the company behind Moonbirds – explained to his 9,500 Twitter followers that Rose was “tricked into signing in bad faith” which Due to Exploit to pass on a large number of tokens:

Crypto analyst “Fubar” further elaborated on the “technical aspect of the hack” in a separate post on January 25, explaining that Rose opened the door to transfer all of his NFTs every time Rose signed a transaction. Approved the C Marketplace Agreement.

He added that Rose was always “a malicious signature” away from an exploit:

The crypto-analyst said that Rose should have “sold” his NFT assets in a separate wallet instead:

“Listing to NFT markets before moving assets from your wallet to a separate “sell” wallet will prevent this.”

Another on-chain analyst, “Leave”, further explained to his 71,400 Twitter followers that the malicious signature was enabled by the Seaport Marketplace contract – the platform that powers OpenSea:

Quit explained that the exploiters were able to set up a Phishing site that was able to view NFT assets. Kept in rose wallet.

The exploiter then sets up an order for all of Rose’s assets that are approved. OpenSea will then be transferred to the exploiter.

Rose then confirmed the malicious transaction, Quit noted.

Related: Bluechip NFT project Moonbirds has signed with Hollywood talent agents UTA.

Meanwhile, Fobar noted that most of the stolen assets were well above the floor value, meaning the amount stolen could be as high as $2 million.

The release stressed that OpenC users “need to run away” from any other website that prompts users to sign something that looks suspicious.

NFTs on the go

On-chain analyst “ZachXBT” shared a transaction map with his 350,300 Twitter followers, showing that the exploiter sent assets to FixedFloat — a crypto on the Bitcoin Layer-2 “Lightning Network.” Currency exchange.

The exploiter then transferred the money to Bitcoin. (BTC) And before depositing BTC into Bitcoin Mixer:

Crypto Twitter member “DigentraLand” told his 67,000 Twitter followers that it was the “saddest thing” he’s seen in the cryptocurrency space, adding that if someone backs down from such a devastating exploit, So, “this is it”:

Meanwhile, Bankless founder Ryan Sean Adams was furious at the ease with which Rose could be exploited. In January 25 tweet, Adams urged front-end engineers to raise their game and improve the user experience (UX) to prevent such scams from occurring.