Moonbirds creator Kevin Rose loses $1.1M+ in NFTs after 1 wrong move

Kevin Rose, co-founder of the non-fungible token (NFT) collection Moonbirds, fell victim to a phishing scam that stole over $1.1 million worth of his personal NFTs.

The NFT creator and PROOF co-founder shared the news with his 1.6 million Twitter followers on Jan. 25, urging them not to buy Squiggles NFTs until his team flags them as stolen. I asked.

“Thanks for all the kind and supportive words. Full report coming,” he said share In another tweet about two hours later.

It is understood that Rose’s NFTs were exfiltrated after approving malicious signatures that transferred a significant portion of Rose’s NFT assets to abusers.

Independent analysis From Arkham, we know that exploiters have extracted at least one Autoglyph with a floor price of 345 ETH. The 25 art blocks (also known as Chromie Squiggles) are worth at least 332.5 ETH in total. 9 OnChainMonkey items worth at least 7.2 Ether.

In total, at least 684.7 ETH ($1.1 million) was extracted.

How Kevin Rose was exploited

While several independent on-chain analyzes have been shared, Arran Schlosberg, vice president of PROOF, the company behind Moonbirds, told his 9,500 Twitter followers that Rose was “a malicious signature. I was tricked into signing it.” Exploiters transferring large amounts of tokens:

Crypto analyst “foobar” further elaborated on the “technical side of the hack” in another post on Jan. 25, stating that the OpenSea marketplace contract that moves all NFTs every time Rose signs a transaction. explained that it has approved

He added that Rose has always been “one malicious signature” away from exploits.

Crypto analysts said Rose should have instead “siloed” NFT assets into separate wallets.

“You can prevent this by moving assets out of vault to a separate ‘sale’ wallet before listing on the NFT marketplace. ”

Another on-chain analyst, “Quit,” told his 71,400 Twitter followers that malicious signatures were made possible by Seaport marketplace contracts, the platform that powers OpenSea.

Quit helps exploiters Phishing sites that were able to view NFT assets It’s in Rose’s purse.

The exploiters then set orders to transfer all of Rose’s assets to themselves. Approved by OpenSea.

Rose then verified the malicious transaction, Quit said.

Related: Bluechip NFT Project Moonbirds Signs With Hollywood Talent Agent UTA

foobar, on the other hand, pointed out that most of the stolen assets were well above the minimum price. That means he could have stolen as much as $2 million.

OpenSea users “need to stay away” from other websites that urge users to sign anything they deem questionable, Quit urged.

NFT in motion

On-chain analyst ZachXBT shared a transaction map to his 350,300 Twitter followers, showing that the abuser sent assets to FixedFloat, a cryptocurrency exchange on the Bitcoin Layer 2 Lightning Network. .

The exploiters then exchanged the funds for Bitcoin (Bitcoin) Deposit BTC into Bitcoin Mixer.

Crypto Twitter member Degentraland told his 67,000 Twitter followers that it was “the saddest thing” he had ever seen in the crypto industry, saying that someone would return from such a devastating exploit. If he could come, he added, “It’s him.”

Bankless founder Ryan Sean Adams, on the other hand, was furious that Rose was so easily abused. January 25th tweet, Adams urged front-end engineers to get their hands on the game and improve the user experience (UX) to avoid such scams.