Kevin Rose, founder of the NFT collection Moonbirds, had his personal wallet hacked on January 25th, exfiltrating millions of dollars worth of NFTs.
The founder of the PROOF collective sent out a tweet to its 1.6 million followers promising to investigate the matter. This is associated with the malicious signature Rose given to the attacker via OpenSea’s Seaport protocol.
Introduced by OpenSea in May 2022, Seaport is an open-source Web3 protocol that claims to be “focused on the security and efficiency of transactions.” Developed in the Solidity Assembly language, Seaport allows various functions to run on the Ethereum blockchain. This includes order fulfillment, tip payments, advanced filtering capabilities, and elimination of redundant transfers.
According to Rose, he was targeted using a classic case of social engineering known as a phishing attack. Source — in this case OpenSea.
The attackers successfully leveraged 40 assets, including notable NFTs from projects such as Cool Cats, OnChainMonkeys, Chromie Squiggles, Autoglyphs, QQL Mint Pass, and Admit One Pass. Several of them have been resold in recent days, including his Chromie Squiggle, one of which belongs to Rose sold for 22 WETH despite being flagged for theft and reported as such to OpenSea it was done.
This is not the first time a prominent Web3 builder has been targeted by signing a malicious transaction that was subsequently validated by OpenSea’s Marketplace Agreement.Three weeks ago, a thief Breaking away from RTFKT COO NFTs Worth $170,000 stolen in a phishing attack. And three months ago, a scammer named Monkey Drainer targeted victims with deceptive phishing techniques to get an NFT worth over $3.5 million.
Phishing attacks are becoming an increasingly common problem. In Q2 2022, phishing attacks increased by 170% compared to Q1. report By blockchain security company Certik.