Moonbirds creator Kevin Rose loses $1.1M+ in NFTs after 1 wrong move

Published at: Jan. 26, 2023

Kevin Rose, the co-founder of the nonfungible token (NFT) collection Moonbirds, has fallen victim to a phishing scam leading to more than $1.1 million worth of his personal NFTs stolen.

The NFT creator and PROOF co-founder shared the news with his 1.6 million Twitter followers on Jan. 25 asking them to avoid buying any Squiggles NFTs until they manage to get them flagged as stolen.

I was just hacked, stay tuned for details - please avoid buying any squiggles until we get them flagged (just lost 25) + a few other NFTs (an autoglyph) ...

— KΞVIN R◎SE (,) (@kevinrose) January 25, 2023

“Thank you for all the kind, supportive words. Full debrief coming,” he then shared in a separate tweet about two hours later.

It is understood that Rose’s NFTs were drained after signing a malicious signature that transferred a significant proportion of his NFT assets to the exploiter.

GM – what a day!Today I was phished. Tomorrow we'll cover all the details live, as a cautionary tail, on twitter spaces. Here is how it went down, technically: https://t.co/DgBKF8qVBK

— KΞVIN R◎SE (,) (@kevinrose) January 25, 2023

An independent analysis from Arkham found that the exploiter extracted at least one Autoglyph (345 ETH), 25 Art Blocks — also known as Chromie Squiggle — (332.5 ETH) and nine OnChainMonkey items (7.2 ETH).

In total, at least 684.7 ETH ($1.1 million) was extracted.

How Kevin Rose got exploited

While several independent on-chain analyses have been shared, Vice President of PROOF — the company behind Moonbirds — Arran Schlosberg explained to his 9,500 Twitter followers that Rose “was phished into signing a malicious signature” which allowed the exploiter to transfer over a large number of tokens:

1/ This was a classic piece of social engineering, tricking KRO into a false sense of security. The technical aspect of the hack was limited to crafting signatures accepted by OpenSea's marketplace contract.

— Arran (@divergencearran) January 25, 2023

Crypto analyst “foobar” further elaborated on the “technical aspect of the hack” in a separate post on Jan. 25, explaining that Rose approved a OpenSea marketplace contract to move all of his NFTs whenever Rose signed transactions.

He added that Rose was always “one malicious signature” away from an exploit:

be super careful when signing anything, even offchain signatures. kevin rose just had ~$2 million worth of NFTs drained from his vault from signing one malicious seaport bundle. thankfully a couple things held back, like the punk zombie (1000 ETH) which can't be traded on OS pic.twitter.com/GXHR3NQHLf

— foobar (@0xfoobar) January 25, 2023

The crypto analyst said Rose should have instead been “siloing” his NFT assets in a separate wallet:

“Moving assets from your vault to a separate "selling" wallet before listing on NFT marketplaces will prevent this.”

Another on-chain analyst, “Quit” told his 71,400 Twitter followers further explained that malicious signature was enabled by the Seaport marketplace contract — the platform which powers OpenSea:

Kevin Rose was just lost $2m+ in assets by signing an off-chain signature that created a listing for all of his OpenSea approved assets in one go.While seaport is a powerful tool, it can also be dangerous if you're not aware of how it works.A bit of context 1/

— quit (@0xQuit) January 25, 2023

Quit explained that the exploiters were able to set up a phishing site that was able to view the NFT assets held in Rose’s wallet.

The exploiter then set up an order for all of Rose’s assets that are approved on OpenSea to then be transferred to the exploiter.

Rose then validated the malicious transaction, noted Quit. 

Related: Bluechip NFT project Moonbirds signs with Hollywood talent agents UTA

However, foobar added that most of the stolen assets were well above the floor price, which means that the amount stolen could be as high as $2 million.

Quit urged that OpenSea users “need to run away” from any other website that prompts users to sign something that looks suspicious.

NFTs on the move

On-chain analyst “ZachXBT” shared a transaction map to his 350,300 Twitter followers, which shows that the exploiter sent the assets to FixedFloat — a cryptocurrency exchange on the Bitcoin layer-2 “Lightning Network.”

The exploiter then transferred the funds into Bitcoin (BTC) and before depositing the BTC into a Bitcoin mixer:

Three hours ago Kevin was phished for $1.4m+ worth of NFTs. Earlier today the same scammer stole 75 ETH from another victim. Mapping this out we can see a clear trend of sending the stolen funds to FixedFloat and swapping for BTC before depositing to a bitcoin mixer. https://t.co/2yrFpfYttT pic.twitter.com/ZlywPYydwx

— ZachXBT (@zachxbt) January 25, 2023

Crypto Twitter member "Degentraland” told their 67,000 Twitter followers that it was the “saddest thing” they have seen in cryptocurrency space to date, adding that if anyone can come back from such a devastating exploit, “it’s him”:

Saddest thing I've seen in crypto to date.@kevinrose wallet drained.If anyone can come back from this, it's him. pic.twitter.com/HZysg34qji

— Degentraland (@Degentraland) January 25, 2023

Meanwhile, Bankless founder Ryan Sean Adams was enraged with the ease at which Rose was able to be exploited. In the Jan. 25 tweet, Adams urged front-end engineers to pick up their game and improve user experience (UX) to prevent such scams from taking place.

Tags
Nft
Related Posts
Google Ads-delivered malware drains NFT influencer’s entire crypto wallet
An NFT influencer claims to have lost “a life-changing amount” of their net worth in nonfungible tokens (NFTs) and crypto after accidentally downloading malicious software found in a Google Ad search result. The pseudo-anonymous influencer known on Twitter as “NFT God” posted a series of tweets on Jan. 14 describing how his “entire digital livelihood” came under attack including a compromise of his crypto wallet and multiple online accounts. Last night my entire digital livelihood was violated. Every account connected to me both personally and professionally was hacked and used to hurt others. Less importantly, I lost a life changing …
Blockchain / Jan. 16, 2023
Targeted phishing scam nets $438K in crypto and NFTs from hacked Beeple account
Digital artist and popular nonfungible token (NFT) creator Mike Winkelmann, more commonly known as Beeple, had his Twitter account hacked on Sunday as part of a phishing scam. Harry Denley, security analyst of MetaMask, alerted users that Beeple’s tweets at the time containing a link to a raffle of a Louis Vuitton NFT collaboration were, in fact, a phishing scam that would drain the crypto out of users’ wallets if clicked. ⚠️ Beeple's Twitter account has been compromised (ATO) to post a phishing website to steal funds. 0x7b69c4f2ACF77300025E49DbDbB65B068b2Fda7D 0xF305F6073CFa24f05FF15CA5b387DD91f871b983 pic.twitter.com/0MPNwOPlEu — harry.eth (whg.eth) (@sniko_) May 22, 2022 The scammers were …
Artists / May 23, 2022
Nifty News: Christie’s NFT expert to lead CryptoPunks, fake heiress launches NFT collection
Noah Davis, the nonfungible token (NFT) specialist at auction house Christie’s, has said he’s leaving the position in July to take up a post as brand lead for the CryptoPunks NFT collection with Yuga Labs. Announcing the move on Sunday in a Twitter thread, Davis looked to quash any anxieties holders had regarding the future of one of the oldest NFT projects, saying he “will not f*ck with the punks.” What does that mean? It means no Punks on lunchboxes or cringe TV shows/shitty movies. It means no arbitrary rushed utility or thoughtless airdrops. It means if you love your …
Nft / June 20, 2022
Crypto hacks are set to hit all-time highs in 2022, analyst explains
Reducing the amount of hacking by improving cybersecurity should be considered a top priority for the crypto industry, said Kim Grauer, director of research of blockchain intelligence firm Chainalysis. As pointed out by the firm, this year could outpace 2021 in terms of crypto stolen through hacks. The vast majority of these exploits have been targeting the field of decentralized finance. “This can't go on in the industry because people are going to lose faith in investing in DeFi platforms”, Grauer said in an interview with Cointelegraph. Unlike centralized exchanges, which have improved their resiliency to crypto hacks, decentralized protocols …
Blockchain / Oct. 19, 2022
'Haunts me to this day' — Crypto project hacked for $4M in a hotel lobby
The co-founder of Web3 metaverse game engine “Webaverse” has revealed they were victims of a $4 million crypto h after meeting with scammers posing as investors in a hotel lobby in Rome. The bizarre aspect of the story, according to co-founder Ahad Shams, is that the crypto was stolen from a newly set up Trust Wallet and that the hack took place during the meeting at some point. He claims the thieves could not have possibly seen the private key, nor was he connected to a public WiFi network at the time. The thieves were somehow able to gain access …
Nft / Feb. 7, 2023