Published on: 26/01/2023

Moonbirds co-founder loses over $1M worth of NFTs in phishing scam

Kevin Rose, a co-founder of Moonbirds, said Wednesday afternoon that his Ethereum wallet had been hacked and valuable items worth more than $1 million had been stolen.

Approximately 25 Chromie Squiggles from the Art Blocks project and a valuable Autoglyphs NFT from the original CryptoPunks creator, Larva Labs, were among the 40 NFTs stolen from his krovault.eth wallet.

He confirmed the hack on Twitter, saying, “Stay tuned for details.” He also warned his followers to avoid purchasing Squiggles for the moment. About two hours later, he tweeted again to express his gratitude for the outpouring of support.

After the attack, Rose moved some of his most valuable NFTs from the krovault.eth wallet. These include works of XCOPY and CryptoPunks.

OpenSea has since flagged the stolen assets, rendering them unmarketable on the site. However, according to decrypt.co, this in no way prevents the NFTs from being traded or sold on another marketplace.

Per the Etherscan link, the 40 assets that were extracted are one Autoglyph, 25 Chromie Squiggles, one QQL Mint Pass, one Admit One pass from gmoney, one Cool Cat NFT, one The Currency NFT by Damian Hirst, one Quantum Key and a few OnChainMonkeys.

The hacker snatched at least a million dollar worth of NFTs, based on the current floor price or the cheapest listed NFT from the most notable collections. However, some of the stolen NFTs may have a value much higher than the floor price.

For instance, the current floor price of a single Chromie Squiggle is 13.3 ETH or equivalent to about $20,715. Right now, on OpenSea, an Autoglyph would cost 315 ETH or roughly $491,000 in today’s currency exchange rates.

How the hack happened

A thread published by PROOF VP of Engineering Arran “divergencearran” Schlosberg said that a phishing attack duped Rose into signing a malicious signature, which the hacker then used to “transfer a large number of high-value tokens.”

He explained that the scheme was a classic example of social engineering because it had tricked Rose into feeling safe when he wasn’t. Schlosberg added that “the technical aspect of the hack was limited” to creating signatures acceptable by the OpenSea marketplace contract.

After the team found out what had happened, they tried to use Revoke Cash to prevent further theft. However, the hacker had already transferred many tokens from Rose’s wallet.

Schlosberg further clarified that PROOF’s assets were unaffected and that Rose and their team “are considering all avenues, including legal.” This meant they had communicated with OpenSea’s anti-fraud team and the team at Ledger, a manufacturer of hardware wallets.

A crypto analyst, “0xfoobar,” commented on the “technical aspect of the hack.” They said Rose had authorized a contract on the OpenSea marketplace to move all his NFTs,

They recommended that everyone transfer their assets out of the vault and into a dedicated “selling” wallet before listing on NFT marketplaces to avoid a similar hack.

Another on-chain expert going by the pseudonym “0xQuit” suggested OpenSea users “run away” from any website that pressures them to sign something unfamiliar.

According to a transaction map posted to Twitter by on-chain analyst ZachXBT, the stolen assets were sent to FixedFloat, a cryptocurrency exchange on the Bitcoin layer 2 Lightning Network. After that, the hacker converted the money into Bitcoin $BTC and put it into a Bitcoin mixer.

Crypto community’s reactions

Commenting on Twitter, Degentraland said it was the “saddest” thing they had seen in the crypto world to date before adding, “if anyone can come back from such a devastating exploit, it’s him.”

Meanwhile, Bankless co-founder Ryan Sean Adams was fuming at how easily Rose had been exploited. Adams tweeted that the best way to reduce the pervasiveness of scams like these is for front-end engineers to up their game and improve their user experience (UX).

Rose was the most recent victim of a series of high-profile hacks against prominent members of the Web3 community.

RTFKT COO Nikhil Gopalani and NFT collector CryptoNovo had both earlier fallen victim to scammers, losing NFTs worth hundreds of thousands of dollars.