Kevin Rose, founder of NFT coin project Moonbirds, was the victim of a phishing scam that resulted in the theft of his personal NFT worth approximately $1.1 million. These NFTs are now in the hackers’ wallet…
Kevin Rose shaken by NFT coin hack worth over $1.1M
The Moonbirds founder reported that his personal NFTs worth over $1.1 million were stolen from his Twitter account last night. Rose then asked the community not to purchase any Squiggles NFTs until the project team flagged the NFTs as stolen.
According to the January 25 tweet, the stolen NFTs include 25 Chromie Squiggles and an Autoglyph NFT.
I was just hacked, stay tuned for details – please avoid buying any squiggles until we get them flagged (just lost 25) + a few other NFTs (an autoglyph) …
— KΞVIN R◎SE (🪹,🦉) (@kevinrose) January 25, 2023
An independent analysis from Arkham has found that hackers have hijacked at least one Autoglyph NFT with a base price of 345 ETH. Also, 25 Art Blocks, also known as Chromie Squiggles, with a minimum total of 332.5 ETH; and nine OnChainMonkey NFTs worth at least 7.2 ETH have been seized.
In the past hour: Kevin Rose's NFT vault wallet has just been drained, with $1.09M in NFT's taken.
Biggest losses include the following NFT's:
1 Autoglyph – 345 ETH
25 Art Blocks (Chromie Squiggle) – 332.5 ETH
9 On-chain Monkeys – 7.2 ETH pic.twitter.com/udGhNHvWQg— Arkham (@ArkhamIntel) January 25, 2023
How was Kevin Rose hacked?
While several independent on-chain studies have tried to shed light on the hack, Arran Schlosberg, vice president of PROOF, the company behind Moonbirds, reported to his 9,500 Twitter followers that Rose “was defrauded while signing a malicious signature” and that hackers had hijacked multiple NFTs:
Kevin Rose fell victim to a phishing earlier this evening in which the hacker signed a malicious signature that allowed him to transfer large numbers of high-value tokens.
0/ Earlier this evening @kevinrose was phished into signing a malicious signature that allowed the hacker to transfer a large number of high-value tokens. Here is a breakdown of what happened, our immediate response, and our ongoing efforts…
— Arran (@divergencearran) January 25, 2023
Crypto analyst “foobar” further detailed the “technical aspect of hacking” in a separate post on Jan. He added that Rose has always been a “malicious signature” away from a hacking attempt:
Be very careful when signing anything, even off-chain signatures. Kevin Rose had ~$2 million worth of NFT stolen from his safe due to signing a malicious contract. Fortunately a few things are left behind like the punk zombie (1000 ETH) that cannot be traded in the operating system
be super careful when signing anything, even offchain signatures. kevin rose just had ~$2 million worth of NFTs drained from his vault from signing one malicious seaport bundle. thankfully a couple things held back, like the punk zombie (1000 ETH) which can't be traded on OS pic.twitter.com/GXHR3NQHLf
— foobar (@0xfoobar) January 25, 2023
Large amount of NFT coins on the move
On-chain analyst ZachXBT shared a transaction map with his 350,300 Twitter followers showing that the hacks sent NFTs to FixedFloat, a cryptocurrency exchange platform on the Bitcoin Layer 2 Lightning Network. Based on the transaction records, the hackers then converted the funds to Bitcoin (BTC) and deposited the BTC into a Bitcoin mixer.
Three hours ago Kevin was phished for $1.4m+ worth of NFTs. Earlier today the same scammer stole 75 ETH from another victim.
Mapping this out we can see a clear trend of sending the stolen funds to FixedFloat and swapping for BTC before depositing to a bitcoin mixer. https://t.co/2yrFpfYttT pic.twitter.com/ZlywPYydwx
— ZachXBT (@zachxbt) January 25, 2023
On Twitter, Degentraland said the attack was “the saddest thing” the cryptocurrency market has ever seen, adding that if anyone can come back from such a devastating hack, “that person” is Kevin Rose.
Saddest thing I've seen in crypto to date.@kevinrose wallet drained.
If anyone can come back from this, it's him. pic.twitter.com/HZysg34qji
— Degentraland (@Degentraland) January 25, 2023
cryptocoin.comWe have reported the hacking incident that occurred in the CryptoPunks collection in the first week of the new year.
