Moonbirds Creator Kevin Rose Loses $1M in NFTs in a Phishing Attack

The hack was first reported on Wednesday, January 25^th, by a Twitter user CirrusNFT. Kevin Rose confirmed the incident a little later. He wrote:

“I was just hacked; stay tuned for details – please avoid buying any squiggles until we get them flagged (just lost 25) + a few other NFTs (an autoglyph).”

It looks like @kevinrose wallet was just compromised…

Millions and millions in NFTs drained… pic.twitter.com/GjK2gdHbmU

— Cirrus (@CirrusNFT) January 25, 2023

Hacker Siphons off 40 NFTs Worth $1.1M

Kevin Rose co-founded the NFT platform PROOF, which hosts the famous Moonbirds collection. On Wednesday, he became the victim of a phishing attack that resulted in the theft of his personal NFTs collection from his krovault.eth wallet.

According to Arran Schlosberg, vice president of PROOF, Kevin was “phished into signing a malicious signature that allowed the hacker to transfer a large number of high-value tokens.” This malicious signature approved an OpenSea contract that allowed the hacker to move all his NFTs from the compromised wallet. Arran noted that all the assets owned by PROOF are safe.

0/ Earlier this evening @kevinrose was phished into signing a malicious signature that allowed the hacker to transfer a large number of high-value tokens. Here is a breakdown of what happened, our immediate response, and our ongoing efforts…

— Arran (@divergencearran) January 25, 2023

According to the estimates circulating on Twitter, the hacker was able to get away with 40 NFTs. An analyst Arkham said that the attacker extracted one Autoglyph worth 345ETH, 25 art blocks called Chromie Squiggle worth 332.5ETH, 9 On-chain Monkeys worth 7.2ETH, and some Cool Cats.

Estimates calculate the total stolen amount to be around $1.1 million. A Twitter user, foobar, said the stolen amount could be as high as $2 million as the stolen assets were well above the floor price. However, Kevin Rose saved some of his most valuable assets, including a Zombie CryptoPunk, as they were placed in a separate vault.

Foobar wrote:

“be super careful when signing anything, even offchain signatures. Kevin rose just had ~$2 million worth of NFTs drained from his vault from signing one malicious seaport bundle. Thankfully a couple of things held back, like the punk zombie (1000 ETH), which can’t be traded on OS.”

According to a blockchain sleuth, ZachXBT, the stolen assets are on the move. The hacker sent the assets to FixedFloat, an exchange on the Bitcoin Lightning Network, and swapped them into Bitcoin (BTC). He then moved the assets into a Bitcoin mixer to break the trail.

Three hours ago Kevin was phished for $1.4m+ worth of NFTs. Earlier today the same scammer stole 75 ETH from another victim.

Mapping this out we can see a clear trend of sending the stolen funds to FixedFloat and swapping for BTC before depositing to a bitcoin mixer. https://t.co/2yrFpfYttT pic.twitter.com/ZlywPYydwx

— ZachXBT (@zachxbt) January 25, 2023

The community is expressing its concerns as even the most sophisticated person in the industry are being stolen. As blockchain Journal reported, Bitcoin core developer Luke Dashjr lost almost all his Bitcoin assets (200+ BTC) in a hack on the first of 2023.