Moonbirds Creator Kevin Rose Loses Over $1.1 Million in NFTs After 1 False Move

Related articles


Kevin Rose, the co-founder of non-fungible token (NFT) collection Moonbirds, was the victim of a phishing scam that stole over $1.1 million of his personal NFTs.

The NFT creator and co-founder of PROOF shared the news with his 1.6 million Twitter followers on January 25 asking them to avoid buying NFT Squiggles until they manage to get them. report as stolen.

“Thank you for all the kind words and support. Full debriefing to come,” he went on to say. share in a separate tweet about two hours later.

It is understood that Rose’s NFTs were drained after she signed a malicious signature that transferred a significant portion of her NFT assets to the exploiter.

an independent analysis from Arkham discovered that the miner had mined at least one autoglyph (345 ETH), 25 art blocks – also known as Chromie Squiggle – (332.5 ETH) and nine OnChainMonkey items (7.2 ETH ).

In total, at least 684.7 ETH ($1.1 million) has been mined.

How Kevin Rose was exploited

While several on-chain independent analyzes have been shared, the vice president of PROOF – the company behind Moonbirds – Arran Schlosberg explained to his 9,500 Twitter followers that Rose “was phished to sign a malicious signature” which allowed the ‘exploiter to transfer over a large number of tokens:

Crypto analyst “foobar” elaborated on the “technical side of the hack” in more detail in a separate post on Jan. 25, explaining that Rose approved an OpenSea market contract to move all of his NFTs whenever Rose signed trades. .

He added that Rose was still “a malicious signature away” from an exploit:

The crypto analyst said that Rose should have “segregated” her NFT assets in a separate wallet instead:

“Moving assets from your vault to a separate ‘sell’ wallet before listing them on NFT Markets will prevent this.”

Another analyst from the chain, “Quit”, told his 71,400 Twitter followers that a malicious signature was activated by the Seaport market contract – the platform that powers OpenSea:

Quit explained that the exploiters were able to set up a phishing site capable of viewing NFT assets held in Rose’s wallet.

The operator then put in place an order for all of Rose’s assets that are approved on OpenSea and then transferred to the operator.

Rose then validated the malicious transaction, noted Quit.

Related: Bluechip NFT Moonbirds Project Signs With Hollywood Talent Agents UTA

Meanwhile, foobar noted that most of the stolen assets were well above the price floor, meaning the amount stolen could be as high as $2 million.

Quit insisted that OpenSea users “must steer clear” of any other website that prompts users to sign something that looks suspicious.

NFTs in motion

On-chain analyst ‘ZachXBT’ has shared a map of the transactions with his 350,300 Twitter followers, which shows that the exploiter sent the assets to FixedFloat – a cryptocurrency exchange on the layer’s ‘Lightning Network’ 2 of Bitcoin.

The exploiter then transferred the funds into Bitcoin (BTC) and before depositing the BTC into a Bitcoin mixer:

Crypto Twitter member “Degentraland” told his 67,000 Twitter followers that it was the “sadest thing” they had seen in the cryptocurrency space to date, adding that if anyone one can come back from such a devastating feat, “it’s him”:

Meanwhile, Bankless founder Ryan Sean Adams was furious at how easily Rose could be exploited. In January 25 Tweeter, Adams urged front-end engineers to get back to their game and improve user experience (UX) to prevent such scams from happening.