On Wednesday, Kevin Rose, the co-founder of the Proof-owned Moonbirds NFT collection, fell victim to a phishing exploit, leading to a loss of NFTs worth thousands of dollars.
40 NFTs were allegedly stolen from Rose’s krovault.eth wallet, including 25 Chromie Squiggles from the Art Blocks project and a valuable Autoglyphs NFT from the creator of CryptoPunks, Larva Labs. Rose confirmed the incident on Twitter shortly after rumors began to spread on the platform.
The value of the assets is estimated to be over $1 million. Chromie Squiggles is currently trading at a floor price of 13.3 ETH, or approx $20,700. An Autoglyphs NFT would cost someone 315 ETH, or approx $491,000.
How it went down
According to Proof VP of Engineering Arran Schlosberg, the hack was a phishing attack that tricked Rose into signing a malicious contract.
“This was a classic piece of social engineering, tricking KRO into a false sense of security. The technical aspect of the hack was limited to crafting signatures accepted by OpenSea’s marketplace contract,” wrote Schlosberg.
He also confirmed that none of the assets owned by Proof were affected since most require multiple signatures for access. Currently, his team is working closely with the anti-fraud teams from OpenSea and cold wallet provider Ledger while considering other avenues, including legal.
Meanwhile, OpenSea has flagged the stolen assets, which means they can no longer be traded on the platform. However, the NFTs can still be sold on other marketplaces.
Following the attack, Pseudonymous blockchain slueth ZachXBT reported that the same wallet allegedly stole 75 ETH from another victim.
Rose’s hack is one of many recent high-profile attacks that have targeted well-known figures in the Web3 community. This month alone, Nikhil Gopalani, the COO of RTFKT, an NFT project owned by Nike, and CryptoNovo, a prominent NFT collector, fell victim to scammers, losing several high-value NFTs.