Recently we wrote about NFT project Moonbirds signing Hollywood-based talent agency – UTA to grow the brand beyond the Web3 native audience. And now Kevin Rose, CEO and co-founder of NFT collective Proof, tweeted on January 25 that he had fallen victim to a phishing scam leading to more than $1 million worth of his personal NFTs stolen.
The exploiter extracted at least one Autoglyph, which has a floor price of 345 ETH; 25 Chromie Squiggles — worth at least a total of 332.5 ETH; and 9 OnChainMonkey items, worth at least 7.2 ETH. In total, at least 684.7 ETH ($1.1 million) was stolen. Right after the incident Rose asked his Twitter followers to avoid buying any Squiggles NFTs until his team managed to get them flagged as stolen.
Public wallet data displayed via the OpenSea marketplace shows that Rose apparently began transferring some of his most valuable NFTs from one wallet to another soon after the attack ceased. The stolen assets have since been flagged by OpenSea, which means that they cannot currently be sold on that particular marketplace, but the exploiter can try and sell them on other platforms.
The day after the attack Proof VP of Engineering Arran Schlosberg published a series of tweets about how Rose got hacked. Schlosberg added that assets owned by PROOF were "unaffected and not at risk," because they require multiple signatures to move.
0/ Earlier this evening @kevinrose was phished into signing a malicious signature that allowed the hacker to transfer a large number of high-value tokens. Here is a breakdown of what happened, our immediate response, and our ongoing efforts…
— Arran (@divergencearran) January 25, 2023
ZachXBT tweeted that the same wallet that fleeced Rose also stole 75 ETH (about $121,000 worth) from another victim a day earlier. They wrote that the attacker converted the stolen ETH into BTC and then put it through a coin mixer service to obscure the movement of the funds.
Bankless founder Ryan Sean Adams was shocked with the ease at which Rose was able to be exploited. He urged front-end engineers to pick up their game and improve UX to prevent such scams from taking place.
The Web3 world, and NFTs in particular are very prone to scams and hacks. In 2022 crypto markets witnessed 167 major security incidents that resulted in over $13.7 billion in losses. So, all investors should be extra careful when performing any transactions. We continue to observe.
