Kevin Rose, a notable figure in the nonfundible token (NFT) industry, has been exploited for at least $1.1 million from a phishing attack.
In a phishing fraud, Kevin Rose, a co-creator of the NFT collection Moonbirds, had personal NFTs valued over $1.09 million USD stolen.
A “great effort of social engineering,” according to the con. In order to transmit a substantial number of high-value NFTs, the hacker fooled Rose into signing a fraudulent signature.
Other high-volume Web 3.0 statistics have also been abused in recent months, and over $3B was reportedly stolen in 2022 alone. This phishing scheme is not the first one to have been reported in recent months.
According to a third-party investigation from Arkham, Kevin “KRO” Rose, a co-creator of the NFT collection Moonbirds, had personal NFTs valued over $1.09 million stolen in a phishing scheme. On January 25, 2023, the CEO of PROOF posted a tweet regarding the scam and urged his 1.6 million Twitter followers to hold off on purchasing Chromie Squiggles NFTs until the tokens were reported.
Rose’s biggest NFT losses, according to Arkham’s study, were one Autoglyph (345 ETH, or about 54,600 USD), 25 Art Blocks (332,5 ETH, or about 52,679 USD), and nine On-chain Monkeys (7.2 ETH or 11,400 USD). According to reports, the hacker packaged the NFTs and sold them “in a single transaction” to an outside account.
The hacker would have made $702.77 ETH, or $1.09M, if they were successful in selling all of the stolen NFTs at the floor price of their respective collections, according to Arkham.
Rose was able to transfer his remaining valuable assets into his main wallet shortly after the phishing scam, including two CryptoPunks (1200 ETH worth roughly 190,150 USD), two XCOPY artworks (500 ETH each, or 79,229 USD), one Robbie Barrat artwork (335 ETH each, or 530,097 USD), one Fidenza (87 ETH OR 137,896 USD), and one Ringers (59 ETH or 93,522 USD).
Since then, Rose has written about the scam, posting three tweets that resemble obituaries in memory of his beloved Chromie Squiggles and expressing his “going to miss” for Chromie Squiggle #8467 in particular.
He expresses his gratitude to his community for getting in touch with him and being “very helpful” in a tweet on January 26th, 2023:
According to Arran Schlosberg, VP of Engineering at PROOF, the cautionary tale was a “classic piece of social engineering.”
How Did the Fraud Operate?
Kevin Rose was “phished into signing a fraudulent signature,” according to Schlosberg, enabling the hacker to transmit lots of high-value NFTs.
He also said that the technical aspects of the breach were “limited to generating signatures recognized by OpenSea’s marketplace contract,” which gave Rose a “false sense of security.”
According to crypto specialists, Rose approved the contract, which permitted the transfer of all of his NFTs and was consequently susceptible to a single bad signature.
The Seaport marketplace contract, which powers OpenSea, enabled the malicious signature, according to on-chain analyst “Quit.” He cautioned OpenSea users to stay away from any dubious-looking websites that request their signature.
Not the first prominent Web 3.0 personality to be misused in recent months is Kevin Rose.
A Long List of Frauds
Hacks and exploits in the cryptocurrency sector have been widespread; it is estimated that $3 billion was stolen in 2022 alone. Following a string of related incidents, Kevin Rose has become the latest victim.
Blue-chip non-fungible tokens and priceless digital assets were stolen from NFT GOD’s personal and business accounts on January 14th, 2023, according to the well-known NFT influencer and writer. According to reports, his whole cryptocurrency wallet was stolen as a result of a phishing fraud on Google Ads.
A well-known NFT collector named CryptoNovo announced that he had been hacked on January 4th, 2023. In the first 16 hours after taking control of CryptoNovo’s Discord account and cryptocurrency wallet, the attacker sold ten NFTs for a total of 492.66 ETH, or around $789999.43 at the time of writing.
Another victim of a string of phishing incidents was Nikhil Gopalani. On January 3, 2023, the CTO of RTFKT revealed that he had been hacked and that the “smart phisher” had auctioned off 19 of his CloneX NFTs, which were apparently worth more than $140,000.
The hacks and frauds that seem to be happening all the time in the crypto ecosystem are really being handled with more care and following security rules. All NFT investors and collectors should be reminded that extra caution must be used while dealing with digital assets.
On the other hand
It is still unknown what Rose signed when the hacker had access to the expensive tokens.
Web 3.0 public figures, NFT owners, and cryptocurrency traders need to be more watchful about fraud and use tools that can help them.
Why It’s Important
Phishing attempts can be avoided by constantly double-checking the legitimacy of the website or email by examining the URL and sender’s details. Never enter personal information or click on links unless you are confident in the validity of the source.