On January 25, Kevin Rose, the co-founder of Proof Holdings, Inc., lost his personal NFTs worth over $1 million. The entrepreneur behind an exclusive community of creators and developers working on highly successful NFT collections such as Moonbirds, Grails, Emotes and Oddities, shared the shocking news with his Twitter community, which counts over 1.6 million followers. He urged the public to refrain from purchasing any Squiggles NFTs until they are flagged as stolen.
Arran Schlosberg, the vice president of engineering at Proof Holdings, Inc. explained the attack in his Twitter post:
“This was a classic piece of social engineering, tricking KRO into a false sense of security. The technical aspect of the hack was limited to crafting signatures accepted by OpenSea's marketplace contract.”
Read also: Moonbirds and Oddities move to the CC0 public license
Put it simply, Rose was tricked into approving a signature that allowed a scammer to make an NFT transfer. One possible explanation is that the attacker viewed Rose's NFTs through a phishing website and then enabled the transfer of assets that were approved on OpenSea by setting up an order.
Schlosberg also mentioned an unsuccessful attempt to recover funds via Revoke.cash, a popular browser extension designed to mitigate the damage caused by crypto phishing scams and help users prevent them whenever possible. Unfortunately, by the time suspicions of the scam arose, the transfer of tokens had already been completed.
Arkham Intelligence, a data analytics company, has shared the results of its own investigation, which indicated that digital collectibles lost to scammer were worth at least 684.7 ETH, which is equivalent to about $1.1 million at press time. The list of stolen assets includes nine OnChainMonkey NFTs worth at least 7.2 ETH, 25 Art Blocks (aka Chromie Squiggles) worth 332.5 ETH and at least one Autoglyph. The last one is the most expensive NFT among the lost items, with a floor price at 345 ETH.
Fortunately, Rose was able to keep other valuable NFTs in his collection, including two CryptoPunks worth 1200 ETH, 2 XCOPY works worth 500 ETH as well as Robbie Barrat, Fidenza and Ringers worth a total of 481 ETH.
In another Twitter post, Arkham Intelligence recommended a hardware wallet as a safe place to store NFTs:
“Although this hack could have been far worse, we urge NFT aficionados to properly secure their assets with the appropriate level of security. A hardware wallet will often cost around $50 and can save you many hundreds of ETH.”
ZachXBT, a renowned on-chain crypto detective, suspects that the same exploiter had stolen 75 ETH from another person before the attack on Rose’s assets. In both cases, the assets were deposited to a bitcoin mixer after a transfer to FixedFloat and exchanged for BTC.
Moonbird collection
Moonbird is one of the most successful NFT collections launched in April 2022 by Proof Collective. Each of the 10,000 NFTs in the collection represents a pixelated owl with a unique combination of eight traits. Some of them also have “Legendary” feather types. The rarest pieces of the collection are featured by four exclusive body traits.
Read also: Axie Infinity, Moonbirds, Magic Eden under attack on Discord
At press time, the floor price for a single Moonbird artwork is 7.6531 ETH ($12,343.13). Altogether, the collection has 10,000 NFTs that are held by 6560 owners who are granted private club membership and extra benefits that depend on the “nesting” period or the time of keeping an NFT locked in the wallet.
