• Moonbirds NFT creator, Kevin Rose, lost $1.1 million worth of tokens due to a phishing attack.
• Arran Schlosberg, the vice president of Proof Collective, provides an insight into how the hacker managed to seize control over the businessman’s NFT collection.
• The two Proof Collective executives immediately used the Revoke.cash preventative tool in an attempt to clear approvals, however it was too late and the tokens were bulk transferred to the hacker.
Kevin Rose, the co-founder of Moonbirds non-fungible tokens (NFTs) and the CEO of Proof Collective, recently fell victim to a devastating phishing attack which resulted in the loss of $1.1 million worth of tokens. The stolen NFTs included The Currency artwork by popular British artist Damien Hirst, one Autoglyph, 25 Art Blocks, one Cool Cat, as well as nine OnChainMonkey tokens, among others.
The attack came to light when Rose tweeted “I was just hacked, stay tuned for details – please avoid buying any squiggles until we get them flagged (just lost 25) + a few other NFTs (an autoglyph)”. In response, Arran Schlosberg, the vice president of Proof Collective, tweeted a thread providing insight into the attack.
According to Schlosberg, Rose had been “phished into signing a malicious signature that allowed the hacker to transfer a large number of high-value tokens”. The attack was “a classic piece of social engineering, tricking KRO into a false sense of security”. The only aspect of the hack that was technical was the crafting of signatures accepted by OpenSea’s marketplace contract.
After Rose and Schlosberg realised what had happened, the two Proof Collective executives immediately used the Revoke.cash preventative tool to clear approvals, however it was too late and the tokens had already been transferred to the hacker. Despite the attack, Schlosberg assured that assets owned by Proof Collective were unaffected and not at risk.
The attack was a big blow to Rose and Proof Collective and has caused a stir in the NFT community. It serves as a reminder of the importance of security, and the need to be extra cautious when dealing with digital assets.