- Kevin Rose, a co-creator of the NFT collection Moonbirds, had over $1.09 million USD worth of his personal NFTs stolen in a phishing scam.
- The scam was a “classic piece of social engineering.” The hacker tricked Rose into signing a malicious signature, allowing the hacker to transfer a sizable number of high-value NFTs.
- This is not the only phishing scam in recent months, as other high-volume Web 3.0 figures have also been exploited, and over $3B was reportedly stolen in 2022 alone.
Kevin “KRO” Rose, a co-creator of the NFT collection Moonbirds, had over $1.09 million worth of his personal NFTs stolen in a phishing scam, according to an independent analysis from Arkham. The PROOF CEO tweeted about the scam on January 25th, 2023, urging his follower base of 1.6M Twitter users to avoid buying Chromie Squiggles NFTs until the tokens were flagged.
I was just hacked, stay tuned for details - please avoid buying any squiggles until we get them flagged (just lost 25) + a few other NFTs (an autoglyph) ...— KΞVIN R◎SE (,🦉) (@kevinrose) January 25, 2023
Arkham’s analysis revealed that Rose’s biggest NFT losses included one Autoglyph (345 ETH worth approximately 54,600 USD), 25 Art Blocks (332,5 ETH or 52,679 USD), and nine On-chain Monkeys (7.2 ETH or 11,400 USD). The hacker reportedly bundled the NFTs and sold them to an external account “in a single transaction.”
According to Arkham, if the hacker managed to sell all the stolen NFTs at the floor price of their relative collections, “the hacker will have gained 702.77 ETH, or $1.09M.”
Shortly after the phishing scam, Rose was able to move his remaining valuable assets into his main wallet, which included two CryptoPunks (1200 ETH worth approximately 190,150 USD), two XCOPY artworks (500 ETH or 79,229 USD), one Robbie Barrat artwork (335 ETH or 530,097 USD), one Fidenza (87 ETH OR 137,896 USD), and one Ringers (59 ETH or 93,522 USD).
Rose has since published discussions of the scam, including three obituary-like tweets in remembrance of his beloved Chromie Squiggles, stating that he was “going to miss” Chromie Squiggle #8467 in particular.
A tweet on January 26th, 2023, displays his gratitude toward his community for reaching out to him and being “so helpful:”
THANK YOU, to everyone that reached out. @opensea - thank you, @iancr and the team at @Ledger, so helpful. Also, my team @divergencearran @divergenceharri @cxkoda for jumping on this in real-time. 🙏— KΞVIN R◎SE (,🦉) (@kevinrose) January 25, 2023
The cautionary tale was a “classic piece of social engineering,” as described by Arran Schlosberg, VP of Engineering at PROOF.
How Did the Scam Play Out?
Schlosberg wrote that Kevin Rose was “phished into signing a malicious signature,” allowing the hacker to transfer many high-value NFTs.
1/ This was a classic piece of social engineering, tricking KRO into a false sense of security. The technical aspect of the hack was limited to crafting signatures accepted by OpenSea's marketplace contract.— Arran (@divergencearran) January 25, 2023
He further reported that Rose was tricked into a “false sense of security,” and the technicalities of the hack were “limited to crafting signatures accepted by OpenSea’s marketplace contract.”
Crypto analysts have explained that Rose approved the contract, which allowed for the movement of all of his NFTs, and was therefore vulnerable to a single malicious signature.
On-chain analyst “Quit” noted that the Seaport marketplace contract enabled the malicious signature, which powers OpenSea. He advised OpenSea users to avoid any suspicious-looking websites that prompt them to sign something.
Kevin Rose is not the first high-volume Web 3.0 figure exploited in recent months.
A Series of Scams
The crypto industry has been rampant with hacks and exploits, with over $3B reportedly stolen in 2022 alone. Kevin Rose has been the next victim of a series of similar cases.
On January 14th, 2023, NFT GOD, a well-known NFT influencer and blogger, reported that his personal and professional accounts were compromised, leading to the theft of his blue-chip non-fungible tokens and valuable digital assets. A phishing scam on Google Ads reportedly led to the breach and loss of his entire crypto wallet.
On January 4th, 2023, a prominent NFT collector, CryptoNovo, tweeted that he had fallen victim to a hack. The attacker took over CryptoNovo’s Discord account and crypto wallet, selling ten NFTs within the first 16 hours to the value of 492.66ETH or approximately $789999.43 at the time of writing.
Nikhil Gopalani was another victim in a series of phishing events. The CTO of RTFKT announced that he was hacked on January 3rd, 2023, and the “clever phisher” sold off 19 of his CloneX NFTs, reportedly worth upward of $140,000.
The crypto ecosystem appears to be in a continuous cycle of hacks and scams, but as each incident is addressed with more diligence and security protocols, the industry’s resilience increases. It’s a good reminder to all NFT investors and collectors that extra caution must be taken when transacting digital assets.
On the Flipside
- The nature of what Rose signed when the hacker gained access to the high-value tokens remains undisclosed.
- Public Web 3.0 figures, NFT holders, and crypto traders must be extra vigilant for scams and utilize tools that aid them in this regard.
Why You Should Care
Avoid phishing attacks by always double-checking the authenticity of the website or email by verifying the URL and sender’s information. Never click on links or enter personal information unless you are certain of the source’s legitimacy.
Read more about recent hacks and scams in the crypto industry:
6 Most Dramatic Pump and Dump Scams in Crypto History
Read more about Alchemy’s Transaction Simulation tool to prevent crypto scams:
Transaction Simulation by Alchemy Devs – A Solution to Crypto Scams?