{"id":543722,"date":"2023-01-26T05:15:40","date_gmt":"2023-01-26T02:15:40","guid":{"rendered":"https:\/\/en.buradabiliyorum.com\/moonbirds-creator-kevin-rose-loses-1-1m-in-nfts-after-1-wrong-move\/"},"modified":"2023-01-26T05:15:40","modified_gmt":"2023-01-26T02:15:40","slug":"moonbirds-creator-kevin-rose-loses-1-1m-in-nfts-after-1-wrong-move","status":"publish","type":"post","link":"https:\/\/buradabiliyorum.com\/en\/moonbirds-creator-kevin-rose-loses-1-1m-in-nfts-after-1-wrong-move\/","title":{"rendered":"# Moonbirds creator Kevin Rose loses $1.1M+ in NFTs after 1 wrong move"},"content":{"rendered":"<div id=\"ez-toc-container\" class=\"ez-toc-v2_0_85 counter-hierarchy ez-toc-counter ez-toc-custom ez-toc-container-direction\">\n<p class=\"ez-toc-title\" style=\"cursor:inherit\">Table of Contents<\/p>\n<label for=\"ez-toc-cssicon-toggle-item-6a3c87f385c77\" class=\"ez-toc-cssicon-toggle-label\"><span class=\"\"><span class=\"eztoc-hide\" style=\"display:none;\">Toggle<\/span><span class=\"ez-toc-icon-toggle-span\"><svg style=\"fill: #dd3333;color:#dd3333\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" class=\"list-377408\" width=\"20px\" height=\"20px\" viewBox=\"0 0 24 24\" fill=\"none\"><path d=\"M6 6H4v2h2V6zm14 0H8v2h12V6zM4 11h2v2H4v-2zm16 0H8v2h12v-2zM4 16h2v2H4v-2zm16 0H8v2h12v-2z\" fill=\"currentColor\"><\/path><\/svg><svg style=\"fill: #dd3333;color:#dd3333\" class=\"arrow-unsorted-368013\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"10px\" height=\"10px\" viewBox=\"0 0 24 24\" version=\"1.2\" baseProfile=\"tiny\"><path d=\"M18.2 9.3l-6.2-6.3-6.2 6.3c-.2.2-.3.4-.3.7s.1.5.3.7c.2.2.4.3.7.3h11c.3 0 .5-.1.7-.3.2-.2.3-.5.3-.7s-.1-.5-.3-.7zM5.8 14.7l6.2 6.3 6.2-6.3c.2-.2.3-.5.3-.7s-.1-.5-.3-.7c-.2-.2-.4-.3-.7-.3h-11c-.3 0-.5.1-.7.3-.2.2-.3.5-.3.7s.1.5.3.7z\"\/><\/svg><\/span><\/span><\/label><input type=\"checkbox\"  id=\"ez-toc-cssicon-toggle-item-6a3c87f385c77\" checked aria-label=\"Toggle\" \/><nav><ul class='ez-toc-list ez-toc-list-level-1 ' ><li class='ez-toc-page-1 ez-toc-heading-level-1'><a class=\"ez-toc-link ez-toc-heading-1\" href=\"https:\/\/buradabiliyorum.com\/en\/moonbirds-creator-kevin-rose-loses-1-1m-in-nfts-after-1-wrong-move\/#%E2%80%9D_Moonbirds_creator_Kevin_Rose_loses_11M_in_NFTs_after_1_wrong_move_%E2%80%9C\" >&#8221; Moonbirds creator Kevin Rose loses $1.1M+ in NFTs after 1 wrong move &#8220;<\/a><ul class='ez-toc-list-level-3' ><li class='ez-toc-heading-level-3'><ul class='ez-toc-list-level-3' ><li class='ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-2\" href=\"https:\/\/buradabiliyorum.com\/en\/moonbirds-creator-kevin-rose-loses-1-1m-in-nfts-after-1-wrong-move\/#How_Kevin_Rose_got_exploited\" >How Kevin Rose got exploited<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-3\" href=\"https:\/\/buradabiliyorum.com\/en\/moonbirds-creator-kevin-rose-loses-1-1m-in-nfts-after-1-wrong-move\/#NFTs_on_the_move\" >NFTs on the move<\/a><\/li><\/ul><\/li><\/ul><\/li><\/ul><\/nav><\/div>\n<h1><span class=\"ez-toc-section\" id=\"%E2%80%9D_Moonbirds_creator_Kevin_Rose_loses_11M_in_NFTs_after_1_wrong_move_%E2%80%9C\"><\/span>&#8221; Moonbirds creator Kevin Rose loses $1.1M+ in NFTs after 1 wrong move &#8220;<span class=\"ez-toc-section-end\"><\/span><\/h1>\n<p><img decoding=\"async\" src=\"https:\/\/images.cointelegraph.com\/images\/840_aHR0cHM6Ly9zMy5jb2ludGVsZWdyYXBoLmNvbS91cGxvYWRzLzIwMjMtMDEvMGVkMDBiZTItNTZmMy00ZTEyLWEwYzQtNDc1YTIzYzdjNGJkLmpwZw==.jpg\" \/><\/p>\n<div class=\"post-content\" data-v-5a4050f8>Kevin Rose, the co-founder of the nonfungible token (NFT) collection Moonbirds, has fallen victim to a phishing scam leading to more than $1.1 million worth of his personal NFTs stolen.<\/p>\n<p>The NFT creator and PROOF co-founder shared the <a href=\"https:\/\/buradabiliyorum.com\/en\/category\/news\/\" data-internallinksmanager029f6b8e52c=\"2\" title=\"News\" target=\"_blank\" rel=\"noopener\">news<\/a> with his 1.6 million <a href=\"https:\/\/buradabiliyorum.com\/en\/category\/social-mediaa\/\" data-internallinksmanager029f6b8e52c=\"1\" title=\"Social Media\" target=\"_blank\" rel=\"noopener\">Twitter<\/a> followers on Jan. 25 asking them to avoid buying any Squiggles NFTs until they manage to get them flagged as stolen. <\/p>\n<blockquote class=\"twitter-tweet\">\n<p lang=\"en\" dir=\"ltr\">I was just hacked, stay tuned for details &#8211; please avoid buying any squiggles until we get them flagged (just lost 25) + a few other NFTs (an autoglyph) &#8230;<\/p>\n<p>\u2014 K\u039eVIN R\u25ceSE (,) (@kevinrose) <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/twitter.com\/kevinrose\/status\/1618323487067869184?ref_src=twsrc%5Etfw\">January 25, 2023<\/a><\/p><\/blockquote>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script>\u201cThank you for all the kind, supportive words. Full debrief coming,\u201d he then <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/twitter.com\/kevinrose\/status\/1618355397022347265?s=20&amp;t=giHMLopZrXhQkADFV5v4PQ\">shared<\/a> in a separate tweet about two hours later.<\/p>\n<p>It is understood that Rose\u2019s NFTs were drained after signing a malicious signature that transferred a significant proportion of his NFT assets to the exploiter.<\/p>\n<blockquote class=\"twitter-tweet\">\n<p lang=\"en\" dir=\"ltr\">GM  \u2013 what a day!<br \/>Today I was phished. Tomorrow we&#8217;ll cover all the details live, as a cautionary tail, on twitter spaces. Here is how it went down, technically: <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/t.co\/DgBKF8qVBK\">https:\/\/t.co\/DgBKF8qVBK<\/a><\/p>\n<p>\u2014 K\u039eVIN R\u25ceSE (,) (@kevinrose) <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/twitter.com\/kevinrose\/status\/1618395033329360896?ref_src=twsrc%5Etfw\">January 25, 2023<\/a><\/p><\/blockquote>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>An independent <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/twitter.com\/ArkhamIntel\/status\/1618336256118906881?s=20&amp;t=Do4_WqNLcafaYjdCZVHJ2Q\">analysis<\/a> from Arkham found that the exploiter extracted at least one Autoglyph (345 ETH), 25 Art Blocks \u2014 also known as Chromie Squiggle \u2014 (332.5 ETH) and nine OnChainMonkey items (7.2 ETH).<\/p>\n<p>In total, at least 684.7 ETH ($1.1 million) was extracted.<\/p>\n<h3><span class=\"ez-toc-section\" id=\"How_Kevin_Rose_got_exploited\"><\/span>How Kevin Rose got exploited<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>While several independent on-chain analyses have been shared, Vice President of PROOF \u2014 the company behind Moonbirds \u2014 Arran Schlosberg explained to his 9,500 Twitter followers that Rose \u201cwas phished into signing a malicious signature\u201d which allowed the exploiter to transfer over a large number of tokens:<\/p>\n<blockquote class=\"twitter-tweet\">\n<p lang=\"en\" dir=\"ltr\">1\/ This was a classic piece of social engineering, tricking KRO into a false sense of security. The technical aspect of the hack was limited to crafting signatures accepted by OpenSea&#8217;s marketplace contract.<\/p>\n<p>\u2014 Arran (@divergencearran) <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/twitter.com\/divergencearran\/status\/1618359164174233602?ref_src=twsrc%5Etfw\">January 25, 2023<\/a><\/p><\/blockquote>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>Crypto analyst \u201cfoobar\u201d further elaborated on the \u201ctechnical aspect of the hack\u201d in a separate post on Jan. 25, explaining that Rose <a href=\"https:\/\/buradabiliyorum.com\/en\/category\/download-scripts-themes-apps\/\" data-internallinksmanager029f6b8e52c=\"9\" title=\"Download Scripts &amp; Themes &amp; Apps\" target=\"_blank\" rel=\"noopener\">app<\/a>roved a OpenSea marketplace contract to move all of his NFTs whenever Rose signed transactions.<\/p>\n<p>He added that Rose was always \u201cone malicious signature\u201d away from an exploit:<\/p>\n<blockquote class=\"twitter-tweet\">\n<p lang=\"en\" dir=\"ltr\">be super careful when signing anything, even offchain signatures. kevin rose just had ~$2 million worth of NFTs drained from his vault from signing one malicious seaport bundle. thankfully a couple things held back, like the punk zombie (1000 ETH) which can&#8217;t be traded on OS <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/t.co\/GXHR3NQHLf\">pic.twitter.com\/GXHR3NQHLf<\/a><\/p>\n<p>\u2014 foobar (@0xfoobar) <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/twitter.com\/0xfoobar\/status\/1618321915172786177?ref_src=twsrc%5Etfw\">January 25, 2023<\/a><\/p><\/blockquote>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>The crypto analyst said Rose should have instead been \u201csiloing\u201d his NFT assets in a separate wallet:<\/p>\n<blockquote><p>\u201cMoving assets from your vault to a separate &#8220;selling&#8221; wallet before listing on NFT marketplaces will prevent this.\u201d<\/p><\/blockquote>\n<p>Another on-chain analyst, \u201cQuit\u201d told his 71,400 Twitter followers further explained that malicious signature was enabled by the Seaport marketplace contract \u2014 the platform which powers OpenSea:<\/p>\n<blockquote class=\"twitter-tweet\">\n<p lang=\"en\" dir=\"ltr\">Kevin Rose was just lost $2m+ in assets by signing an off-chain signature that created a listing for all of his OpenSea approved assets in one go.<\/p>\n<p>While seaport is a powerful tool, it can also be dangerous if you&#8217;re not aware of how it works.<\/p>\n<p>A bit of context 1\/<\/p>\n<p>\u2014 quit (@0xQuit) <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/twitter.com\/0xQuit\/status\/1618335012176400384?ref_src=twsrc%5Etfw\">January 25, 2023<\/a><\/p><\/blockquote>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>Quit explained that the exploiters were able to set up a phishing site that was able to view the NFT assets held in Rose\u2019s wallet.<\/p>\n<p>The exploiter then set up an order for all of Rose\u2019s assets that are approved on OpenSea to then be transferred to the exploiter.<\/p>\n<p>Rose then validated the malicious transaction, noted Quit.\u00a0<\/p>\n<p><strong><em>Related: <\/em><\/strong><strong><em>Bluechip NFT project Moonbirds signs with Hollywood talent agents UTA<\/em><\/strong><\/p>\n<p>Meanwhile, foobar noted that most of the stolen assets were well above the floor price, which means that the amount stolen could be as high as $2 million.<\/p>\n<p>Quit urged that OpenSea users \u201cneed to run away\u201d from any other website that prompts users to sign something that looks suspicious. <\/p>\n<h3><span class=\"ez-toc-section\" id=\"NFTs_on_the_move\"><\/span>NFTs on the move<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>On-chain analyst \u201cZachXBT\u201d shared a transaction map to his 350,300 Twitter followers, which shows that the exploiter sent the assets to FixedFloat \u2014 a cryptocurrency exchange on the Bitcoin layer-2 \u201cLightning Network.\u201d <\/p>\n<p>The exploiter then transferred the funds into Bitcoin (BTC) and before depositing the BTC into a Bitcoin mixer:<\/p>\n<blockquote class=\"twitter-tweet\">\n<p lang=\"en\" dir=\"ltr\">Three hours ago Kevin was phished for $1.4m+ worth of NFTs. Earlier today the same scammer stole 75 ETH from another victim. <\/p>\n<p>Mapping this out we can see a clear trend of sending the stolen funds to FixedFloat and swapping for BTC before depositing to a bitcoin mixer. <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/t.co\/2yrFpfYttT\">https:\/\/t.co\/2yrFpfYttT<\/a> <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/t.co\/ZlywPYydwx\">pic.twitter.com\/ZlywPYydwx<\/a><\/p>\n<p>\u2014 ZachXBT (@zachxbt) <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/twitter.com\/zachxbt\/status\/1618360113190031360?ref_src=twsrc%5Etfw\">January 25, 2023<\/a><\/p><\/blockquote>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>Crypto Twitter member &#8220;Degentraland\u201d told their 67,000 Twitter followers that it was the \u201csaddest thing\u201d they have seen in cryptocurrency space to date, adding that if anyone can come back from such a devastating exploit, \u201cit\u2019s him\u201d:<\/p>\n<blockquote class=\"twitter-tweet\">\n<p lang=\"en\" dir=\"ltr\">Saddest thing I&#8217;ve seen in crypto to date.<a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/twitter.com\/kevinrose?ref_src=twsrc%5Etfw\">@kevinrose<\/a> wallet drained.<\/p>\n<p>If anyone can come back from this, it&#8217;s him. <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/t.co\/HZysg34qji\">pic.twitter.com\/HZysg34qji<\/a><\/p>\n<p>\u2014 Degentraland (@Degentraland) <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/twitter.com\/Degentraland\/status\/1618321262492942336?ref_src=twsrc%5Etfw\">January 25, 2023<\/a><\/p><\/blockquote>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>Meanwhile, Bankless founder Ryan Sean Adams was enraged with the ease at which Rose was able to be exploited. In the Jan. 25 <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/twitter.com\/RyanSAdams\/status\/1618329248275795968\">tweet,<\/a> Adams urged front-end engineers to pick up their <a href=\"https:\/\/buradabiliyorum.com\/en\/category\/game\/\" data-internallinksmanager029f6b8e52c=\"7\" title=\"Game\" target=\"_blank\" rel=\"noopener\">game<\/a> and improve user experience (UX) to prevent such scams from taking place.<\/p>\n<p><template data-name=\"subscription_form\" data-type=\"crypto_biz\"><\/template><\/div>\n<blockquote><p><strong><span style=\"color: #ff6600;\">If you liked the article, do not forget to share it with your friends. Follow us on\u00a0<span style=\"color: #ff0000;\"><a style=\"color: #ff0000;\" href=\"https:\/\/news.google.com\/publications\/CAAqBwgKMLG0nwswvr63Aw\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">Google News<\/a><\/span>\u00a0too, click on the star and choose us from your favorites.<\/span><\/strong><\/p><\/blockquote>\n<blockquote>\n<p style=\"text-align: center;\">For forums sites go to <span style=\"color: #ff9900;\"><a style=\"color: #ff9900;\" href=\"https:\/\/forum.buradabiliyorum.com\/\" target=\"_blank\" rel=\"noopener\">Forum.BuradaBiliyorum.Com<\/a><\/span><\/strong>\n<\/p><\/blockquote>\n<blockquote>\n<p style=\"text-align: center;\"><strong>If you want to read more News articles, you can visit our <span style=\"color: #ff9900;\"><a style=\"color: #ff9900;\" href=\"https:\/\/en.buradabiliyorum.com\/general\/\" target=\"_blank\" rel=\"noopener\">General category.<\/a><\/span><\/strong><\/p>\n<\/blockquote>\n<p><span style=\"color: black;\"><a style=\"color: #ff9900;\" href=\"https:\/\/cointelegraph.com\/news\/moonbirds-creator-kevin-rose-loses-1-1m-in-nfts-after-1-wrong-move\" target=\"_blank\" rel=\"noopener\">Source<\/a><\/span><\/p>\n","protected":false},"excerpt":{"rendered":"<p>&#8221; Moonbirds creator Kevin Rose loses $1.1M+ in NFTs after 1 wrong move &#8220; Kevin Rose, the co-founder of the nonfungible token (NFT) collection Moonbirds, has fallen victim to a phishing scam leading to more than $1.1 million worth of his personal NFTs stolen. The NFT creator and PROOF co-founder shared the news with his&#8230;<\/p>\n","protected":false},"author":1,"featured_media":543723,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/images.cointelegraph.com\/cdn-cgi\/image\/format=auto,onerror=redirect,quality=90,width=1200\/https:\/\/s3.cointelegraph.com\/uploads\/2023-01\/0ed00be2-56f3-4e12-a0c4-475a23c7c4bd.jpg","fifu_image_alt":"","footnotes":""},"categories":[1],"tags":[74867,74894,77892,79786,74882,95118,133792,74879,70944,86389,75134,71101],"class_list":["post-543722","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-general","tag-altcoin","tag-blockchain","tag-crypto-collectibles","tag-digital-asset","tag-hacks","tag-nft","tag-opensea","tag-wallet","tag-hackers","tag-marketplace","tag-phishing","tag-scams"],"_links":{"self":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/posts\/543722","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/comments?post=543722"}],"version-history":[{"count":0,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/posts\/543722\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/media\/543723"}],"wp:attachment":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/media?parent=543722"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/categories?post=543722"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/tags?post=543722"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}