NFTs worth millions disappear from prominent Web3 builder’s wallet NFTs worth millions disappear from prominent Web3 builder’s wallet

NFTs worth millions disappear from prominent Web3 builder’s wallet

Kevin Rose lost over 40 NFTs due to a malicious phishing attack targeting his OpenSea signature

NFTs worth millions disappear from prominent Web3 builder’s wallet

Cover art/illustration via CryptoSlate. Image includes combined content which may include AI-generated content.

Kevin Rose, the founder of the NFT collection Moonbirds, had his personal wallet hacked on January 25, draining it of NFTs worth millions.

The PROOF collective founder sent out a Tweet to his 1.6 million followers promising to look into the matter, which has since been connected to a malicious signature Rose granted to the attackers via OpenSeaโ€™s Seaport protocol.

Introduced by OpenSea in May 2022, Seaport is an open-source Web3 protocol that bills itself as โ€œfocusing on trading safety and efficiency.โ€ Developed with Solidity Assembly language, Seaport allows for a variety of functions to take place on the Ethereum blockchain, including the filling of orders, tipping, advanced filtering capabilities and the elimination of redundant transfers.

According to Rose, he was targeted using a classic case of social engineering known as a phishing attack, a cybercrime in which an attacker tries to trick victims into giving away sensitive information, such as passwords or credit card numbers, by disguising themselves as a trustworthy source — in this case OpenSea.ย 

The attackers were able to make off with 40 assets, including notable NFTs from projects such as Cool Cats, OnChainMonkeys, Chromie Squiggles, Autoglyphs, QQL Mint Pass, Admit One Pass, and more. Despite being flagged as stolen and reported to OpenSea as such, several of them have been re-sold in the last several days, including one Chromie Squiggle belonging to Rose that sold for 22 WETH.ย 

Itโ€™s not the first time a prominent builder in Web3 has been targeted by signing a malicious transaction that was then verified by OpenSeaโ€™s marketplace contract. Three weeks ago, thieves made off with RTFKT COO NFTs worth $170,000 drained during a phishing attack. And three months ago, a scammer by the name of Monkey Drainer made off with over $3.5 million dollars worth of NFTs by also targeting victims with deceptive phishing techniques.ย 

Phishing attacks are becoming an increasingly prevalent issue. In Q2 2022, phishing attacks increased by 170% compared to the first quarter, as per a report by the blockchain security firm Certik.ย 

Posted In: Crime, NFTs