BlocksInform
The creator of the NFT Lunar Bird Collection, Kevin Rose, lost approximately $1 million in NFT as a result of a portfolio exploit.
Pink has lost a number of nfts, including 25 squiggles chronicle and one nft autoglyph. The hack was confirmed by Rose on her own Twitter account.
A Million Dollar Loss
Kevin Rose, the co-founder of the Moonbirds NFT collection, has fallen victim to a phishing scam, losing over $1.1 million worth of NFTs from his personal collection. Rose confirmed the hack on her twitter account, and a look at the trading history for Rose's portfolio on OPENSEA shows how extensive the hack is. Pink has lost several nfts, like onchainmonkeys, graffiti, and fresh cats. Rose stated on Twitter,
“I was just hacked; stay tuned for details - please avoid buying any squiggles until we get them flagged (just lost 25) + a few other NFTs (an autoglyph).”
But Rose was able to save her most precious TNT by keeping it in a separate vault. These nfts comprise a cryptopunk zombie (cryptopunk. Users speculated that the portfolio in question was compromised because rose signed a malicious marine port package. A group of seaports makes it possible for users to exchange several assets for other items of equal value. Rose, on the other hand, urged users to avoid buying doodle NFT while her team worked to have it labeled stolen.
Details Of The Hack
Details about how the hack took place soon emerged. It was revealed that the hack most likely occurred after it endorsed a malicious signature, allowing the attacker to move a large amount of pink NFT out of the portfolio. A hack analysis revealed that the attacker was successful in siphoning at least one autoglyph, The minimum price is 345 eth, chromie squiggles, which were valued at approximately 332.5 eth, and nine other key building blocks, with a value of approximately 7.2eth.
The vice president of PROOF, the entity behind the Moonbirds collection, Arran Schlosberg, elaborated on the hack on Twitter, revealing that Rose was the victim of a phishing exploit that tricked him into signing a malicious signature and allowed the attacker to steal the NFTs in question.
Earlier tonight, @kevinrose fell victim to phishing by signing a malicious signature that allowed the hacker to transfer a large number of valuable chips. The following is a breakdown of what happened, our immediate response and our continued efforts. It was a social engineering classic, setting Kro up with a false sense of security. The technical aspect of piracy was confined to the development of signatures accepted in the OpenSea contract."
Crypto analyst foobar explained that Rose had approved a contract OpenSea to move all of its ETFs every time he signed transactions, Claiming that Rose was still at a malicious signing of the catastrophe. The analyst further submitted that Rose should have compartmentalized its assets into a separate portfolio.
"Moving assets from your vault to a separate "sale" portfolio before they are listed on the NFt market places will prevent that."
The malicious signature was activated by the sea port market contract, which, while being a powerful tool, is also unsafe if users are unaware of its operation.
Stolen Assets On The Move
Foobar also revealed that the stolen assets were valued well above their floor price, which means that the loss could be considerably greater. On-chain crypto analyst zachxbt followed the stolen assets, revealing that the operator sent the assets to fixedfloat, a swap on the bitcoin lightning network. The funds were then exchanged in btc and placed in a Bitcoin mixing table.
"Three hours ago, Kevin got arrested for 1.4 million dollars. Earlier today, the same con artist robbed another victim of 75 eth. Mapping this, we can see a clear trend to send the stolen funds to FixedFloat and exchange for BTC before dropping to a Bitcoin mixing table."
The founder of Bankless, Ryan Sean Adams, highlighted how easy Rose has been to operate and encouraged front-line engineers to improve the user experience.
