The co-founder of the NFT collection Moonbirds fell victim to a phishing attack leading to over 684 ETH (~$1.1 million) worth of NFTs stolen.
Kevin Rose, Co-Founder of PROOF and Creator of Moonbirds, suffered a phishing attack. It resulted in at least 35 NFTs being stolen from his wallet. Rose revealed the news on Twitter.
Arran Schlosberg, VP of PROOF, said that Rose “was phished into signing a malicious signature” supposedly designed for the Seaport protocol. That’s what let the scammer transfer tokens from the wallet. Schlosberg called the attack “a classic piece of social engineering,” as Rose was unaware of the attack until the NFTs were transferred.
According to Arkham’s on-chain analytics, the attacker stole Rose’s NFTs from these collections:
- Autoglyph, an NFT worth 345 ETH ($552,000);
- Chromie Squiggle, 25 NFTs worth 332.5 ETH ($532,000);
- OnChainMonkey, 9 NFTs worth 7.2 ETH ($11,500).
However, analysts reported that Rose managed to move most of his assets. For instance, the scammer wasn’t able to steal the most expensive NFTs stored on Rose’s wallet — CryptoPunk #715 and CryptoPunk #5066 worth over 1,200 ETH ($1.9 million) in total.
CryptoPunk NFTs were saved because they couldn’t be exchanged through Seaport. That’s the only reason why the fraudster failed to identify them using malware identical to the app. When Seaport was launched, OpenSea offered $1 million for finding the vulnerability in the protocol.
Cryptojackers continue to improve their techniques for stealing digital assets, increasing the number of fake ad sites. For example, a new type of fraud, unique for the Web3 sphere, appeared last year — Ice Phishing.
