The crypto world still feels like the Wild West at times, especially when even seasoned Web3 creators and NFT collectors fall victim to exploits that typically claim less-experienced traders. That happened again Wednesday afternoon as Kevin Rose, co-founder of Moonbirds creator Proof, said that his Ethereum wallet was “hacked” after valuable assets were swiped.
A total of 40 NFTs were apparently taken from his krovault.eth wallet early Wednesday afternoon, including about 25 Chromie Squiggles from the Art Blocks project, as well as a valuable Autoglyphs NFT from original CryptoPunks creator Larva Labs. Rose confirmed the event via a tweet soon after speculation began circulating on Twitter.
“I was just hacked, stay tuned for details,” he tweeted. “Please avoid buying any Squiggles until we get them flagged (just lost 25) + a few other NFTs (an Autoglyph).”
I was just hacked, stay tuned for details - please avoid buying any squiggles until we get them flagged (just lost 25) + a few other NFTs (an autoglyph) ...
— KΞVIN R◎SE (🪹,🦉) (@kevinrose) January 25, 2023
Public wallet data displayed via the OpenSea marketplace shows that Rose apparently began transferring some of his most valuable NFTs out of the krovault.eth wallet and into another wallet soon after the attack ceased, including CryptoPunks and works by pseudonymous artist XCOPY.
The stolen assets have since been flagged by OpenSea, which means that they cannot currently be sold on that particular marketplace. However, that does not limit the ability to transfer the NFTs or try to sell them via another platform.
The hacker swiped at least a million dollars’ worth of NFTs, based on the current floor price (or cheapest-listed NFT) from the most notable collections, although some of the individual NFTs may be valued much higher than the floor price.
The Chromie Squiggles floor price is currently 13.3 ETH, for example, or about $20,715 each. Rose lost 25 of them in the attack. Buying an Autoglyph would currently set someone back 315 ETH on OpenSea, or about $491,000 worth.
As the name implies, Rose’s krovault.eth wallet is supposed to be his vault for locking down his high-value assets—likely a "cold" or hardware wallet. It’s described as such on his OpenSea profile, which displays the phrase, “Locked down wallet.” Rose may have connected the wallet to OpenSea and fallen victim to an attack, for example, or been hit with an as-yet-unidentified exploit.
Cirrus, a pseudonymous Web3 builder at studio Wumbo Labs, tweeted that the exploit may be tied to a phishing attack that led to Rose signing a bundled transaction that saw the 40 NFTs then moved out of his wallet. CryptoPunks, in particular, would not be impacted because they cannot be traded on OpenSea.
be super careful when signing anything, even offchain signatures. kevin rose just had ~$2 million worth of NFTs drained from his vault from signing one malicious seaport bundle. thankfully a couple things held back, like the punk zombie (1000 ETH) which can't be traded on OS pic.twitter.com/GXHR3NQHLf
— foobar (@0xfoobar) January 25, 2023
Pseudonymous Web3 developer Foobar tweeted that the attack is apparently tied to previous approvals given to the OpenSea marketplace to allow transfers of Rose’s assets, but that it would ultimately still require a signature to execute the transaction. He estimated the damage to be closer to $2 million worth of NFTs.
“The #1 thing to do is wallet siloing,” Foobar added. “Kevin Rose had approved OpenSea to move any and all of his NFTs, which means one malicious signature was all it took. Moving assets from your vault to a separate ‘selling’ wallet before listing on NFT marketplaces will prevent this.”
Decrypt reached out to Rose for further details but did not immediately hear back.