Kevin Rose, the co-founder of Moonbirds non-fungible tokens (NFTs) and the CEO of Proof Collective, has fallen victim to a phishing attack due to which he lost about $1.1 million worth of tokens.
Some of the stolen NFTs include The Currency artwork by popular British artist Damien Hirst, one Autoglyph, 25 Art Blocks, one Cool Cat, as well as nine OnChainMonkey tokens, among others.
"I was just hacked, stay tuned for details - please avoid buying any squiggles until we get them flagged (just lost 25) + a few other NFTs (an autoglyph)," the entrepreneur said in a tweet.
In a thread retweeted by Rose, Arran Schlosberg, the vice president of Proof Collective, provides his take on how the hacker managed to seize control over the businessman’s NFT collection.
On the evening of January 25, Rose "was phished into signing a malicious signature that allowed the hacker to transfer a large number of high-value tokens. Here is a breakdown of what happened, our immediate response, and our ongoing efforts," Schlosberg said. "This was a classic piece of social engineering, tricking KRO into a false sense of security. The technical aspect of the hack was limited to crafting signatures accepted by OpenSea's marketplace contract."
After Schlosberg and Rose understood the hacking attack targeted the NFT collection, the two Proof Collective executives immediately used the Revoke.cash preventative tool with the aim to clear approvals, the vice president said.
"Unfortunately it was too late and the tokens were bulk transferred to the hacker," according to Schlosberg. "Assets (NFTs, ETH, etc) owned by [Proof Collective] are unaffected and not at risk. The vast majority of our assets require multiple approvals for access.”
Proof Collective’s vice president added that the company's team is working closely with the anti-fraud staff from the OpenSea marketplace and wallet specialist Ledger on investigating the attack, "and are considering all avenues, including legal."
In response to the latest attack, onchain firewall Harpie advised NFT owners to "be super careful when signing anything, even offchain signatures".
Moonbirds is a collection of 10,000 NFTs designed in the style of profile pictures. Each token features unique artwork based on owls and boasts a variety of special characteristics. Created by Proof Collective, Moonbirds NFTs can be staked (or nested, as their creators call it) to earn rewards. In addition to this, holders of the tokens are provided with access to the digital and IRL Moonbirds community.