Lessons From Proof Founder Kevin Rose’s $1.4M NFT Phishing Experience
The founder of Moonbirds lost high-value NFTs from collections including Autoglyph, Chromie Squiggles and Damien Hirst’s The Currency
Source: Shutterstock / Philip Steury Photography, modified by Blockworks
Kevin Rose, the CEO and founder of Proof, fell victim to an apparent phishing attack, with his hacked wallet estimated to have held rare NFTs worth millions.
After the theft, Rose worked with OpenSea to ensure the stolen NFTs can’t be sold on its marketplace, but they can still be sold on another platform.
His wallet is said to have lost 40 NFTs on Wednesday, with data on NFT marketplace OpenSea showing the assets were transferred to the attacker’s wallet.
Rose confirmed the hack in a late Thursday tweet, saying he would share details soon as a cautionary heads-up. He may have lost assets upwards of $1.4 million including NFTs from collections like Autoglyph, QQL Pass, Cool Cats, Damien Hirst’s The Currency, Admit One and OnChainMonkey, according to nft now.
In a Twitter thread, Proof’s VP of Engineering Arran Schlosberg broke down what exactly went down. He said Rose was tricked into signing a malicious signature that allowed the hacker to gain access to high-value tokens.
Schlosberg didn’t mention what Rose thought he was signing, but the single misstep appears to have given the hacker his wallet credentials.
“This was a classic piece of social engineering, tricking KRO into a false sense of security. The technical aspect of the hack was limited to crafting signatures accepted by OpenSea’s marketplace contract,” Schlosberg wrote.
He added that Proof’s assets, which mostly need multiple approvals for access, were not impacted.
OpenSea didn’t return Blockworks’ request for comment by press time.
The NFT phishing problem
Blockchain sleuth ZachXBT claimed that the same hacker who took control of Rose’s NFTs stole 75 ETH ($121,000) from another victim on the same day. The hacker then allegedly used crypto exchange FixedFloat to convert the stolen funds to bitcoin, before transferring them to a bitcoin mixing service to conceal the origin of funds.
Another crypto enthusiast who goes by the name ‘foobar’ on Twitter suggested how such a hack could have been prevented. They recommended a technique known as “wallet siloing,” which involves segregating different wallets for different purposes, and keeping valuable NFTs away from any active hot wallets. This would block the assets from being listed on NFT marketplaces without separate selling approval — a loss of convenience, but a defense against the sort of trap Rose fell into.
Use of a browser extension such as Fire, that translates opaque smart contract code into recognizable actions, would also have tipped off Rose that something smelled fishy before it was too late.
This story was updated on Jan. 26, 2023, at 5:25 a.m. ET with additional detail.
Start your day with top crypto insights from David Canellis and Katherine Ross. Subscribe to the Empire newsletter.
Explore the growing intersection between crypto, macroeconomics, policy and finance with Ben Strack, Casey Wagner and Felix Jauvin. Subscribe to the On the Margin newsletter.
The Lightspeed newsletter is all things Solana, in your inbox, every day. Subscribe to daily Solana news from Jack Kubinec and Jeff Albus.
