Blog

NFT Creator Loses $1.1M in Phishing Attack: How It Happened

  • Post author:
  • Post category:Allgemein

• Moonbirds NFT creator Kevin Rose loses $1.1 million worth of tokens in a phishing attack.
• Arran Schlosberg, the vice president of Proof Collective, provides a breakdown of how the hacker managed to seize control over the businessman’s NFT collection.
• The two Proof Collective executives immediately used the Revoke.cash preventative tool with the aim to clear approvals, however it was too late and the tokens were bulk transferred to the hacker.

Moonbirds co-founder and CEO of Proof Collective, Kevin Rose, recently fell victim to a malicious phishing attack which resulted in the loss of approximately $1.1 million worth of non-fungible tokens (NFTs). The stolen tokens included The Currency artwork by popular British artist Damien Hirst, one Autoglyph, 25 Art Blocks, one Cool Cat, and nine OnChainMonkey tokens.

According to Arran Schlosberg, the Vice President of Proof Collective, the hacker tricked Rose into signing a malicious signature which allowed them to transfer a large number of high-value tokens. Schlosberg explains that this was a classic piece of social engineering and the technical aspect of the hack was limited to crafting signatures accepted by OpenSea’s marketplace contract.

After Rose and Schlosberg understood the hacking attack targeted the NFT collection, they immediately used the Revoke.cash preventative tool with the aim to clear approvals. Unfortunately, it was too late and the tokens were bulk transferred to the hacker. Schlosberg reassured that assets (NFTs, ETH, etc) owned by Proof Collective are unaffected and not at risk.

In order to protect other NFT creators from falling victim to similar scams, Schlosberg recommends using a trusted wallet to keep NFTs secure and to also be aware of phishing attempts. He also suggests using a unique passphrase for each wallet, enabling two-factor authentication, and regularly changing passwords.

Rose and Schlosberg are currently working with the OpenSea team to identify the hacker and take action against them. They are also working on a system to ensure similar incidents do not occur in the future.