• Kevin Rose, the founder of the NFT collection Moonbirds, had his personal wallet hacked on January 25, draining it of NFTs worth millions.
• The attack was connected to a malicious signature Rose granted to the attackers via OpenSea’s Seaport protocol.
• The attackers were able to make off with 40 assets, including notable NFTs from projects such as Cool Cats, OnChainMonkeys, Chromie Squiggles, Autoglyphs, QQL Mint Pass, Admit One Pass, and more.
On January 25th, Kevin Rose, the founder of the NFT collection Moonbirds, had his personal wallet hacked, resulting in the loss of NFTs worth millions of dollars. Rose tweeted about the attack and promised to look into the matter, with the attack later being linked to a malicious signature Rose had granted to the attackers via OpenSea’s Seaport protocol.
OpenSea, a Web3 protocol, bills itself as focusing on trading safety and efficiency. It was developed with Solidity Assembly language and is capable of a variety of functions on the Ethereum blockchain, such as filling orders, tipping, filtering, and eliminating redundant transfers. Unfortunately, Rose was the victim of a phishing attack, a cybercrime in which an attacker tries to trick victims into giving away sensitive information, like passwords or credit card numbers, by disguising themselves as a trustworthy source.
The malicious attackers were able to make off with 40 NFTs, including notable ones from projects such as Cool Cats, OnChainMonkeys, Chromie Squiggles, Autoglyphs, QQL Mint Pass, Admit One Pass, and more. Despite being flagged as stolen and reported to OpenSea as such, several of the stolen NFTs have already been resold on the secondary market.
The attack on Rose’s wallet shows that Web3 protocols such as OpenSea are not immune to malicious attacks, and that developers should be cautious when granting access to their wallets. The larger lesson here is that cybersecurity is of paramount importance when dealing with blockchain protocols, and that users should always be mindful of the risks associated with granting access to their wallets.
