Moonbirds creator Kevin Rose loses $1.1M+ in NFTs after 1 wrong move

cointelegraph.com:

Kevin Rose, the co-founder of the nonfungible token (NFT) collection Moonbirds, has fallen victim to a phishing scam leading to more than $1.1 million worth of his personal NFTs stolen.

The NFT creator and PROOF co-founder shared the news with his 1.6 million Twitter followers on Jan. 25 asking them to avoid buying any Squiggles NFTs until they manage to get them flagged as stolen.

I was just hacked, stay tuned for details - please avoid buying any squiggles until we get them flagged (just lost 25) + a few other NFTs (an autoglyph) ...

“Thank you for all the kind, supportive words. Full debrief coming,” he then shared in a separate tweet about two hours later.

It is understood that Rose’s NFTs were drained after signing a malicious signature that transferred a significant proportion of his NFT assets to the exploiter.

GM – what a day!Today I was phished. Tomorrow we'll cover all the details live, as a cautionary tail, on twitter spaces. Here is how it went down, technically: https://t.co/DgBKF8qVBK

An independent analysis from Arkham found that the exploiter extracted at least one Autoglyph (345 ETH), 25 Art Blocks — also known as Chromie Squiggle — (332.5 ETH) and nine OnChainMonkey items (7.2 ETH).

In total, at least 684.7 ETH ($1.1 million) was extracted.

While several independent on-chain analyses have been shared, Vice President of PROOF — the company behind Moonbirds — Arran Schlosberg explained to his 9,500 Twitter followers that Rose “was phished into signing a malicious signature” which allowed the exploiter to transfer over a large number of tokens:

1/ This was a classic piece of social engineering, tricking KRO into a false sense of security. The technical aspect of the hack was limited to crafting signatures accepted