Kevin Rose, founder of the NFT collection Moonbirds, had his personal wallet hacked on January 25th, exfiltrating millions of dollars worth of NFTs.
The founder of the PROOF collective sent out a tweet to its 1.6 million followers promising to investigate the matter. This is associated with the malicious signature Rose given to the attacker via OpenSea’s Seaport protocol.
Introduced by OpenSea in May 2022, Seaport is an open-source Web3 protocol that claims to be “focused on transaction security and efficiency.” Developed in the Solidity Assembly language, Seaport allows various functions to run on the Ethereum blockchain. This includes order fulfillment, tip payments, advanced filtering capabilities, and elimination of redundant transfers.
According to Rose, he was targeted using a classic case of social engineering known as a phishing attack. Source — in this case OpenSea.
The attackers successfully leveraged 40 assets, including notable NFTs from projects such as Cool Cats, OnChainMonkeys, Chromie Squiggles, Autoglyphs, QQL Mint Pass, and Admit One Pass. Several have been resold in the past few days, including Rose’s Chromie Squiggle, which sold for 22 WETH despite being flagged for theft and reported as such to OpenSea.
This is not the first time a prominent Web3 builder has been targeted for signing malicious transactions.Three weeks ago, a thief Breaking away from RTFKT COO NFTs Worth $170,000 stolen in a phishing attack. And three months ago, a scammer named Monkey Drainer targeted victims with deceptive phishing techniques to get an NFT worth more than $3.5 million.
Phishing attacks are becoming an increasingly common problem. In Q2 2022, phishing attacks increased by 170% compared to Q1. report By blockchain security company Certik.