Proof CEO loses dozens of high-value NFTs to phishing

Kevin Rose, the CEO of NFT company Proof, responsible for the famous collection Moonbirds, announced that his wallet had been compromised. Stolen NFTs are reportedly worth millions of dollars.
Rose warned his 1.6 million followers on Twitter not to purchase any Chromie Squiggles, a generative art NFT initiative by Snowfro, the creator of Art Blocks. Rose claimed to have misplaced 25 Squiggles and “a few other NFTs,” one of which was an Autoglyph.
Per Etherscan tracing Rose’s transactions, a total of 40 NFTs, including roughly 25 Chromie Squiggles and an Autoglyphs NFT from original CryptoPunks creator Larva Labs, were reportedly stolen from his ethereum (ETH) wallet on Jan. 25. Soon after rumors spread on Twitter, Rose officially confirmed the event in a tweet.

I was just hacked, stay tuned for details – please avoid buying any squiggles until we get them flagged (just lost 25) + a few other NFTs (an autoglyph) …
— KΞVIN R◎SE (🪹,🦉) (@kevinrose) January 25, 2023

The current floor price for Chromie Squiggles is 13.3 ETH or around $20,715 at press time. In the assault, Rose lost 25 of them. An Autoglyph on OpenSea costs 315 ETH, or roughly $491,000.
Based on the current floor price, or cheapest-listed NFT, from the most well-known collections, the hacker stole NFTs worth at least $1 million. However, some of the individual NFTs may have a significantly higher value.
An alleged phishing attack
Public wallet information revealed through the OpenSea marketplace discloses that Rose appears to have started moving some of his most valuable NFTs, such as CryptoPunks and works by pseudonymous artist XCOPY, out of the krovault.eth wallet and into another wallet shortly after the attack ended.
As a result of OpenSea’s subsequent flagging of the stolen assets, they are currently ineligible for sale on that marketplace. That does not prevent the transfer of NFTs or the attempt to sell them on another platform.
Proof vice president of engineering Arran Schlosberg explained in a series of tweets that Rose was phished into signing a malicious signature that allowed the hacker to steal the tokens from the wallet. According to Schlosberg, the team tried using Revoke Cash to cancel the transactions, but it was too late, as NFTs had already moved from Rose’s wallet.

0/ Earlier this evening @kevinrose was phished into signing a malicious signature that allowed the hacker to transfer a large number of high-value tokens. Here is a breakdown of what happened, our immediate response, and our ongoing efforts…
— Arran (@divergencearran) January 25, 2023

However, per Schlosberg, Proof assets remained intact, as they require multiple signatures for further transfers.
NFT scams on the rise
ZachXBT, a pseudonymous blockchain investigator, revealed that the wallet that defrauded Rose of his NFTs also appears to have stolen 75 ETH (about $121,000 worth) from another victim.
The investigator further claims that the attacker swapped the stolen ETH into bitcoin and then used a coin mixer to scramble the flow of funds. 

Three hours ago Kevin was phished for $1.4m+ worth of NFTs. Earlier today the same scammer stole 75 ETH from another victim.Mapping this out we can see a clear trend of sending the stolen funds to FixedFloat and swapping for BTC before depositing to a bitcoin mixer.
— ZachXBT (@zachxbt) January 25, 2023

This article has been originally published at: