Latest News

Moonbirds creator Kevin Rose loses $1.1M+ in NFTs after 1 wrong move

Among the nonfungible tokens (NFTs) stolen from the PROOF co-founder were 25 Chromie Squiggles and one Autoglyph NFT.

Kevin Rose, co-founder of the nonfungible token (NFT) collection Moonbirds, was the victim of a phishing fraud that resulted in the theft of more than $1.1 million in his own NFTs.

On Jan. 25, the NFT creator and PROOF co-founder informed his 1.6 million Twitter followers, advising them to refrain from purchasing any Squiggles NFTs until his team was able to have them flagged as stolen.

“I appreciate all of your warm and encouraging messages. “Full debrief coming,” he added two hours later in a separate tweet.

Rose’s NFTs were allegedly drained after he approved a fraudulent signature that transferred a major percentage of his NFT assets to the exploiter.

According to an independent study conducted by Arkham, the exploiter extracted at least one Autoglyph, which has a floor price of 345 ETH; 25 Art Blocks, also known as Chromie Squiggles, for at least a total of 332.5 ETH; and nine OnChainMonkey products, each worth at least 7.2 Ether.

At least 684.7 ETH ($1.1 million) was extracted in total.

While several independent on-chain analyses have been shared, Arran Schlosberg, vice president of PROOF — the company behind Moonbirds — explained to his 9,500 Twitter followers that Rose was “phished into signing a malicious signature,” allowing the exploiter to transfer over a large number of tokens:

In a separate post on Jan. 25, crypto analyst “foobar” expounded on the “technical side of the hack,” stating that Rose approved an OpenSea marketplace contract to shift all of his NFTs whenever Rose signed transactions.

Rose was always “one malicious signature” away from an exploit, he added:

Rose, according to the crypto analyst, should have “siloed” his NFT holdings in a different wallet:

“Moving assets from your vault to a separate ‘selling’ wallet before listing on NFT marketplaces will prevent this.”

Another on-chain expert, “Quit,” told his 71,400 Twitter followers that the malicious signature was possible via the Seaport marketplace contract – the infrastructure that supports OpenSea: The Sea of Blockchain.

According to Quit, the exploiters were able to put up a phishing site that allowed them to examine the NFT assets kept in Rose’s wallet.

The exploiter then created an order to transfer all of Rose’s assets that have been approved on OpenSea to themselves.

The fraudulent transaction was subsequently validated by Rose, who noted Quit.

Meanwhile, foobar said that the majority of the stolen assets were priced much over the floor price, implying that the total amount taken may be as much as $2 million.

Quit advised OpenSea users to “run away” from any other website that asks them to sign something questionable.

ZachXBT, an on-chain researcher, posted a transaction map with his 350,300 Twitter followers, demonstrating that the exploiter transported the funds to FixedFloat, a cryptocurrency exchange on the Bitcoin layer 2 Lightning Network.

After that, the exploiter converted the cash to Bitcoin (BTC) and put the BTC in a Bitcoin mixer:

Degentraland, a crypto Twitter user, informed their 67,000 followers that it was the “saddest thing” they had seen in the cryptocurrency world to date, adding that if anyone could recover from such a severe hack, “it’s him”:

Meanwhile, Bankless creator Ryan Sean Adams was incensed by the ease with which Rose might be exploited. Adams challenged front-end engineers to step up their game and improve user experience (UX) to avoid similar scams in a tweet on January 25.


Crypto products and NFTs are unregulated and can be highly risky. There may be no regulatory recourse for any loss from such transactions. Crypto is not a legal tender and is subject to market risks. Readers are advised to seek expert advice and read offer document(s) along with related important literature on the subject carefully before making any kind of investment whatsoever. Crypto market predictions are speculative and any investment made shall be at the sole cost and risk of the readers.