Caution or safety? Many scammers are proliferating in the cryptocurrency environment. The latter is waiting for the slightest error in order to try to do so Stealing your property. The Moonbird co-founder found out the hard way after losing $1.1 million in… NFT.
$1.1 million stolen in a phishing attack
25 January, Kevin Roseknown for co-founding the NFT Moonbird project, announced on Twitter that it was the target of an attack.
“I just got hacked, stay tuned for details – please avoid buying squiggles until the thefts are reported (I just lost 25) + a few NFTs (automatic). »
According to the first analyzes performed on the series, At least 35 different NFTs from Kevin Rose. Among them we find:
- Autoglyph NFT is worth around 345 ETH;
- 25 NFT artifacts with a total value of 332.5 ETH;
- 9 OnChainMonket worth 7.2 ETH.
Total amount stolen: 684.7ETH, it’s a $1.1 million in NFTs.
Kevin Rose should shed more light on the situation during his live broadcast in order to trace the stages of his mischievous adventure.
>> Need encryption for your first NFTs? Sign up on Binance and save 10% on fees (trade link) <
Phishing Attack: The Immortal Method
Soon after its initial announcement, several cryptocurrencies specializing in on-chain analysis looked into the case.
Hence, the Internet user Aran to me has been confirmed thesisPhishing attack. In fact, it appears that Kevin Rose signed a malicious signature that allowed the hacker to transfer a portion of his NFTs.
“This is a classic case of social engineering, tricking Kevin Rose into giving him a false sense of security. The technical side of the hack was limited to generating signatures that were accepted under an OpenSea marketplace contract.”
Shortly after losing the NFTs, Kevin Rose and company reported the offending site so it could be It is blocked by MetaMask To protect other users.
according to 0xQuitSpecifically, this attack can be carried out thanks to the OpenSea method Harbor Works.
“The site can easily read the contents of your wallet and create a valid order consisting of all your assets (certified by OpenSea) on the supply side and nothing on the counterparty side. Then all you have to do is sign it to make it valid.”
Unfortunately, Kevin Rose doesn’t seem to be the only one who fell for this hacker’s trap. Indeed, a few hours after the first announcements ZachXBT He revealed that earlier today another user was hacked by the attacker. Then he managed to steal 75 ETH in NFT.
Unfortunately, this type of attack is not going away. In fact, hackers will continue to take advantage of flaws, whether they are human or in the code. however, It is possible to combat it by educating the users.
Hacks are unfortunate risks, but they are not inevitable. Need peace of mind for your cryptocurrency? Register quickly on the Binance platformSave 10% on your trading fees by following this link (Trading Link).