VERDICT —OUT OF SCOPE
Root cause is phishing — victims signed malicious transactions or approvals off-protocol. Contract logic was not the failure surface; user-side wallet hygiene was. Pre-deployment audit cannot catch this class.
▰ METHOD
PHISHING
PHISHING
Root cause
Root-cause analysis not yet published. The incident description below contains all currently available signal — review the attack transaction directly for definitive forensics.
Forensic narrative
Kevin Rose, the founder of the NFT project Moonbirds, tweeted that his personal wallet was hacked and 25 Chromie Squiggles and other NFTs were lost, with an estimated loss of more than $1 million. Arran Schlosberg, vice president of engineering at Proof Collective, said their NFTs are safe after Kevin Rose was hacked and lost $1 million. Schlosberg said the phishing attack tricked Rose into signing a malicious signature, and the hackers then transferred his valuable NFT. Attack method (per SlowMist): Phishing Attack. Reported loss: $ 1,000,000.
Primary source
https://www.theblock.co/post/205606/moonbirds-creator-kevin-rose-hacked-at-least-1-million-in-nfts-stolen ↗Sourced from
slowmist
Technical record
- chain
- —
- protocol
- Kevin Rose
- bug_class
- phishing
- date_occurred
- 2023-01-26
- loss_usd
- $1,000,000
- source_id
- sm:kevin-rose::2023-01-26
Related — same bug class· phishing