In what may have been a phishing attack, Rose lost a total of 40 NFTs, one of which was an Autoglyphs NFT worth almost $500,000.
At times, the crypto market still like the Wild West, especially when even seasoned Web3 creators and NFT collectors fall victim to exploits that generally target inexperienced traders. This happened again on Wednesday afternoon when Kevin Rose, co-founder of Moonbirds creator Proof, claimed that his Ethereum wallet had been “hacked” and precious assets had been stolen.
What about the NFTs that were taken?
A total of 40 NFTs were supposedly taken from his krovault.eth wallet in the early hours of Wednesday, comprising around 25 Chromie Squiggles from the Art Blocks project as well as a valuable Autoglyphs NFT from original CryptoPunks creator Larva Labs. Rose confirmed the event through a tweet right after speculations started to circulate on Twitter.
I was just hacked, stay tuned for details – please avoid buying any squiggles until we get them flagged (just lost 25) + a few other NFTs (an autoglyph) …
— KΞVIN R◎SE (, ) (@kevinrose) January 25, 2023
Public wallet data shown on the OpenSea marketplace shows that Rose moved some of his most valuable NFTs out of the krovault.eth wallet and into another wallet soon after the attack ended. These included CryptoPunks and works by the anonymous artist XCOPY.
OpenSea has since marked the stolen assets, meaning they cannot currently be sold on that particular marketplace. Nevertheless, this does not limit the ability to transfer or sell NFTs on another platform.
The hacker swiped at least a million dollars’ worth of NFTs, based on the current floor price from the most important collections, though some of the NFTs may be worth much more than the floor price.
At the moment, the floor price for Chromie Squiggles is 13.3 ETH, which is about $20,715 each. In the attack, Rose lost 25 of them. On OpenSea, it would cost 315 ETH, or about $491,000, to buy an Autoglyph right now.
As the name implies, Rose’s krovault.eth wallet is a vault for securing his high-value assets; it is most likely a “cold” or hardware wallet. This is indicated on his OpenSea profile, which displays the term “Locked wallet.” Rose may have connected the wallet to OpenSea and fallen victim to an attack or been attacked by a previously unknown exploit.
How did Twitter users react?
Cirrus, a pseudonymous Web3 developer at studio Wumbo Labs, tweeted that the vulnerability may be associated with a phishing effort that led to Rose signing a bundled transaction that resulted in the loss of 40 NFTs from his wallet. Due to the fact that CryptoPunks cannot be exchanged on OpenSea, they would not be affected.
0/ Earlier this evening @kevinrose was phished into signing a malicious signature that allowed the hacker to transfer a large number of high-value tokens. Here is a breakdown of what happened, our immediate response, and our ongoing efforts…
— Arran (@divergencearran) January 25, 2023
Foobar, a pseudonymous Web3 developer, tweeted that the attack appears to be related to previous approvals given to the OpenSea marketplace to permit transfers of Rose’s assets, but that a signature is still required to complete the transaction. He estimated that the NFT losses were closer to $2 million.
“The #1 thing to do is wallet siloing,” Foobar added. “Kevin Rose had approved OpenSea to move any and all of his NFTs, which means one malicious signature was all it took. Moving assets from your vault to a separate ‘selling’ wallet before listing on NFT marketplaces will prevent this.”