The crypto world still feels like the Wild West at times, especially when even seasoned Web3 creators and NFT collectors fall victim to exploits that typically claim less-experienced traders. That happened again Wednesday afternoon as Kevin Rose, co-founder of Moonbirds creator Proof, said that his Ethereum wallet was “hacked” after valuable assets were swiped.
A total of 40 NFTs were apparently taken from his krovault.eth wallet early Wednesday afternoon, including about 25 Chromie Squiggles from the Art Blocks project, as well as a valuable Autoglyphs NFT from original CryptoPunks creator Larva Labs. Rose confirmed the event via a tweet soon after speculation began circulating on Twitter.
“I was just hacked, stay tuned for details,” he tweeted. “Please avoid buying any Squiggles until we get them flagged (just lost 25) + a few other NFTs (an Autoglyph).”
I was just hacked, stay tuned for details - please avoid buying any squiggles until we get them flagged (just lost 25) + a few other NFTs (an autoglyph) ...
— KΞVIN R◎SE (,🦉) (@kevinrose) January 25, 2023
Public wallet data displayed via the OpenSea marketplace shows that Rose apparently began transferring some of his most valuable NFTs out of the krovault.eth wallet and into another wallet soon after the attack ceased, including CryptoPunks and works by pseudonymous artist XCOPY.
The stolen assets have since been flagged by OpenSea, which means that they cannot currently be sold on that particular marketplace. However, that does not limit the ability to transfer the NFTs or try to sell them via another platform.
The hacker swiped at least a million dollars’ worth of NFTs, based on the current floor price (or cheapest-listed NFT) from the most notable collections, although some of the individual NFTs may be valued much higher than the floor price.
The Chromie Squiggles floor price is currently 13.3 ETH, for example, or about $20,715 each. Rose lost 25 of them in the attack. Buying an Autoglyph would currently set someone back 315 ETH on OpenSea, or about $491,000 worth.
As the name implies, Rose’s krovault.eth wallet is supposed to be his vault for locking down his high-value assets—likely a "cold" or hardware wallet. It’s described as such on his OpenSea profile, which displays the phrase, “Locked down wallet.” Rose may have connected the wallet to OpenSea and fallen victim to an attack.
In a postmortem thread shared this afternoon, Proof VP of Engineering Arran Schlosberg wrote that Rose was "phished into signing a malicious signature that allowed the hacker to transfer a large number of high-value tokens."
"This was a classic piece of social engineering, tricking [Rose] into a false sense of security," he continued. "The technical aspect of the hack was limited to crafting signatures accepted by OpenSea's marketplace contract."
1/ This was a classic piece of social engineering, tricking KRO into a false sense of security. The technical aspect of the hack was limited to crafting signatures accepted by OpenSea's marketplace contract.
— Arran (@divergencearran) January 25, 2023
Schlosberg added that Proof's own assets were unaffected, and that Rose and team are in contact with the anti-fraud teams from OpenSea and hardware wallet maker Ledger and "are considering all avenues, including legal."
Decrypt reached out to Rose for further details soon after the attack, but did not hear back.
Pseudonymous blockchain sleuth ZachXBT tweeted that the same wallet that fleeced Rose for his NFTs apparently stole 75 ETH (about $121,000 worth) from another victim earlier on Wednesday. They wrote that the attacker converted the stolen ETH into Bitcoin and then put it through a coin mixer service to obscure the movement of the funds.
Editor's note: This article was updated after publication to include new information.