Kevin Rose, the CEO and founder of Proof, fell victim to an apparent phishing attack, with his hacked wallet estimated to have held rare NFTs worth millions. After the theft, Rose worked with OpenSea to ensure the stolen NFTs can’t be sold on its marketplace, but they can still be sold on another platform. His wallet is said to have lost 40 NFTs on Wednesday, with data on NFT marketplace OpenSea showing the assets were transferred to the attacker’s wallet. Rose confirmed the hack in a late Thursday tweet, saying he would share details soon as a cautionary heads-up. He may have lost assets upwards of $1.4 million including NFTs from collections like Autoglyph, QQL Pass, Cool Cats, Damien Hirst’s The Currency, Admit One and OnChainMonkey, according to nft now. In a Twitter thread, Proof’s VP of Engineering Arran Schlosberg broke down what exactly went down. He said Rose was tricked into signing a malicious signature that allowed the hacker to gain access to high-value tokens. Schlosberg didn’t mention what Rose thought he was signing, but the single misstep appears to have given the hacker his wallet credentials. “This was a classic piece of social engineering, tricking KRO into a false sense of security. The technical aspect of the hack was limited to crafting signatures accepted by OpenSea’s marketplace contract,” Schlosberg wrote.
Read more : Lessons From Proof Founder Kevin Rose’s $1.4M NFT Phishing Experience.