Kevin gets phished for $2M+ in NFTs

In our humble opinion, hacks like this are a design failure on Ethereum and wallets like Metamask.

Author

The Metadata
January 26, 2023

GM. We're so excited to have you join us for another edition of our NFT newsletter. Today's a good one, we've got lots of exciting content and projects to share. Let's get right into it.

Today we cover:

  • APE spending on the Dookey Dash game

  • Kevin Rose gets phished for $2M+ in NFTs. Don't be like him.

  • New & interesting NFT projects

  • Today's Coolest Tweets

$700,000+ in APE spent on Dookey Dash Game

The above chart shows the dollar value of APE tokens that users have been burned in Yuga Lab's Dookey Dash game over the past 7 days. That's $700,000+ in tokens spent.

It's still tiny compared to games like Candy Crush which see $3M+ in daily in-app purchases. Yet, if you consider it on a per-user basis, it's huge.

(h/t @_ConorMoore for the chart)

Kevin Rose Gets Phished For $2M

πŸ’² What to know: Kevin Rose, the founder of PROOF Collective & Moonbirds, was phished and lost $2M+ in NFTs.

All because he signed a scam transaction on his wallet.

☘️ In the weeds: Here's what he lost (it's heartbreaking πŸ’” ):

  • 1 Autoglyph ($550,000)

  • 25 beautiful Chromic Squiggles (>$600,000)

  • On-chain monkeys, Cool Cats, QQL Mint Pass and more

Thankfully, his most valuable assets were saved through quick action, including his CryptoPunks ($1M - $2M value) and XCOPY 1-of-1 artworks (~$800,000).

According to Kevin's team, it was a piece of social engineering that tricked him into signing something that looked like a legitimate OpenSea transaction. It probably involved creating a valid order consisting of listing all of his NFT assets for 0 ETH.

0xQuit covered the details pretty succinctly:

πŸ€‘ Why it matters: Kevin Rose has been in the Web3 space for a long time as a founder, investor, and collector. He's sophisticated and knowledgeable, definitely not a newbie in the space. If he can get hacked, anyone can β€” including you and us. So it's important never to let your guard down. DCinvestor has some good tips we think everyone should follow:

In our humble opinion, hacks like this are a design failure on Ethereum and wallets like Metamask. It's inexcusable for a user not to be able to see what happens in advance before he signs a transaction. There are tools that can simulate what happens in a transaction (e.g. which assets get transferred) and these should be more readily available to users.

This will continue to be a barrier keeping new people unfamiliar with crypto from entering the space.

New & Interesting NFT Projects

🍿 (Game) Register for WL spot for DigiDaigaku Dragons

🍿 (Art) Something Fishy is launching on Feb 4

🍿 (Game) Sega is launching something? 18 day countdown timer

Today's Coolest Tweets

πŸ₯ Thoughts on brands getting into Web3

πŸ₯ New talented glitch artists to follow

πŸ₯ MagicSwap will be the AMM to beat

πŸ₯ Pranksy is bullish on the Doodles

πŸ₯ Exploiting the Dookey Dash game

πŸ₯ Play Dookey Dash even if you don't have a sewer pass: worth a try

πŸ₯ Adidas launches 3 stripes studio, it's web3 division

That's it for today folks, see you tomorrow. If you want more, follow us on Twitter (@the_metadata). And if you aren't already a subscriber, join us now to get all the daily alpha you need.

We're looking to improve the newsletter and make it as relevant as possible for you. If you have any feedback to share β€” please just reply to this email and let us know. Or even to just say 'Hi'.

Disclaimer: This newsletter is for educational purposes only. None of this is financial or investment advice. It is not a solicitation to buy or sell any assets. Minting and buying NFTs is risky. Please do your own research.