Would be curious what @aman @scharf think happened with the Kevin Rose hack?

making data useful with AI. Previously built @stelo to keep you safe from phishing 
benscharfstein.twitter
https://nf.td/ben

co-founder stelo.com. theoretical cs phd dropout. into math, music, ml, macro, markets, surfing, writing amandhesi.net

Would be curious what @aman @scharf think happened with the Kevin Rose hack?

https://twitter.com/0xquit/status/1618335012176400384?s=46&t=EDpYmItVCL0dWiilP6A4TA

It was a seaport bulk listing attack - Kevin signed a gasless signature that sold all his NFTs for 0ETH to the attacker. The attacker then submitted the signature to the Seaport contract and that executed the "sale". We're in the process of recreating the original signature and writing a post-mortem

Naive question: is this a gasless signature as well?

Feels like thinking that since there's no transaction confirmation it's OK to sign? https://i.imgur.com/tAgs4hY.png

Yeah, this is a big problem. Can also happen with meta-transactions where the user just signs an off-chain sig for “gasless”