An unknown attacker siphoned from the personal wallet of Nexus Mutual founder Hugh Karp more than $8 million in native NXM tokens.
At 9:40am this morning @HughKarp‘s personal address was attacked and drained by a member of the mutual. Only Hugh’s address was affected in this targeted attack and there is no subsequent risk to Nexus Mutual or any members.https://t.co/72nrIDpKW6
— Nexus Mutual 🐢 (@NexusMutual) December 14, 2020
Nexus Mutual explained that the hacker managed to install on Karp’s personal computer a compromised version of the MetaMask application, which deceitfully forced him to confirm the transaction.
As a result, 370,000 NXM stored in the wallet (about $8.22 million at the time of writing) were transferred in a single transaction to an address controlled by the attacker. He is a member of the mutual-insurance society and completed the KYC process 11 days ago.
The Nexus Mutual team assured that the protocol itself was not harmed and user funds remain safe. It is continuing the investigation and has not yet been able to identify the hacker.
According to data from Etherscan, he has already begun converting the tokens into Ethereum (ETH). The stolen NXM account for about 5.5% of the total supply.
Data: Etherscan.
Hugh Karp contacted the attacker via Twitter, calling the hack “a very good trick”. He emphasised that cashing out such an amount of NXM would be problematic, and offered a $300,000 bounty and the end to the investigation in return for returning the funds.
To the attacker. Very nice trick, definitely next level stuff.
You’ll have trouble cashing out that much NXM.
If you return the NXM in full, we will drop all investigations and I will grant you a $300k bounty.
— Hugh Karp 🐢 (@HughKarp) December 14, 2020
Earlier in November, an unknown moved about $19.76 million from the DeFi protocol Pickle Finance’s smart contract. An expert described the hack as highly sophisticated and well-planned.
Subscribe to ForkLog news on Telegram: ForkLog Feed — the full news feed, ForkLog — the most important news and polls.