High Karp, Founder of decentralized insurance platform Nexus Mutual, saw his personal address attacked earlier today, following which, he lost funds worth over $8 million. In fact, according to reports, this hack was a targeted personal attack against Hugh’s address by “a member of the mutual.”
In the aforementioned case, the attacker gained remote access to Karp’s computer & modified the metamask extension, tricking him into signing a different transaction that transferred funds to the attacker’s own address.
An initial investigation by Nexus Mutual also revealed that the attacker completed KYC 11 days ago, before switching their membership to a new address on Friday.
To the attacker. Very nice trick, definitely next level stuff.
You'll have trouble cashing out that much NXM.
If you return the NXM in full, we will drop all investigations and I will grant you a $300k bounty.
— Hugh Karp 🐢 (@HughKarp) December 14, 2020
It should be noted, however, that Nexus Mutual itself was not impacted by the hack and its pool of funds, as well as all its systems, remain safe. The protocol is still in the process of investigating how the attacker operated, while also working on identifying the attacker in this case.
Nexus Mutual also stated that it welcomes any assistance to stop the flow of funds since they are likely to move quickly, with the protocol sharing the address in question where the funds are currently being held.
The hacker’s address has been tagged, and an examination of recent transactions on Etherscan showed that the 370,000 NXM tokens worth $8,225,100, at the time of writing, were in the process of being transferred to various addresses by the hacker.
Reportedly, some of the stolen funds are also being exchanged using DEX aggregator, 1inch.exchange.
Unlike other DeFi hacks which usually target the protocol itself, this was an attack against an isolated address and despite the fact that user funds were not affected, it has received a lot of attention from the community.
Nexus Mutual CEO's account has been drained, $8m worth of NXM (5% of the total supply). And the attacker is starting to sell using @1inchExchange
(a decentralized exchange).
There is no easy way to short NXM, but $8m is too much selling pressure, it can destroy NXM's price. https://t.co/KiDbdIcqAP
— Raúl Marcos (@raulmarcosl) December 14, 2020
Subscribe to our Newsletter