The protocol is safe, but its founder lost his stash of 6% of all tokens.
An unknown attacker stole $8 million from the personal wallet of Hugh Karp, the CEO of DeFi coverage platform Nexus Mutual.
According to a disclosure by Nexus Mutual, the funds were drained on Monday morning UTC by compromising Karp’s personal device. The hacker reportedly managed to install a compromised version of MetaMask that tricked Karp into signing a transaction that redirected all his NXM tokens to an attacker-controlled address.
The loot amounts to 370,000 NXM, worth $8.2 million as of press time. The hacker already began converting the tokens to Ether (ETH), with a total balance of 354 ETH worth more than $200,000.
According to Nexus Mutual, Karp was using a hardware wallet. However, the attacker circumvented the protection by replacing a legitimate transaction with his own. Some hardware wallets should provide protection against these types of attack by requiring a confirmation on the device itself, where the display should be protected against this form of tampering.
The attacker was a member of the mutual, having passed know-your-client verification 11 days ago. The attacker was not fully identified though, with investigations still pending. The attacker needed to be a verified member of the mutual in order to receive NXM tokens, though a Nexus Mutual community manager told Cointelegraph that they are “working on the assumption that [the hacker] could have committed identity fraud.”
The NXM token dropped 17% since the attack occurred, although the protocol itself was not affected. Nonetheless, the NXM stolen in the hack amounts to approximately 6% of all tokens in circulation, which could pose significant downward pressure on price.
Karp later complemented the attacker for performing a “very nice trick.” He offered a $300,000 bounty and dropping all charges in exchange for returning the tokens, arguing that the hacker would have trouble in converting the NXM into more liquid forms of money.
Source: , CoinTelegraph
Articles listed with Cash Tech News as the author are either general information, or may have been imported from another website, to bring our readers a rich media experience that encompasses articles that we find interesting, as well as those curated by others.
The views and opinions expressed here are for informational purposes only, and should not be confused with professional financial advice. These opinions are solely those of the author and do not necessarily reflect the views of CashTechNews.com. Every investment and trade involves risk. You should conduct your own research, and contact your professional financial advisor before making any investment.
Corrections, feedback, and ideas should be submitted through the website contact form.