DeFi hacker captures 8 million US dollars

Nexus Mutual was created to protect DeFi investors against hacks. Now the platform’s CEO has himself become the victim of an attack.

A spectacular hack is causing a stir in the DeFi space. The team at DeFi platform Nexus Mutual announced the theft of 370,000 NXM via tweet on December 14. The platform-owned tokens came from a private wallet belonging to Nexus CEO Hugh Karp. As of Monday, their value was equivalent to $8.2 million.

Nexus Mutual acts as a community solution to mitigate risk in the DeFi sector. Investors can secure their smart contracts against hacks and bugs there. So the recent attack is not without a certain irony. Meanwhile, the Nexus Mutual team assured that user deposits were not affected by the attack.

Hacker was cunning

Apparently, the attacker gained access to Karp’s device. There, he installed a modified variant of the wallet service MetaMask. Although Karp stored his tokens in a hardware wallet, the hacker was able to get him to confirm a transaction that sent all of his NXM tokens to the attackers.

Meanwhile, what’s explosive is that only registered Nexus Mutual users are able to obtain NXM tokens and convert them to the freely exchangeable wrapped NXM (wNXM) variant. Thus, the hacker must have gone through the platform’s know-your-customer procedure. Since his identity is still not established, identity theft thus does not seem to be ruled out. Karp and his team are working with investigative authorities. There are indications that he was able to establish the IP of the attacker.

4,500 ether as ransom

Already on Monday, Karp had congratulated the hacker on his dubious success. In a tweet, he promised a reward of $300,000 and the waiver of charges in return for the return of the tokens.

However, the hacker is pursuing other plans. US$2.7 million is said to have already been laundered, according to transaction data. In a Dec. 16 message embedded in the input data of an Ether transaction, he demands US$3 million as ransom for the remaining tokens:

Hi Hugh. I will not sell wNXM again until wNXM recovers its value or you send me 4.5k ETH. If you need any kind of negotiation with me, send a msg [message] to my eth address.

As a result of the hack, the wNXM price had been tumbling for the past few days. The sudden sell off of such a large amount of the tokens could send the price even further towards zero.