An unknown attacker stole $ 8 million from the personal wallet of Hugh Karp, CEO of DeFi Nexus Mutual.
According to an announcement by Nexus Mutual, he lost money on Monday morning UTC due to the hacking of his personal Karp device. The hacker allegedly managed to create a compromised copy of MetaMask, which tricked Karp into signing a transaction that redirected all of his NXM tokens to an address controlled by the attacker.
The stolen value is 370,000 NXM valued at $ 8.2 million per press release. Hackers have already started converting tokens into Ether, and the total balance is 354 ETH with a value over $ 200,000.
According to Nexus Mutual, Karp used a hardware wallet. However, the attacker circumvented the protection by replacing the legitimate transaction with one of his own. Some hardware wallets must provide protection against this type of attack by requiring confirmation on the device itself, as the screen must be protected from this type of hacking.
The attacker was a member of a joint venture and received confirmation from a customer 11 days ago. However, the identity of the attacker has not been fully confirmed, and an investigation is still ongoing. To receive NXM tokens, the attacker must be a certified subscriber, although the Nexus Mutual Community Manager told Cointelegraph they are “acting on the assumption that [the hacker] may have committed an identity fraud.”
NXM code has shrunk by 17% since the attack, although the protocol itself has not been affected. However, the NXM leak accounts for nearly 6% of all tokens in circulation, which could lead to significant price pressure.
Karp later continued to lead with his “very nice trick”. He offered a $ 300,000 bonus and ignored all codes for returning codes, arguing that the hacker would have trouble converting NXM into more liquid forms of money.