DeFi Protocol Founder Nexus Mutual Hacked: $ 8M Stolen
The protocol itself is secure, but the founder has lost all of his tokens, which total 6 percent of the amount in circulation.
A hacker stole $ 8 million from the private wallet of Hugh Karp, CEO of DeFi platform Nexus Mutual
According to a statement from Nexus Mutual, the money was stolen Monday by a hack attack on Karp’s personal device. The hacker was able to install a fake version of MetaMask, through which Karp approved a transaction that diverted all of its NXM tokens to an address controlled by the attacker.
The amount stolen is NXM 370,000. At press time, these were worth about $ 8.2 million. The hacker is already converting the tokens into ether ( ETH ). So far that’s 354 ETH worth more than $ 200,000.
According to Nexus Mutual, Bitcoin Compass used a hardware wallet. However, the attacker was able to bypass the protection by replacing a legitimate transaction with his own. Some hardware wallets should offer protection against this type of attack by requiring confirmation on the device itself. The display should be protected against this form of manipulation.
The attacker was a Mutual member and passed through identity verification 11 days ago
However, the attacker has not been fully identified and the investigation is still ongoing. The attacker had to be a verified mutual member in order to receive NXM tokens. A Nexus Mutual manager told Cointelegraph that they „believe the hacker may have committed identity fraud“.
The NXM token has fallen 17 percent since the attack, even though the protocol itself was not affected. Nevertheless, around 6 percent of all NXM tokens in circulation were stolen in the hack. That could put significant downside pressure on the price.
Karp later complimented the attacker on his „very nice trick“. He offered a bounty of $ 300,000 and no legal consequences in exchange for returning the tokens. He argued the hacker would have a hard time converting the NXM into more liquid forms of money.