Cryptocurrency
DeFi
Exchanges
Stablecoins
NFTs
Wallets
Bitcoin
Ethereum
Tokens
ICOs
IEOs
Technology
Crypto
Banking
Supply Chain
Security
Healthcare
Mining
AI
Advertising
Gaming
Retail
Education
Analytics
Hosting
Business
Partnerships
Investments
Adoption
Acquisitions
Conferences
IPOs
Legal
Lawsuits
Patents
Politics
Fraud
Research
Guides
Opinion
Cryptocurrency
Technology
Business
Legal
Politics
Fraud
Research
Guides
Opinion
The Chain Bulletin logo

Over $8 Million in NXM Stolen From Founder of Nexus Mutual

  • An unknown attacker stole 370,000 NXM from Hugh Karp, the founder of Nexus Mutual.
  • The company said this was targeted attack and no user funds were affected.
by Andjela Radmilac December 14, 2020, 4:42 PM

Image from Shutterstock

An unknown attacker stole over $8 million worth of NXM tokens from Hugh Karp, the founder of DeFi insurer Nexus Mutual.

Data from Etherscan showed that a total of 370,000 NXM tokens, worth around $8.25 million, were transferred from Karp’s address to one owned by the malicious actor. According to the company’s announcement, only Karp’s personal address was targeted this morning. The attack posed no risk to Nexus Mutual or any of its members.

The hack wasn’t an exploit of a protocol bug, but a targeted attack on Karp’s personal device.

Nexus Mutual said that the attacker gained remote access to its founder’s computer and modified the MetaMask extension on his browser. This enabled him to create a spoof transaction that popped up while Karp was performing an unrelated action in MetaMask.

“I subsequently approved it, thinking it was the transaction I was intending to conduct. Instead, it was transferring NXM to their wallet,” he explained.

Karp added that his private keys are still secure, as the hacker didn’t manage to access them.

While the identity of the attacker is still unknown, Nexus Mutual revealed that they completed the company’s know-your-customer (KYC) process on 3 December. However, the attackers switched their membership to a new address immediately after.

The company said that it had launched an investigation to identify the hacker. 1inch.exchange, a decentralized exchange aggregator used to move some of the stolen funds, offered to assist with the investigation.

Karp offered a $300,000 bounty to the attacker if they returned the stolen NXM tokens, adding that the company was willing to drop all investigations into the hack.

Discussion
Related Coverage
Sam Bankman-Fried Found Guilty on All Charges
  • The New York Jurors took 4 fours of deliberating before pronouncing the former FTX CEO guilty of all seven charges of fraud and conspiracy to commit fraud.
  • Bankman-Fried will now have to appear in court on 28 March, 2024, where he will face a potential maximum sentence of 115 years in prison.
November 3, 2023, 8:54 AM
sbf

Former CEO of FTX Sam Bankman-Fried leaves the Federal Court in New York after pleading not guilty, 3 January, 2022.
lev radin/Shutterstock

Unibot to Compensate Users Affected by Exploit
  • Popular Telegram bot Unibot, which is used to snipe trades on Uniswap, became a victim of a token approval exploit earlier today, when it was switching to a new router.
  • After confirming the exploit, Unibot assured users that their keys and wallets were safe, and that the project will compensate all affected users.
DoJ Requests SBF’s Expert Witnesses be Barred From Testifying
  • The U.S. Department of Justice has expressed its concerns over Sam Bankman-Fried’s seven expert witnesses, and requested they be barred from testifying on the case.
  • The DoJ claimed most of the proposed experts lacked the necessary foundation for their opinions, making them unqualified to be an expert witness.