An unknown attacker stole over $8 million worth of NXM tokens from Hugh Karp, the founder of DeFi insurer Nexus Mutual.
Data from Etherscan showed that a total of 370,000 NXM tokens, worth around $8.25 million, were transferred from Karp’s address to one owned by the malicious actor. According to the company’s announcement, only Karp’s personal address was targeted this morning. The attack posed no risk to Nexus Mutual or any of its members.
The hack wasn’t an exploit of a protocol bug, but a targeted attack on Karp’s personal device.
Nexus Mutual said that the attacker gained remote access to its founder’s computer and modified the MetaMask extension on his browser. This enabled him to create a spoof transaction that popped up while Karp was performing an unrelated action in MetaMask.
“I subsequently approved it, thinking it was the transaction I was intending to conduct. Instead, it was transferring NXM to their wallet,” he explained.
Karp added that his private keys are still secure, as the hacker didn’t manage to access them.
While the identity of the attacker is still unknown, Nexus Mutual revealed that they completed the company’s know-your-customer (KYC) process on 3 December. However, the attackers switched their membership to a new address immediately after.
The company said that it had launched an investigation to identify the hacker. 1inch.exchange, a decentralized exchange aggregator used to move some of the stolen funds, offered to assist with the investigation.
Karp offered a $300,000 bounty to the attacker if they returned the stolen NXM tokens, adding that the company was willing to drop all investigations into the hack.