The protocol is safe, but its founder lost his stash of 6% of all tokens.
An unknown attacker stole $8 million from the personal wallet of Hugh Karp, the CEO of DeFi coverage platform Nexus Mutual.
According to a disclosure by Nexus Mutual, the funds were drained on Monday morning UTC by compromising Karp’s personal device. The hacker reportedly managed to install a compromised version of MetaMask that tricked Karp into signing a transaction that redirected all his NXM tokens to an attacker-controlled address.
The loot amounts to 370,000 NXM, worth $8.2 million as of press time. The hacker already began converting the tokens to Ether (ETH), with a total balance of 354 ETH worth more than $200,000.
According to Nexus Mutual, Karp was using a hardware wallet. However, the attacker circumvented the protection by replacing a legitimate transaction with his own. Some hardware wallets should provide protection against these types of attack by requiring a confirmation on the device itself, where the display should be protected against this form of tampering. Nevertheless, the exact specifics of the attack are as of yet unclear, and Nexus Mutual did not immediately return a request for comment.
The attacker was a member of the mutual, having passed know-your-client verification 11 days ago. The attacker was not fully identified though, with investigations still pending. According to Nexus Mutual, this was a targeted attack at Karp.
The NXM token dropped 17% since the attack occurred, although the protocol itself was not affected. Nonetheless, the NXM stolen in the hack amounts to approximately 6% of all tokens in circulation, which could pose significant downward pressure on price.
Karp later complemented the attacker for performing a “very nice trick.” He offered a $300,000 bounty and dropping all charges in exchange for returning the tokens, arguing that the hacker would have trouble in converting the NXM into more liquid forms of money.