Nexus Mutual Founder Loses $8 Million in MetaMask Attack
The founder of Nexus Mutual has been hacked for $8 million in a “targeted personal attack.”
- Hackers gained remote access to Hugh Karp’s computer and modified a crypto wallet extension.
- The fake Metamask extension duped Karp into sending $8 million NXM to the attackers’ address.
- Karp offered a $300,000 bounty if the attacker returned the funds.
Share this article
Hackers have drained $8 million in NXM tokens from Nexus Mutual founder Hugh Karp. While Karp is confident of catching the culprits, hackers are already converting the stolen funds on a decentralized exchange.
Nexus Mutual Identifies Two Leads
At 9: 45 am UTC, a confirmed Ethereum smart contract transaction transferred 370,000 NXM to another KYC-ed wallet NXM wallet.
Nexus Mutual instantly flagged the transaction, claiming it to be a remote access attack on Hugh Karp’s personal computer. Reportedly, the attackers changed a Metamask extension and tricked Karp into approving the transfer.
Both Nexus Mutual and MetaMask are secure; only Karp has been affected.
Thanks to the KYC compliance needed to join the protocol, the Nexus Mutual team is confident that they will identify the attacker.
Indeed, their investigation has already revealed the KYC details of the receiving address 11 days ago. Later, the registered member changed the associated Ethereum address to a new one. They have also offered the attacker a $300,000 settlement if they return the funds.
To the attacker. Very nice trick, definitely next level stuff.
You'll have trouble cashing out that much NXM.
If you return the NXM in full, we will drop all investigations and I will grant you a $300k bounty.
— Hugh Karp 🐢 (@HughKarp) December 14, 2020
The team has two leads as to the attacker’s identity already.
The funds are currently being exchanged via 1inch Exchange and are trackable on Ethereum. If the hacker attempts to withdraw fiat from a centralized exchange like Binance or Coinbase, they will likely be identified.