Nexus Mutual Hacker Now Demanding $2.7 Million Ethereum RansomĀ 

Nexus Mutual Hacker Now Demanding $2.7 Million Ethereum RansomĀ 

Despite an on-going investigation by Nexus Mutual and 1inch Exchange, the hacker is still at large. Now heā€™s raising the stakes.Ā 

Share

Add us on Google
by Nivesh Rustgi | Powered by Gloria

The Nexus Mutual hacker sent a direct message to Hugh Karpā€™s Ethereum address this morning, demanding 4,500 ETH worth ($2.7 million) in exchange for the remaining loot.Ā 

Nexus Mutual Hacker Unloads on DEXes

The price of Nexus Mutual’s NXM tokens has dropped 15% since the hack. The perpetrator now intends to wait for price recovery before unloading the rest.Ā 

Wrapped Nexus Mutual (wNXM) price chart. Source: CoinGecko
Wrapped Nexus Mutual (wNXM) price chart. Source: CoinGecko

While waiting, the hacker has asked the Nexus Mutual founder, Hugh Karp, for a $1.7 settlement to return the remaining loot.

Immediately after the incident on Monday, the attacker converted the KYC-ed NXM tokens to Wrapped NXM (wNXM) on Ethereum, using decentralized exchanges 1inch and Matcha.Ā 

Later, the perpetrator laundered $2.7 million, converting wNXM to 137 renBTC stored in two addresses.Ā 

During the 12-hour deadline, Hugh Karp placed on the entity to either return the funds for a $300k bounty or face legal consequences.Ā 

The attacker has displayed a total disregard for Karpā€™s threats.Ā 

Brave or Stupid?Ā 

Today, the assailant converted another $500,000 wNXM into Ethereum and has paused for price recovery before unloading more. The attacker used Tornado Cash, a privacy tool for masking Ethereum transactions, and 1inch exchange to convert wNXM to ETH.Ā 

The leftover wNXM tokens, worth nearly $4.5 million, are still at the hackerā€™s disposal.Ā 

So far, the hacker’s KYC documents on Nexus Mutual have revealed a location in Singapore. The IP address, nonetheless, tracked a Japanese site.Ā 

Despite the sophistication in carrying out the attack, the attacker seems to have made a few clumsy mistakes, making them vulnerable to IP address tracking. However, it is also possible that the hacker is using a VPN service to mislead investigators.Ā 

The audacity of the hacker doesnā€™t indicate any fear of getting caught.Ā Ā 

ANALYSIS

Nexus Mutual Hacker Now Demanding $2.7 Million Ethereum RansomĀ 

Nexus Mutual Hacker Now Demanding $2.7 Million Ethereum RansomĀ 

Despite an on-going investigation by Nexus Mutual and 1inch Exchange, the hacker is still at large. Now heā€™s raising the stakes.Ā 

by Nivesh Rustgi | Powered by Gloria

Share

Add us on Google

The Nexus Mutual hacker sent a direct message to Hugh Karpā€™s Ethereum address this morning, demanding 4,500 ETH worth ($2.7 million) in exchange for the remaining loot.Ā 

Nexus Mutual Hacker Unloads on DEXes

The price of Nexus Mutual’s NXM tokens has dropped 15% since the hack. The perpetrator now intends to wait for price recovery before unloading the rest.Ā 

Wrapped Nexus Mutual (wNXM) price chart. Source: CoinGecko
Wrapped Nexus Mutual (wNXM) price chart. Source: CoinGecko

While waiting, the hacker has asked the Nexus Mutual founder, Hugh Karp, for a $1.7 settlement to return the remaining loot.

Immediately after the incident on Monday, the attacker converted the KYC-ed NXM tokens to Wrapped NXM (wNXM) on Ethereum, using decentralized exchanges 1inch and Matcha.Ā 

Later, the perpetrator laundered $2.7 million, converting wNXM to 137 renBTC stored in two addresses.Ā 

During the 12-hour deadline, Hugh Karp placed on the entity to either return the funds for a $300k bounty or face legal consequences.Ā 

The attacker has displayed a total disregard for Karpā€™s threats.Ā 

Brave or Stupid?Ā 

Today, the assailant converted another $500,000 wNXM into Ethereum and has paused for price recovery before unloading more. The attacker used Tornado Cash, a privacy tool for masking Ethereum transactions, and 1inch exchange to convert wNXM to ETH.Ā 

The leftover wNXM tokens, worth nearly $4.5 million, are still at the hackerā€™s disposal.Ā 

So far, the hacker’s KYC documents on Nexus Mutual have revealed a location in Singapore. The IP address, nonetheless, tracked a Japanese site.Ā 

Despite the sophistication in carrying out the attack, the attacker seems to have made a few clumsy mistakes, making them vulnerable to IP address tracking. However, it is also possible that the hacker is using a VPN service to mislead investigators.Ā 

The audacity of the hacker doesnā€™t indicate any fear of getting caught.Ā Ā