Nexo

Start Earning Up to 16% Interest Automatically

Learn More
Home Ā» Analysis Ā» Nexus Mutual Hacker Now Demanding $2.7 Million Ethereum RansomĀ 

Nexus Mutual Hacker Now Demanding $2.7 Million Ethereum RansomĀ 

by

Despite an on-going investigation by Nexus Mutual and 1inch Exchange, the hacker is still at large. Now heā€™s raising the stakes.Ā 

Nexus Mutual Hacker Now Demanding $2.7 Million Ethereum Ransom 

Key Takeaways

  • On Dec. 14, the Nexus Mutual founder was hacked for $8 million NXM tokens.
  • The KYC-documents, Reddit conversations, and IP tracking unearthed a few clues, but the attacker has been unaffected.
  • Meanwhile, the hacker has laundered nearly $3.2 million and now demands another $2.7 million for the remaining wNXM tokens.

Share this article

The Nexus Mutual hacker sent a direct message to Hugh Karp’s Ethereum address this morning, demanding 4,500 ETH worth ($2.7 million) in exchange for the remaining loot. 

Nexus Mutual Hacker Unloads on DEXes

The price of Nexus Mutual’s NXM tokens has dropped 15% since the hack. The perpetrator now intends to wait for price recovery before unloading the rest. 

Wrapped Nexus Mutual (wNXM) price chart. Source: CoinGecko
Wrapped Nexus Mutual (wNXM) price chart. Source: CoinGecko

While waiting, the hacker has asked the Nexus Mutual founder, Hugh Karp, for a $1.7 settlement to return the remaining loot.

Immediately after the incident on Monday, the attacker converted the KYC-ed NXM tokens to Wrapped NXM (wNXM) on Ethereum, using decentralized exchanges 1inch and Matcha

Later, the perpetrator laundered $2.7 million, converting wNXM to 137 renBTC stored in two addresses

During the 12-hour deadline, Hugh Karp placed on the entity to either return the funds for a $300k bounty or face legal consequences. 

The attacker has displayed a total disregard for Karp’s threats. 

Brave or Stupid? 

Today, the assailant converted another $500,000 wNXM into Ethereum and has paused for price recovery before unloading more. The attacker used Tornado Cash, a privacy tool for masking Ethereum transactions, and 1inch exchange to convert wNXM to ETH. 

The leftover wNXM tokens, worth nearly $4.5 million, are still at the hacker’s disposal. 

So far, the hacker’s KYC documents on Nexus Mutual have revealed a location in Singapore. The IP address, nonetheless, tracked a Japanese site. 

Despite the sophistication in carrying out the attack, the attacker seems to have made a few clumsy mistakes, making them vulnerable to IP address tracking. However, it is also possible that the hacker is using a VPN service to mislead investigators. 

The audacity of the hacker doesn’t indicate any fear of getting caught.  

Share this article

The information on or accessed through this website is obtained from independent sources we believe to be accurate and reliable, but Decentral Media, Inc. makes no representation or warranty as to the timeliness, completeness, or accuracy of any information on or accessed through this website. Decentral Media, Inc. is not an investment advisor. We do not give personalized investment advice or other financial advice. The information on this website is subject to change without notice. Some or all of the information on this website may become outdated, or it may be or become incomplete or inaccurate. We may, but are not obligated to, update any outdated, incomplete, or inaccurate information.

Crypto Briefing may augment articles with AI-generated content created by Crypto Briefingā€™s own proprietary AI platform. We use AI as a tool to deliver fast, valuable and actionable information without losing the insight - and oversight - of experienced crypto natives. All AI augmented content is carefully reviewed, including for factural accuracy, by our editors and writers, and always draws from multiple primary and secondary sources when available to create our stories and articles.

You should never make an investment decision on an ICO, IEO, or other investment based on the information on this website, and you should never interpret or otherwise rely on any of the information on this website as investment advice. We strongly recommend that you consult a licensed investment advisor or other qualified financial professional if you are seeking investment advice on an ICO, IEO, or other investment. We do not accept compensation in any form for analyzing or reporting on any ICO, IEO, cryptocurrency, currency, tokenized sales, securities, or commodities.

See full terms and conditions.