Nexus Mutual’s CEO personal wallet hacked over $8m worth of NXM Tokens

December 16, 2020

MCP News Free

Nexus Mutual’s CEO personal wallet hacked over $8m worth of NXM Tokens

The DeFi founder, Hugh Karp, yesterday, suffered a massive blow to his personal account after a supposed member of his company stole 370,000 NXM tokens worth over 8 million dollars.

The firm disclosed the saddening news in a tweet on Monday afternoon.

The attacker gained remote access to Karp’s personal computer and modified the metamask wallet extension, thereby tricking the CEO into signing off a transaction that deceptively redirected $8 milion worth of NXM tokens to his address.

The report given by Nexus Mutual further revealed that the attacker initially completed the Know Your Client (KYC) 11days ago before switching to a new address for the attack on Thursday.

Now with all eyes on him, Hugh tweeted

It is worth noting that the attack had no direct intentions of harming the company. Its funds, systems, and security protocols remain safe, and investigations are underway to identify the attacker and trace his route of operation.

Nexus Mutual has invited assistance from the community to stop the flow of funds from the attacker’s address that is tagged. However, current speculations assert that the attacker has started selling via Decentralized Exchange aggregator, 1inch.exchange.

Since the attack news broke out, the price of wrapped NXM tokens has declined by 17% to around 16.66 USDT on Huobi. The tokens stolen in the attack are about 6% of the entire lot in circulation. With its significance in the market, the theft could pose a downward spiral in NXM prices.

The attacker has already started converting the NXM tokens to Ether and cumulatively holds about $200,000. If they decide to withdraw from a centralized exchange platform such as Binance or Coinbase, they would likely be identified and caught.

From Hugh’s tweet, he seems pretty familiar with the hurdles the attacker has to go through to cash that much NXM and offers a bounty if the tokens are returned.

Hugh’s offer to ‘reward’ the attacker has been frowned upon in the industry since it may incite more similar attempts instead of discouraging the act altogether.