A hacker stole more than USD 8 million worth of NXM tokens from the personal wallet of High Karp, the CEO of Defi insurance company Nexus Mutual. As a cost, the price of the token has fallen by 15–20%.
Nexus Mutual CEO falls victim to hackers.
According to a statement from Nexus Mutual, the funds were withdrawn by manipulating Karp’s computer.
The hacker managed to install a fake version of MetaMask on Karp’s computer. As a result, Karp was misled and signed a transaction with his private key that sent the NXM tokens directly to the hacker’s wallet.
The loot amounts to 370,000 NXM, which at the time of the hack was worth 8.2 million US dollars. The hacker has already begun converting the tokens into Ethereum (ETH), with a balance of 354 ETH already converted worth more than 200,000 US dollars.
Nearly half of all tokens are still in his possession. Etherscan has already identified the wallet as “Nexus Mutual Hacker.”
According to Nexus Mutual, Karp uses a hardware wallet. However, the attacker bypassed the protection by replacing the real transaction with his own.
Hardware wallets should shield against this type of attack by requiring confirmation on the device to protect against such manipulation.
The attacker probably went through a KYC on Nexus Mutual 11 days ago. However, the hacker could not be fully identified as the investigation is still ongoing.
Because the real NXM tokens can only be traded after a successful KYC, WNXM can be used instead. It is therefore assumed that the hacker must also have used a false identity at the KYC.
NXM price falls by up to 20%
Since the attack, the NXM price has fallen almost 20%, although the protocol itself was not affected. But NXM stolen in the hacked account is currently in circulation. So it’s no wonder the price has plummeted.
Karp praised the hacker on Twitter for the “very nice trick.” He offered a USD 300,000 bounty to anyone who will get all NXM tokens back.
However, you can see that the hacker has already managed to convert almost half of the WNXM into Ethereum.
Originally published at https://thecryptobasic.com on December 15, 2020.
Check out our new platform 👉 https://thecapital.io/
Post fetched from this article