Thief Steals USD 8.2m From Nexus Mutual Founder in a 'Targeted Attack'
There's been another theft in the Cryptoverse - this time a 'personal' one, as attackers have taken more than USD 8.2m from the account of Hugh Karp, the founder of decentralized finance (DeFi) insurance protocol Nexus Mutual.
Nexus Mutual announced the news in a Twitter post today, stating that Karp's "personal address was attacked and drained by a member of the mutual." They stated that only this particular address was affected in "this targeted attack and there is no subsequent risk to Nexus Mutual or any members," adding that "the mutual is not impacted; the pool of funds and all systems are safe."
According to the transaction details, NXM 370,000 was taken, worth some 8.25m. Per CoinGecko.com, the price of the coin dropped less than 1% in the past 24 hours, and 4.7% in a week, to the current price of USD 22.3 (at 12:32 UTC).
A part of the stolen funds is already being exchanged, said the protocol.
Nexus Mutual described this as a "targeted personal attack on Hugh," explaining further that the attacker gained remote access to Karp's computer and modified the MetaMask extension, "tricking him into signing a different transaction which transferred funds to the attacker’s own address." According to them, the attacker completed know-your-customer (KYC) 11 days ago but then switched membership to a new address on December 3. "Our investigation is ongoing to identify the attacker and how they operated," they said.
Meanwhile, Karp himself described this attack as "next level stuff," promising a high bounty and a stop to the investigation should he attacker return the funds - a move which some commenters thought may incentivize other bad players.
To the attacker. Very nice trick, definitely next level stuff.— Hugh Karp 🐢 (@HughKarp) December 14, 2020
You'll have trouble cashing out that much NXM.
If you return the NXM in full, we will drop all investigations and I will grant you a $300k bounty.
This theft came at a time when many and various warnings are being sent within the Cryptosphere over the emails and texts sent to Ledger and Trezor users in an attempt to trick them and take their funds.
This story is still developing and will be updated as more information becomes available.
Learn more: Crypto Security in 2021: More Threats Against DeFi and Individual Users