Cryptonews DeFi News

Thief Steals USD 8.2m From Nexus Mutual Founder in a ‘Targeted Attack’

Crime

DeFi Hack MetaMask

Journalist

Sead Fadilpašić

Journalist

Sead Fadilpašić

About Author

Sead specializes in writing factual and informative articles to help the public navigate the ever-changing world of crypto. He has extensive experience in the blockchain industry, where he has served...

Author Profile

Last updated:

June 26, 2023

Why Trust Cryptonews

Cryptonews has covered the cryptocurrency industry topics since 2017, aiming to provide informative insights to our readers. Our journalists and analysts have extensive experience in market analysis and blockchain technologies. We strive to maintain high editorial standards, focusing on factual accuracy and balanced reporting across all areas - from cryptocurrencies and blockchain projects to industry events, products, and technological developments. Our ongoing presence in the industry reflects our commitment to delivering relevant information in the evolving world of digital assets. Read more about Cryptonews

There’s been another theft in the Cryptoverse – this time a ‘personal’ one, as attackers have taken more than USD 8.2m from the account of Hugh Karp, the founder of decentralized finance (DeFi) insurance protocol Nexus Mutual.

Nexus Mutual announced the news in a Twitter post today, stating that Karp’s “personal address was attacked and drained by a member of the mutual.” They stated that only this particular address was affected in “this targeted attack and there is no subsequent risk to Nexus Mutual or any members,” adding that “the mutual is not impacted; the pool of funds and all systems are safe.”

According to the transaction details, NXM 370,000 was taken, worth some 8.25m. Per CoinGecko.com, the price of the coin dropped less than 1% in the past 24 hours, and 4.7% in a week, to the current price of USD 22.3 (at 12:32 UTC).

A part of the stolen funds is already being exchanged, said the protocol.

Nexus Mutual described this as a “targeted personal attack on Hugh,” explaining further that the attacker gained remote access to Karp’s computer and modified the MetaMask extension, “tricking him into signing a different transaction which transferred funds to the attacker’s own address.” According to them, the attacker completed know-your-customer (KYC) 11 days ago but then switched membership to a new address on December 3. “Our investigation is ongoing to identify the attacker and how they operated,” they said.

Meanwhile, Karp himself described this attack as “next level stuff,” promising a high bounty and a stop to the investigation should he attacker return the funds – a move which some commenters thought may incentivize other bad players.

This theft came at a time when many and various warnings are being sent within the Cryptosphere over the emails and texts sent to Ledger and Trezor users in an attempt to trick them and take their funds.

This story is still developing and will be updated as more information becomes available.
___
Learn more: Crypto Security in 2021: More Threats Against DeFi and Individual Users