Earlier this week, the founder of DeFi insurer Nexus Mutual was hacked to the tune of $8 million in NXM
The unknown hacker got access to Hugh Karp’s device using a malware attack and changed its MetaMask file extension. The company lost 370,000 native NXM tokens that were transferred to the hacker’s address. At the time of the incident, the stolen tokens were worth close to $8 million.
The hacker converted the stolen funds into wrapped NXM (WNXM) and moved them to an address ending in 2e2b.
“The attacker gained remote access to his computer & modified the MetaMask extension, tricking him into signing a different transaction which transferred funds to the attacker’s own address. The attacker completed KYC 11 days ago and then switched membership to a new address on Friday, 3 December”, the company wrote.
A bizarre turn of events
What has since unfolded can only be described as outré. The hacker wrote to Karp and the Nexus Mutual team asking for 4,500 Ethereum tokens (ETH). The attacker further threatened to dump the WNXM tokens in the market in a way that could dent the project’s current market position if the demands were not met. The requested Ethereum is the equivalent of nearly $3 million.
The attacker’s embedded message read, “Hello Hugh. I will not sell WNXM any more until WNXM recovers his value or you send me 4.5k ETH. If you need any negotiation with me, send msg to my eth address. Following are your addresses. You are rich, Hugh.0x87B2a7559d85f4…”
What this means for the DeFi insurer
Based on the current situation, things don’t look good for the DeFi insurer. This is because Uniswap is the only decentralised exchange that the hacker can use to avoid getting frozen out. Here is where the problem arises.
Uniswap only has meagre liquidity for WNXM compared to other centralised exchanges, and dumping the tokens there could make the coin nosedive. The attacker barely left room for negotiations, with the only allowance being “send msg to my eth address”.
The Nexus Mutual team is collaborating with law enforcement agencies to track the hacker, and it seems that they are closing in on the attacker. The team shared a reassuring tweet yesterday after Karp alluded to have gained access to the attacker’s IP and other details which might help to nail the hacker.