The latest incursion in the burgeoning decentralized finance sector has targeted an individual, Nexus Mutual founder Hugh Karp whose wallet got hit for $8 million.
The incursion was posted on the official Nexus Mutual twitter feed with an explanation to users that it was a targeted attack and no funds were in danger on the DeFi insurance platform. It added that the address contained 370,000 Nexus Mutual tokens, NXM, currently worth around $8.4 million at current prices.
Nexus Mutual stated that Karp was using a hardware wallet linked to a MetaMask account. The attacker gained remote access to his computer and modified the MetaMask extension, tricking him into signing a one transaction different from the intended one which subsequently transferred funds to the attacker’s own address.
At 9:40am this morning @HughKarp's personal address was attacked and drained by a member of the mutual. Only Hugh’s address was affected in this targeted attack and there is no subsequent risk to Nexus Mutual or any members.https://t.co/72nrIDpKW6
— Nexus Mutual 🐢 (@NexusMutual) December 14, 2020
Karp stated that when he was performing an unrelated transaction, MetaMask popped up with a spoof transaction, and he subsequently approved it, thinking it was the transaction he was intending to conduct.
$300,000 Bounty Offered
Karp stated that it will be difficult cashing out that many NXM tokens and offered a bounty for the full return;
To the attacker. Very nice trick, definitely next level stuff.
You'll have trouble cashing out that much NXM.
If you return the NXM in full, we will drop all investigations and I will grant you a $300k bounty.
— Hugh Karp 🐢 (@HughKarp) December 14, 2020
He followed up with;
“The mempool is a dark forest, but the IPs on the internet are quite transparent. I’m still happy to honour the bounty if you return the funds (less the bounty) within the next 12 hours. No questions asked.”
IP addresses can be masked using a VPN and although $8 million is quite a loss, offering a bounty to a thief could encourage others to carry out similar attacks on high-profile cryptocurrency figures.
Nexus Mutual stated that the attacker had completed their KYC (know your customer) process eleven days ago, and then switched membership to a new address on Dec. 3. It added that an investigation is ongoing to identify the attacker and how they operated.
It also stated that some of the funds were on the move and has passed through the 1inch DEX.
A Year of DeFi and Hardware Hacks
Although this attack was a targeted personal one, this year has seen a surge in DeFi related hacks and exploits resulting in millions lost. Each one serves to battle harden the embryonic industry however though targeted attacks are difficult to mitigate.
Karp did not specify what hardware wallet he was using, but owners of Ledger hardware wallets have increasingly become targets this year through advanced phishing campaigns and incursions resulting in fund loss. The company itself has done very little to protect its customers, often washing its hands of thefts that it deems are insignificant.