In brief
- A hacker has remotely modified the MetaMask wallet used by Nexus CEO Hugh Karp.
- It resulted in a transaction that sent the CEO's funds to his own wallet.
- The hacker has taken $8 million of Karp's funds.
Nexus Mutual CEO Hugh Karp has suffered a remote access hack to his computer that resulted in the loss of 370,000 NXM, or approximately $8 million.
The hacker tricked Karp—using a combination of a modified Metamask and hardware wallet—into signing a different transaction that transferred funds to the attacker’s own address. The hack has been described as “targeted personal attack on Hugh” by Nexus Mutual via its Twitter account.
Karp described the attack as a “very nice trick,” and “next level stuff.” He also said the hacker will have trouble cashing out such a large amount of NXM, and said, “If you return the NXM in full, we will drop all investigations and I will grant you a $300k bounty.”
To the attacker. Very nice trick, definitely next level stuff.
You'll have trouble cashing out that much NXM.
If you return the NXM in full, we will drop all investigations and I will grant you a $300k bounty.
— Hugh Karp 🐢 (@HughKarp) December 14, 2020
Nexus Mutual described Karp’s offer as an “opportunity to make this sophisticated, next level, attack notable for the right reasons.”At the time of writing, there is no evidence to suggest the hacker has taken Karp up on this offer.
The hack occurred at 9:40am this morning, and only affected Karp’s own address. The Nexus team has since clarified there “is no subsequent risk to Nexus Mutual or any members.”
Some information about the hacker is already known. According to Nexus Mutual, the hacker “completed KYC 11 days ago and then switched membership to a new address on Friday December 3.”
Initial investigation:
A targeted personal attack on Hugh.
Hugh's using a hardware wallet. The attacker gained remote access to his computer & modified the metamask extension, tricking him into signing a different transaction which transferred funds to the attacker’s own address.— Nexus Mutual 🐢 (@NexusMutual) December 14, 2020
What’s more, the Nexus team is aware of the address holding the stolen funds, and some are already being exchanged using 1Inch Exchange.
At the time of writing, there has been no public communication by the 1Inch Exchange either on the aggregator’s website or via its Twitter account.
The investigation however, remains ongoing. The team at Nexus has publicly requested any assistance to stop the movement of funds.
Update: We have removed an image of the Nexus coin as it is different from Nexus Mutual's coin and clarified how the MetaMask wallet was accessed.