In brief

  • On Monday, Nexus Mutual CEO Hugh Karp was tricked into sending $8 million to a hacker.
  • Since then, the hacker has been offered a $300,000 bounty.
  • But after seemingly refusing to accept the bounty, the hacker has requested millions more in ransom money.

Two days ago, a hacker tricked Nexus Mutual CEO Hugh Karp into signing a transaction that directed 370,000 NXM ($8 million) directly into the hacker's pockets.

After the attack, which was described by Karp as a "neat trick," the Nexus Mutual CEO offered the hacker the chance to return the stolen funds in full in exchange for $300,000. Instead, the hacker has since cashed out at least half of the stolen funds into Bitcoin, and has now directly asked Karp for ransom money representing almost ten times more than the bounty offered.

"Hello Hugh. I will not sell xNXM any more until xNXM recovers his value or you send me 4.5k ETH. If you need any negotiation with me, send msg to my eth address. Following your addresses. You are rich, Hugh," the hacker said.


By current prices, 4,500 ETH represents about $2.6 million.

In response, Karp said he doesn't have that much Ethereum, claiming the address cited by the attacker is owned by Nexus Mutual, not him personally.

As reported by Decrypt, the hacker seemingly managed to conduct a remote access hack on the Nexus Mutual CEO that employed the combination of a modified Metamask and hardware wallet.

Based on data provided by Scorechain, the hacker converted the stolen funds to wrapped NXM, then sold the wrapped NXM for ETH, before once again swapping the ETH into renBTC. This enabled the hacker to cash out half of the stolen funds into Bitcoin.


But there are still plenty of stolen funds yet to be cashed out.

Update: This article has been corrected to show it was 4,500 ETH not 450,000 ETH as originally written.

Daily Debrief Newsletter

Start every day with the top news stories right now, plus original features, a podcast, videos and more.