An unknown attacker stole $8 million from the personal wallet of Hugh Karp, the CEO of DeFi coverage platform Nexus Mutual.
According to a disclosure by Nexus Mutual, the funds were drained on Monday morning UTC by compromising Karp’s personal device. The hacker reportedly managed to install a compromised version of MetaMask that tricked Karp into signing a transaction that redirected all his NXM tokens to an attacker-controlled address.
The loot amounts to 370,000 NXM, worth $8.2 million as of press time. The hacker already began converting the tokens to Ether (ETH), with a total balance of 354 ETH worth more than $200,000.
According to Nexus Mutual, Karp was using a hardware wallet. However, the attacker circumvented the protection by replacing a legitimate transaction with his own. Some hardware wallets should provide protection against these types of attack by requiring a confirmation on the device itself, where the display should be protected against this form of tampering.
The attacker was a member of the mutual, having passed know-your-client verification 11 days ago. The attacker was not fully identified though, with investigations still pending. The attacker needed to be a verified member of the mutual in order to receive NXM tokens, though a Nexus Mutual community manager told Cointelegraph that they are "working on the assumption that [the hacker] could have committed identity fraud."
The NXM token dropped 17% since the attack occurred, although the protocol itself was not affected. Nonetheless, the NXM stolen in the hack amounts to approximately 6% of all tokens in circulation, which could pose significant downward pressure on price.
Karp later complemented the attacker for performing a "very nice trick." He offered a $300,000 bounty and dropping all charges in exchange for returning the tokens, arguing that the hacker would have trouble in converting the NXM into more liquid forms of money.