A hacker, who on Monday stole $8.3 million from the private wallet of Nexus Mutual CEO Hugh Karp, has sent a ransom demand for $2.66 million in Ether (ETH) embedded in the input data of an Ethereum transaction.
In the poorly-worded Dec. 16 message, the attacker addresses Karp directly, and seems to suggest that they will cease selling off the stolen NXM until the price recovers or Karp sends 4,500 ETH.
“Hello Hugh. I will not sell wNXM any more until wNXM recovers his value or you send me 4.5k ETH. If you need any negotiation with me, send msg to my eth address. Following are your addresses. You are rich, Hugh [...]”
It is unclear if the hacker offered to return the remainder of the stolen NXM in the latter scenario, though this would likely be a prerequisite condition for Karp if he decides to send the ransom.
Any negotiation is requested to be directed via the attacker’s Ethereum address, and the message concludes by listing three wallet addresses claimed to belong to Karp, along with the assertion that he is “rich.”
As Cointelegraph reported, the hacker supposedly managed to install a compromised version of Metamask that tricked Karp into signing a transaction transferring all his 370,000 NXM to the attacker’s wallet.
In a tweet, Karp complemented the attacker on some “next level stuff,” while noting that it would be difficult to cash out so much NXM, and offering a $300,000 bounty if the tokens were returned in full.
However, undeterred, the attacker has reportedly already laundered up to $2.7 million worth of the stolen NXM, and is now demanding a similar amount to not sell off the rest.