DeFi Project Nexus Mutual Suffers .25M Attack; Only Founder’s Personal Wallet Affected

DeFi Project Nexus Mutual Suffers $8.25 Million Attack; Only Founder’s Personal Wallet Affected


DeFi insurance project Nexus Mutual has suffered an attack.

But for the crypto community, the only good thing is that Nexus Mutual founder Hugh Karp’s personal addresses were only affected.

On Monday, the team took to Twitter to share that at 9:40 on Dec. 14 itself, the personal address for the project creator was attacked and drained by a member of the mutual itself.

“Only Hugh’s address was affected in this targeted attack, and there is no subsequent risk to Nexus Mutual or any members,” noted the team.

370,000 NXM worth $8.25 million has been stolen from Hugh’s personal wallet.

As per the initial investigation, this targeted attack was made on Hugh’s hardware wallet by gaining remote access to his computer. By modifying the popular Ethereum wallet MetaMask’s extension, the attacker tricked Hugh into signing a different transaction to transfer the funds to the attacker's address.

“Since on hardware wallets you often can not validate practically what you are actually signing the weakest point to attack is the interface that creates the sign request – e.g., the Dapp,” said Martin Köppelmann, founder of the prediction market platform Gnosis.

As such, one needs to make sure that the private key only signs what the owner intends to, for which multiple signier or sanity checks must be used to separate the transaction request from signing it, advised Köppelmann.

According to the Nexus Mutual team, the attacker completed his KYC earlier this month and then switched the membership to a new address on Dec. 3rd.

“The mutual is not impacted; the pool of funds and all systems are safe. Our investigation is ongoing to identify the attacker and how they operated,” added the team.

Hugh also took to Twitter to urge the attacker to return the stolen NXM to him, and in return, they will drop the investigation and grant them the $300k bounty.

The project currently has a total value locked (TVL) of about $94 million, and its token NXS is currently trading at $0.226, down 1.91%. The token with a market cap of $15.65 million has a year-to-date performance of about 28%.

Meanwhile, Wrapped Nexus (wNXM), which the attacker used to move the funds, is seeing a bigger drop of over 16% to $16.41.

Get Daily Headlines

Enter Best Email to Get Trending Crypto News & Bitcoin Market Updates

What to Know More?

Join Our Telegram Group to Receive Live Updates on The Latest Blockchain & Crypto News From Your Favorite Projects

Join Our Telegram

Stay Up to Date!

Join us on Twitter to Get The Latest Trading Signals, Blockchain News, and Daily Communication with Crypto Users!

Join Our Twitter

Add comment

E-mail is already registered on the site. Please use the Login form or enter another.

You entered an incorrect username or password

Sorry, you must be logged in to post a comment.