DeFi founder’s hacker asks for $3 million in Ethereum after stealing $8m in NXM
One of the biggest news of this week by far is that of the founder of decentralized mutual platform Nexus Mutual, Hugh Karp, getting hacked for $8m in NXM.
What happened is that an unknown attacker gained access to Karp’s device via malware that altered the device’s MetaMask file. This allowed MetaMask to broadcast a fake transaction, even though Karp used a hardware wallet. The fake transaction drained $8 million worth of NXM from Karp’s address.
NXM is Nexus Mutual’s native token. What makes NXM extremely interesting is that to trade it, your Ethereum address needs to be KYCed.
It’s a bit complicated why this is the case but many thought that this basically meant that the hacker’s identity can be ascertained by looking at Nexus Mutual files.
But it appears the hacker isn’t concerned.
Hacker asks for Ethereum after stealing $8 million worth of an ERC token
The attacker recently requested nearly $3 million worth of Ethereum from the Nexus Mutual team or Hugh Karp to prevent him from selling Wrapped NXM on the market.
In an embedded message spotted by Ethereum transaction bot EtherText, the attacker wrote:
“Hello Hugh. I will not sell wNXM any more until wNXM recovers his value or you send me 4.5k ETH.If you need any negotiation with me, send msg to my eth address. Following are your addresses. You are rich.”
The attacker appears to be suggesting that to prevent him from dumping the wNXM on the market in a way that could harm Nexus Mutual’s trajectory, Karp should pay him a bounty of 4,500 Ethereum, or just under $3 million worth of the cryptocurrency.
An issue is that as it stands, the attacker dumping $8 million worth of wNXM on the market would likely send the coin toward $0 temporarily.
The issue is that Uniswap is the only platform the attacker can use without getting locked by exchanges. With only a small amount of liquidity there for WNXM relative to centralized exchanges, a dump of just a portion of the hacked funds could cause the coin to plunge rapidly.
"Hello Hugh. I will not sell wNXM any more until wNXM recovers his value or you send me 4.5k ETH.If you need any negotiation with me, send msg to my eth address.Following are your addresses. You are rich, Hugh.0x87B2a7559d85f4…"
– 0x07840..482https://t.co/PwH8yIk7aL— EtherText (@EtherText) December 16, 2020
The attacker does seem willing to negotiate.
Nexus Mutual and law enforcement agencies may be closing in on the attacker, though.
The tweet below was shared by the Nexus Mutual team yesterday. This came after Karp hinted that he has the IP of the attacker and has some information regarding the KYC documents that addresses affiliated with the attacker had to submit to wrap NXM into WNXM.
We are contacting law enforcement and will join forces with the other related cases that we found, that are also under investigation.
Thank you to everyone who has cooperated with the investigation.
As always, we're focused on shipping and building Nexus for the future.
— Nexus Mutual ? (@NexusMutual) December 15, 2020
WNXM is down five percent in the past 24 hours even as the rest of the crypto market enjoys a strong rally.