The founder of DeFi’s „Nexus Mutual“ protocol suffered an $8 million hack

The platform is safe but founder Hugh Karp has lost his tokens, about 6% of the total supply

An anonymous attacker has stolen $8 million from the personal wallet of Hugh Karp, the CEO of DeFi’s Nexus Mutual platform.

According to the company, the funds were stolen on Monday morning by compromising Karp’s personal device. The hacker allegedly managed to install a compromised version of MetaMask, which tricked Bitcoin Up Karp into signing a transaction that redirected all of his NXM tokens to an address controlled by the attacker.

In total, the proceeds of the theft amount to 370,000 NXM, worth $8.2 million at the time of publication of this article. The hacker has already begun converting the tokens into Ether (ETH).

According to Nexus Mutual, Karp was using a hardware wallet, but the criminal still managed to circumvent the protection by replacing a legitimate transaction with his own. Some hardware wallets are supposed to provide protection against this type of attack, perhaps by requiring a confirmation on the device itself.

The attacker was a Nexus Mutual user, as he passed the company’s KYC procedure 11 days ago, but despite this, the hacker has not yet been identified. The investigation is still ongoing. The criminal had to be a verified member of Nexus Mutual in order to receive the NXM tokens, although a community manager told Cointelegraph that „we are working on the assumption that [the hacker] may have also committed identity theft.“

The NXM token has plummeted 17% since the attack, although the protocol itself has not been affected. Nevertheless, the NXMs stolen in the hack amount to about 6% of the token’s circulating supply, which could put significant downward pressure on the price.

Karp later even complimented the attacker for executing a „great move“. He then went directly to the criminal, offering a bounty of $300,000 and a promise not to take legal action in exchange for the return of the tokens. In his opinion, the attacker will have difficulty converting the stolen NXMs into more liquid forms of money.