Hacker Stole $8M By Modifying Nexus CEO’s MetaMask Wallet

One hacker stole $8M by modifying the Nexus CEO’s MetaMask wallet that was used by Hugh Karp so let’s find out more in today’s altcoin news.

The hacker changed a transaction to send the CEO’s fund to his own wallet and the hacker stole $8M from Karp’s funds. Nexus Mutual CEO Hugh Karp suffered a remote access attack to his computer which eventually resulted in the loss of 370,000 NXM tokens or about $8 million in USD. The hacker tricked the CEO by using a combination of a modified MetaMask wallet into signing a different transaction which managed to transfer the funds to the attacker’s own address and then the hack was seen as a “targeted personal attack on Hugh” by the company.

To the attacker. Very nice trick, definitely next level stuff.

You'll have trouble cashing out that much NXM.

If you return the NXM in full, we will drop all investigations and I will grant you a $300k bounty.

— Hugh Karp 🐢 (@HughKarp) December 14, 2020

Karp described the attack as a “very nice trick” and “next level stuff” but also said that the hacker will have a hard time cashing out a huge sum of NXM tokens and said:

 “If you return the NXM in full, we will drop all investigations and I will grant you a $300k bounty.”

Nexus Mutual said Karp’s offer is a good chance to make this sophisticated attack quite notable actually for the right reasons. At the time of writing, there’s no evidence that suggests the hacker has taken Karp on his offer. The hack happened at 9.40 this morning and affected Karp’s own address and that was it. The platform’s team has clarified there are no subsequent risks to Nexus Mutual or any members at all.

At 9:40am this morning @HughKarp's personal address was attacked and drained by a member of the mutual. Only Hugh’s address was affected in this targeted attack and there is no subsequent risk to Nexus Mutual or any members.https://t.co/72nrIDpKW6

— Nexus Mutual 🐢 (@NexusMutual) December 14, 2020

Some information about the hacker is known already as he completed KYC 11 days ago and then switched membership to a new address back on December 3. What’s more, the team of the platform is aware that the address holding the stolen funds and some others are already being exchanged using the 1Inch exchange. There has been no public communication by the 1Inch exchange on the Twitter account or the website. The investigation of the attack remains ongoing as the team publicly requested more assistance to stop the movement of the funds.

As previously reported, Phishing attack pretending to be Ethereum’s MetaMask crypto wallet was identified by CipherTrace after they noted an uptick in posts about the malicious version of the wallet. One Twitter user expressed his concerns about the website of the wallet in a tweet. Right after that, Ciphertrace reported that they saw an increase in posts alleging user funds were stolen via a Chrome browser extension phishing attack that pretended to be Ethereum-based wallet MetaMask.