Nexus Mutual founder Hugh Karp said that he has targeted his hackers’ IP who managed to steal over $8 million worth of the native NXM token as we reported previously in our altcoin news.
The decentralized finance space was hit with yet another hack attack where over $8 million worth of the native NXM token was exploited from Hugh Karp’s personal account. His project allows users to hedge against risks in the DeFi space that were not affected directly but his personal account, however, was exploited.
Attacker.
The mempool is a dark forest, but the IPs on the internet are quite transparent.
I'm still happy to honour the bounty if you return the funds (less the bounty) within the next 12 hours. No questions asked.
— Hugh Karp 🐢 (@HughKarp) December 14, 2020
According to the reports, what happened was that the leading Defi extension MetaMask was corrupted to broadcast transactions were altered. The attacker managed to alter the transactions from MetaMask so it was directed to the founder’s own address. You can think of this as a classic “clipboard” attack on the BTC users where the users tried to send the coins to one address that will be forced to send to the attacker’s address. However, Nexus Mutual founder Karp said that now he has targeted the hacker’s IP Address.
Shortly after the attack, Karp tweeted that he will distribute $300,000 worth of bounty to the attack if he returns the funds:
“To the attacker. Very nice trick, definitely next level stuff. You’ll have trouble cashing out that much NXM. If you return the NXM in full, we will drop all investigations and I will grant you a $300k bounty.”
To the attacker. Very nice trick, definitely next level stuff.
You'll have trouble cashing out that much NXM.
If you return the NXM in full, we will drop all investigations and I will grant you a $300k bounty.
— Hugh Karp 🐢 (@HughKarp) December 14, 2020
The attacker didn’t respond as he was choosing to sell more of his coins via proxy wallets that were tied back to the original wallet that was used in the attack. The coins were sold right after they were swapped to the WNXM which is a KYC version of the NXM coin. While many think that the attacker used fake KYC documents to make the transition as Karp said that he has the attacker’s IP at the very least:
“Attacker. The mempool is a dark forest, but the IPs on the internet are quite transparent. I’m still happy to honour the bounty if you return the funds (less the bounty) within the next 12 hours. No questions asked.”
The programmers are decoding the malicious payments to determine how the attack happened without Karp knowing and many think that the attack can be replicated to some extent with the revised code.
DC Forecasts is a leader in many crypto news categories, striving for the highest journalistic standards and abiding by a strict set of editorial policies. If you are interested to offer your expertise or contribute to our news website, feel free to contact us at [email protected]
Discussion about this post