The personal address of Hugh Karp, the founder of the Ethereum-based insurance provider Nexus Mutual, has been drained for over $8 million worth of the NXM token by an already registered user. Despite the attack, Nexus Mutual has reassured that the customers’ funds are safe.
Nexus Mutual Founder Drained For $8M In NXM
The popular project took it to Twitter earlier today to explain the situation. The undisclosed attacker completed a know-your-customer (KYC) procedure 11 days ago on the platform and then switched membership to a new address on December 3rd.
He targeted Karp’s personal account through his hardware wallet. The hacker reportedly gained remote access to Karp’s computer and modified the extension of the cryptocurrency wallet – MetaMask.
Thus, the perpetrator managed to trick Karp into “signing a different transaction which transferred funds to the attacker’s own address.”
Ultimately, the transaction shows that the hacker has taken 370,000 NXM tokens. As the price of the project’s native cryptocurrency traded at about $22 at the time, this sizeable amount equaled $8,251,000.
It’s worth noting, however, that the NXM token has nosedived in value since the hack by nearly 20%. As of writing these lines, the price movement has threatened NXM’s position in the top 100 as it trades south of $18.
Funds Are SAFU, Bounty Offered
Nexus Mutual outlined that the attack was carried only on Karp’s personal account. As such, the pool of funds and all project systems were safe.
Karp also offered his view on the situation on Twitter. He classified it as a “very nice trick, definitely next-level stuff.”
However, the founder of Nexus Mutual warned the hacker that he would have issues with cashing out such an extensive amount of NXM. In fact, he offered him a way out if the perpetrator returns all assets – “we will drop all investigations, and I will grant you a $300k bounty.”
To the attacker. Very nice trick, definitely next level stuff.
You’ll have trouble cashing out that much NXM.
If you return the NXM in full, we will drop all investigations and I will grant you a $300k bounty.
— Hugh Karp 🐢 (@HughKarp) December 14, 2020
At the time of this writing, it’s still unknown the hacker’s identity or if he’s taken advantage of Karp’s offer.