The DeFi sector continues to face security scrutiny in the past year, which is becoming an alarming situation for the Blockchain space. Analyst, traders and investors continue to worry about the increasing rate of hacks and security breaches parading the Digital assets space.
The latest of which include that of the founder of Nexus Mutual, Hugh Karp who posted on his company’s official Twitter page confirmed that his account was attacked and the hackers carted away with 370,000 Nexus Mutual tokens, NXM, currently worth around $8.4 million. He, however, explain to users that the mutual insurance platform was safe as the targeted attack didn’t put the platform in danger but rather the personal wallet of Karp.
The attack was perpetrated via a hardware wallet
In the official tweet posted by the company, they confirmed that the perpetrators took advantage of the fact that Karp was using a hardware wallet linked to a MetaMask account. The hacker, unfortunately, gained access to Karp’s PC and modified the MetaMask extension. The manipulated MetaMask extension allowed the attacker to trick Karp into signing an alternate transaction different from the one he intended to sign. This subsequently made the businessman transfer funds to the attacker’s address, thinking it was the transaction he intended to conduct.
Karp offers a $300,000 bounty on the hacker
The attacker carted away with about 370,000 Nexus Mutuals token which Karp believes will almost be impossible for the hacker to cash out. The businessman, via his Twitter account, has now confirmed that he will drop all investigations and also reward the attacker with $300,000 if he returns the NXM in full. Karp believes that the transparency of IPS on the internet enables them to be masked using a VPN, and he believes it is not a matter of if, but rather when the attacker will be caught.
A few enthusiasts and analysts feel like offering a bounty to a thief could encourage others to carry out similar attacks on high-profile cryptocurrency in future despite an $8 million loss at stake. In the investigations already carried out by Karp and Nexus Mutual, the attacker already completed his/her KYC eleven days ago before switching allegiance to a new address. It is also believed that some of the funds were already on the move, as investigations confirmed that the funds have passed through the 1inch DEX.
It is worthy to note that this might be a personal attack on Hugh Karp, but the DeFi space continues to be terrorized with several hacks and attacks leading to losses of money for investors. A scam was reported last Friday when three projects DeFiB, iBase/YFFS, and DeTrade Fund wanted to raise Ethereum from investors by conducting “pre-sales” for their projects. The scam was completed when the projects refused to release the coins purchased in the presale and instead sold them by siphoning them to an external wallet. Popular crypto wallet, Ledger wallets, have not been spared from increasing attacks this year which has resulted in the loss of funds for its customers.