{"id":33350,"date":"2020-12-14T17:24:58","date_gmt":"2020-12-14T15:24:58","guid":{"rendered":"https:\/\/forklog.com\/en\/?p=33350"},"modified":"2025-08-28T13:22:47","modified_gmt":"2025-08-28T10:22:47","slug":"hacker-drains-founders-personal-address-of-defi-protocol-for-8-million","status":"publish","type":"post","link":"https:\/\/u1f987.com\/en\/hacker-drains-founders-personal-address-of-defi-protocol-for-8-million\/","title":{"rendered":"Hacker drains founder&#8217;s personal address of DeFi protocol for $8 million"},"content":{"rendered":"<p>An unknown attacker siphoned from the personal wallet of Nexus Mutual founder Hugh Karp more than $8 million in native NXM tokens.<!--more--><\/p>\n<blockquote class=\"twitter-tweet\" data-lang=\"en\">\n<p dir=\"ltr\" lang=\"en\">At 9:40am this morning <a href=\"https:\/\/twitter.com\/HughKarp?ref_src=twsrc%5Etfw\">@HughKarp<\/a>\u2018s personal address was attacked and drained by a member of the mutual. Only Hugh\u2019s address was affected in this targeted attack and there is no subsequent risk to Nexus Mutual or any members.<a href=\"https:\/\/t.co\/72nrIDpKW6\">https:\/\/t.co\/72nrIDpKW6<\/a><\/p>\n<p>\u2014 Nexus Mutual \ud83d\udc22 (@NexusMutual) <a href=\"https:\/\/twitter.com\/NexusMutual\/status\/1338441873560571906?ref_src=twsrc%5Etfw\">December 14, 2020<\/a><\/p>\n<\/blockquote>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>Nexus Mutual explained that the hacker managed to install on Karp&#8217;s personal computer a compromised version of the MetaMask application, which deceitfully forced him to confirm the transaction.<\/p>\n<p>As a result, 370,000 NXM stored in the wallet (about $8.22 million at the time of writing) were transferred in a single transaction to an address controlled by the attacker. He is a member of the mutual-insurance society and completed the KYC process 11 days ago.<\/p>\n<p>The Nexus Mutual team assured that the protocol itself was not harmed and user funds remain safe. It is continuing the investigation and has not yet been able to identify the hacker.<\/p>\n<p>According to data from <a href=\"https:\/\/etherscan.io\/tx\/0xfe2910c24e7bab5c96015fb1090aa52b4c0f80c5b5c685e4da1b85c5f648558a\" target=\"_blank\" rel=\"noopener noreferrer\">Etherscan<\/a>, he has already begun converting the tokens into Ethereum (ETH). The stolen NXM account for about 5.5% of the total supply.<\/p>\n<div id=\"attachment_119501\" style=\"width: 1114px\" class=\"wp-caption alignnone\"><img loading=\"lazy\" decoding=\"async\" aria-describedby=\"caption-attachment-119501\" class=\"wp-image-119501 size-full\" src=\"https:\/\/u1f987.com\/wp-content\/uploads\/Untitled-1-7.png\" alt=\"\u0425\u0430\u043a\u0435\u0440 \u0432\u0437\u043b\u043e\u043c\u0430\u043b \u043b\u0438\u0447\u043d\u044b\u0439 \u0430\u0434\u0440\u0435\u0441 \u043e\u0441\u043d\u043e\u0432\u0430\u0442\u0435\u043b\u044f DeFi-\u043f\u0440\u043e\u0442\u043e\u043a\u043e\u043b\u0430 \u043d\u0430 $8 \u043c\u043b\u043d\" width=\"1104\" height=\"516\" srcset=\"https:\/\/u1f987.com\/wp-content\/uploads\/Untitled-1-7.png 1104w, https:\/\/u1f987.com\/wp-content\/uploads\/Untitled-1-7-300x140.png 300w, https:\/\/u1f987.com\/wp-content\/uploads\/Untitled-1-7-1024x479.png 1024w, https:\/\/u1f987.com\/wp-content\/uploads\/Untitled-1-7-768x359.png 768w\" sizes=\"auto, (max-width: 1104px) 100vw, 1104px\" \/><\/p>\n<p id=\"caption-attachment-119501\" class=\"wp-caption-text\">Data: Etherscan.<\/p>\n<\/div>\n<p>Hugh Karp contacted the attacker via Twitter, calling the hack &#8220;a very good trick&#8221;. He emphasised that cashing out such an amount of NXM would be problematic, and offered a $300,000 bounty and the end to the investigation in return for returning the funds.<\/p>\n<blockquote class=\"twitter-tweet\" data-lang=\"en\">\n<p dir=\"ltr\" lang=\"en\">To the attacker. Very nice trick, definitely next level stuff.<\/p>\n<p>You\u2019ll have trouble cashing out that much NXM.<\/p>\n<p>If you return the NXM in full, we will drop all investigations and I will grant you a $300k bounty.<\/p>\n<p>\u2014 Hugh Karp \ud83d\udc22 (@HughKarp) <a href=\"https:\/\/twitter.com\/HughKarp\/status\/1338452087374553091?ref_src=twsrc%5Etfw\">December 14, 2020<\/a><\/p>\n<\/blockquote>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>Earlier in November, an unknown <a href=\"https:\/\/u1f987.com\/en\/news\/defi-project-pickle-finance-lost-nearly-20-million-in-hack\">moved about $19.76 million<\/a> from the DeFi protocol Pickle Finance&#8217;s smart contract. An expert described the hack as highly sophisticated and well-planned.<\/p>\n<p>Subscribe to ForkLog news on Telegram: <a href=\"https:\/\/t.me\/forklogfeed\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">ForkLog Feed<\/a> \u2014 the full news feed, <a href=\"https:\/\/telegram.me\/forklog\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">ForkLog<\/a> \u2014 the most important news and polls.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>An unknown attacker siphoned more than $8 million in native NXM tokens from the personal wallet of Nexus Mutual founder Hugh Karp.<\/p>\n","protected":false},"author":1,"featured_media":33351,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"select":"1","news_style_id":"1","cryptorium_level":"","_short_excerpt_text":"","creation_source":"","_metatest_mainpost_news_update":false,"footnotes":""},"categories":[3],"tags":[1154,1093],"class_list":["post-33350","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-news-and-analysis","tag-crimes","tag-defi"],"aioseo_notices":[],"amp_enabled":true,"views":"29","promo_type":"1","layout_type":"1","short_excerpt":"","is_update":"","_links":{"self":[{"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/posts\/33350","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/comments?post=33350"}],"version-history":[{"count":1,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/posts\/33350\/revisions"}],"predecessor-version":[{"id":33352,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/posts\/33350\/revisions\/33352"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/media\/33351"}],"wp:attachment":[{"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/media?parent=33350"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/categories?post=33350"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/tags?post=33350"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}