{"id":33507,"date":"2020-12-16T18:18:35","date_gmt":"2020-12-16T16:18:35","guid":{"rendered":"https:\/\/forklog.com\/en\/?p=33507"},"modified":"2025-08-28T14:10:26","modified_gmt":"2025-08-28T11:10:26","slug":"hacker-demanded-4500-eth-ransom-from-nexus-mutual-founder","status":"publish","type":"post","link":"https:\/\/u1f987.com\/en\/hacker-demanded-4500-eth-ransom-from-nexus-mutual-founder\/","title":{"rendered":"Hacker Demanded 4,500 ETH ransom from Nexus Mutual founder"},"content":{"rendered":"<p>The attacker who hacked the personal wallet of Nexus Mutual founder Hugh Karp demanded 4500 ETH (~$2.6 million at the time of writing). The hacker&#8217;s comment was left <a href=\"https:\/\/etherscan.io\/tx\/0xcc931f47a1849d060f1e9ac38a4fe16aec728c968a75dd9115852c6db3568985\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">via a transaction<\/a>.<\/p>\n<p><!--more--><\/p>\n<p>He stated that he would not sell the NXM tokens until the price recovers or until Karp transfers the ransom. The hacker added three addresses to the message, where more than $10 million is stored.<\/p>\n<blockquote>\n<p>\u201cYou&#8217;re rich, Hugh,\u201d wrote the unidentified individual.<\/p>\n<\/blockquote>\n<div id=\"attachment_119727\" style=\"width: 1034px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" aria-describedby=\"caption-attachment-119727\" class=\"size-large wp-image-119727\" src=\"https:\/\/u1f987.com\/wp-content\/uploads\/2-348-1024x164.png\" alt=\"Hacker demanded 4,500 ETH ransom from Nexus Mutual founder\" width=\"1024\" height=\"164\" srcset=\"https:\/\/u1f987.com\/wp-content\/uploads\/2-348-1024x164.png 1024w, https:\/\/u1f987.com\/wp-content\/uploads\/2-348-300x48.png 300w, https:\/\/u1f987.com\/wp-content\/uploads\/2-348-768x123.png 768w, https:\/\/u1f987.com\/wp-content\/uploads\/2-348.png 1107w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/p>\n<p id=\"caption-attachment-119727\" class=\"wp-caption-text\">Screenshot of the transaction from the service <a href=\"https:\/\/etherscan.io\/tx\/0xcc931f47a1849d060f1e9ac38a4fe16aec728c968a75dd9115852c6db3568985\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">Etherscan<\/a>.<\/p>\n<\/div>\n<p>Karp responded to the attacker&#8217;s demand on Twitter, saying that one of the addresses belonged to the Nexus Foundation, and that he does not have that much cryptocurrency.<\/p>\n<blockquote class=\"twitter-tweet\">\n<p dir=\"ltr\" lang=\"en\">0xFC6.. is the Nexus Foundation address, it\u2019s not mine.<\/p>\n<p>I don\u2019t have that much ETH <a href=\"https:\/\/t.co\/4isS3aKBd9\">https:\/\/t.co\/4isS3aKBd9<\/a><\/p>\n<p>\u2014 Hugh Karp \ud83d\udc22 (@HughKarp) <a href=\"https:\/\/twitter.com\/HughKarp\/status\/1339121064203399169?ref_src=twsrc%5Etfw\">December 16, 2020<\/a><\/p>\n<\/blockquote>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>The Nexus Mutual team said it identified a user in Singapore who recently completed a KYC procedure and interacted with the attacker\u2019s wallet.<\/p>\n<blockquote class=\"twitter-tweet\" data-conversation=\"none\">\n<p dir=\"ltr\" lang=\"en\">Now the funny part is that 0x832 has a real KYC. Singapore resident, with Singaporean phone number, a real email address that dates back many years ago, and Singaporean residential IP address. <a href=\"https:\/\/t.co\/6aPUrJxusQ\">pic.twitter.com\/6aPUrJxusQ<\/a><\/p>\n<p>\u2014 Nexus Mutual \ud83d\udc22 (@NexusMutual) <a href=\"https:\/\/twitter.com\/NexusMutual\/status\/1338862577762197506?ref_src=twsrc%5Etfw\">December 15, 2020<\/a><\/p>\n<\/blockquote>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>Earlier <a href=\"https:\/\/u1f987.com\/en\/news\/hacker-drains-founders-personal-address-of-defi-protocol-for-8-million\">installed on Hugh Karp&#8217;s personal computer<\/a> a compromised version of the MetaMask app that tricked him into confirming the transaction.<\/p>\n<p>The attacker\u2019s loot amounted to 370,000 NXM (about $8.22 million at the time of writing). According to Nexus Mutual, the protocol itself and users&#8217; funds were not affected.<\/p>\n<p>On December 14, the WNXM token price fell from $19.15 to $16.57. At the time of writing, the coin was trading at $16.18.<\/p>\n<div id=\"attachment_119728\" style=\"width: 1034px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" aria-describedby=\"caption-attachment-119728\" class=\"size-large wp-image-119728\" src=\"https:\/\/u1f987.com\/wp-content\/uploads\/333-1-1024x382.png\" alt=\"Hacker demanded 4,500 ETH ransom from Nexus Mutual founder\" width=\"1024\" height=\"382\" srcset=\"https:\/\/u1f987.com\/wp-content\/uploads\/333-1-1024x382.png 1024w, https:\/\/u1f987.com\/wp-content\/uploads\/333-1-300x112.png 300w, https:\/\/u1f987.com\/wp-content\/uploads\/333-1-768x287.png 768w, https:\/\/u1f987.com\/wp-content\/uploads\/333-1.png 1254w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/p>\n<p id=\"caption-attachment-119728\" class=\"wp-caption-text\">Data: <a href=\"https:\/\/www.coingecko.com\/ru\/\u041a\u0440\u0438\u043f\u0442\u043e\u0432\u0430\u043b\u044e\u0442\u044b\/wrapped-nxm\/usd#panel\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">CoinGecko<\/a>.<\/p>\n<\/div>\n<p>The attacker estimated that such an amount of NXM would be hard to cash out. He offered the attacker a $300,000 reward, calling the hack \u201ca very good trick.\u201d<\/p>\n<p><a href=\"https:\/\/u1f987.com\/en\/news\/hacker-uses-renbtc-to-move-nexus-mutual-founders-funds-to-bitcoin-addresses\">to move 137 BTC<\/a> to two addresses, the hacker used the renBTC tokenized-BTC protocol.<\/p>\n<p>Follow ForkLog\u2019s news on <a href=\"https:\/\/www.facebook.com\/forklog\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">Facebook<\/a>!<\/p>\n","protected":false},"excerpt":{"rendered":"<p>The attacker who hacked the personal wallet of Nexus Mutual founder Hugh Karp demanded 4,500 ETH (~$2.6 million at the time of writing). The hacker&#8217;s comment was left via a transaction.<\/p>\n","protected":false},"author":1,"featured_media":33508,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"select":"1","news_style_id":"1","cryptorium_level":"","_short_excerpt_text":"","creation_source":"","_metatest_mainpost_news_update":false,"footnotes":""},"categories":[3],"tags":[1154,1093],"class_list":["post-33507","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-news-and-analysis","tag-crimes","tag-defi"],"aioseo_notices":[],"amp_enabled":true,"views":"26","promo_type":"1","layout_type":"1","short_excerpt":"","is_update":"","_links":{"self":[{"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/posts\/33507","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/comments?post=33507"}],"version-history":[{"count":1,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/posts\/33507\/revisions"}],"predecessor-version":[{"id":33509,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/posts\/33507\/revisions\/33509"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/media\/33508"}],"wp:attachment":[{"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/media?parent=33507"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/categories?post=33507"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/tags?post=33507"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}