{"id":33801,"date":"2020-12-22T16:29:13","date_gmt":"2020-12-22T14:29:13","guid":{"rendered":"https:\/\/forklog.com\/en\/?p=33801"},"modified":"2025-08-28T15:42:07","modified_gmt":"2025-08-28T12:42:07","slug":"nexus-mutual-founder-reveals-details-of-8m-hack","status":"publish","type":"post","link":"https:\/\/u1f987.com\/en\/nexus-mutual-founder-reveals-details-of-8m-hack\/","title":{"rendered":"Nexus Mutual founder reveals details of $8m hack"},"content":{"rendered":"<p>Hugh Karp, founder of the DeFi mutual-insurance project Nexus Mutual, <a href=\"https:\/\/u1f987.com\/en\/news\/hacker-drains-founders-personal-address-of-defi-protocol-for-8-million\">having lost more than $8 million<\/a> in the hack, described the incident in detail and gave recommendations to users.<\/p>\n<p><!--more--><\/p>\n<blockquote class=\"twitter-tweet\">\n<p dir=\"ltr\" lang=\"en\">A post-mortem and status update on the NXM hack from last week.<\/p>\n<p>Thanks to everyone for their messages of support, and specifically to those that have been helping out our investigations.<a href=\"https:\/\/t.co\/cCFsoP9WTD\">https:\/\/t.co\/cCFsoP9WTD<\/a><\/p>\n<p>\u2014 Hugh Karp \ud83d\udc22 (@HughKarp) <a href=\"https:\/\/twitter.com\/HughKarp\/status\/1341063567408328705?ref_src=twsrc%5Etfw\">December 21, 2020<\/a><\/p>\n<\/blockquote>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>Karp used a Ledger hardware wallet connected to the Nexus Mutual app via the MetaMask extension on a Windows computer. He said that on December 11, while composing an email, the screen went dark for two to three seconds.<\/p>\n<blockquote>\n<p>\u201cEverything returned to normal, and I simply assumed something strange happened and carried on,\u201d said the project&apos;s CEO.<\/p>\n<\/blockquote>\n<p>An hour later the attacker replaced MetaMask with a malicious version. On December 14, the founder of Nexus Mutual decided to claim a mining reward \u2014 the extension displayed the standard pop-up requesting confirmation. Karp did not verify the address and confirmed the transaction. He discovered the substitution only after consulting the Etherscan blockchain explorer.<\/p>\n<blockquote>\n<p>\u201cThis attack showed that it is necessary to check all transactions, regardless of their size,\u201d said Karp.<\/p>\n<\/blockquote>\n<p>In his view, the hacker prepared the transaction in advance, having stolen 370,000 native NXM tokens (about $8.22 million at the time), rather than all available assets. The private keys in the Ledger wallet were not compromised.<\/p>\n<p>The Nexus Mutual CEO described the MetaMask wallet as an \u201cobvious target\u201d for many attackers. He recommended the community use separate devices for signing transactions and spread assets across different storage locations.<\/p>\n<p>Also, Karp reached out to the attack organizer with a proposal to channel their skills in the right direction and join the \u201cwhite hat\u201d community.<\/p>\n<p>Earlier in December, the attacker demanded from Nexus Mutual\u2019s founder <a href=\"https:\/\/u1f987.com\/en\/news\/hacker-demanded-4500-eth-ransom-from-nexus-mutual-founder\">a ransom of 4,500 ETH<\/a>.<\/p>\n<p>Subscribe to ForkLog news on Telegram: <a href=\"https:\/\/t.me\/forkloglive\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">ForkLog FEED<\/a> \u2014 all the news feed, <a href=\"https:\/\/telegram.me\/forklog\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">ForkLog<\/a> \u2014 the most important news and polls.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Hugh Karp, founder of the DeFi mutual-insurance project Nexus Mutual, having lost more than $8 million in the hack, described the incident in detail and gave recommendations to users.<\/p>\n","protected":false},"author":1,"featured_media":33802,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"select":"1","news_style_id":"1","cryptorium_level":"","_short_excerpt_text":"","creation_source":"","_metatest_mainpost_news_update":false,"footnotes":""},"categories":[3],"tags":[1154,1093],"class_list":["post-33801","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-news-and-analysis","tag-crimes","tag-defi"],"aioseo_notices":[],"amp_enabled":true,"views":"24","promo_type":"1","layout_type":"1","short_excerpt":"","is_update":"","_links":{"self":[{"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/posts\/33801","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/comments?post=33801"}],"version-history":[{"count":1,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/posts\/33801\/revisions"}],"predecessor-version":[{"id":33803,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/posts\/33801\/revisions\/33803"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/media\/33802"}],"wp:attachment":[{"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/media?parent=33801"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/categories?post=33801"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/tags?post=33801"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}