The CEO of decentralized finance (DeFi) insurer Nexus Mutual has lost the equivalent to over $8 million in a targeted attack, the firm disclosed Monday.
A total of 370,000 of the project’s native NXM tokens were drained from Hugh Karp’s address to one owned by the attacker at 09:40 am UTC, according to data source etherscan.io. The transaction cost 0.00429472 ETH, or $2.49.
The attacker, also a Nexus Mutual member, completed KYC (know-your-customer) 11 days ago and switched to a new address on Dec. 3, before gaining remote access to Karp’s computer and modified MetaMask wallet extension, according to the company’s tweets. That tricked him into signing a different transaction that transferred funds from his hardware wallet to attacker’s address.
Only Karp’s address has been compromised and so far Nexus Mutual and its members have remained unaffected. “The mutual is not impacted; the pool of funds and all systems are safe,” according to another tweet an hour ago.
Since news of the attack broke, the price of wrapped NXM tokens has declined by over 14% to 16.66 USDT (tether) on cryptocurrency exchange Huobi.
Some of the stolen funds have been transferred via decentralized exchange aggregator 1inch.exchange. “We welcome any assistance to stop the funds, which will likely move quickly,” Nexus said.
Nexus Mutual is a community-owned insurance alternative, offering protection from various risks in the DeFi ecosystem. Only members can participate in the network, buy cover and hold NXM tokens.