The CEO of decentralized finance (DeFi) insurer Nexus Mutual has lost the equivalent to over $8 million in a targeted attack, the firm disclosed Monday.
The attacker, also a Nexus Mutual member, completed KYC (know-your-customer) 11 days ago and switched to a new address on Dec. 3, before gaining remote access to Karp's computer and modified MetaMask wallet extension, according to the company's tweets. That tricked him into signing a different transaction that transferred funds from his hardware wallet to attacker's address.
Only Karp's address has been compromised and so far Nexus Mutual and its members have remained unaffected. "The mutual is not impacted; the pool of funds and all systems are safe," according to another tweet an hour ago.
Since news of the attack broke, the price of wrapped NXM tokens has declined by over 14% to 16.66 USDT (tether) on cryptocurrency exchange Huobi.
Some of the stolen funds have been transferred via decentralized exchange aggregator 1inch.exchange. "We welcome any assistance to stop the funds, which will likely move quickly," Nexus said.
Nexus Mutual is a community-owned insurance alternative, offering protection from various risks in the DeFi ecosystem. Only members can participate in the network, buy cover and hold NXM tokens.
The leader in news and information on cryptocurrency, digital assets and the future of money, CoinDesk is a media outlet that strives for the highest journalistic standards and abides by a strict set of editorial policies. CoinDesk is an independent operating subsidiary of Digital Currency Group, which invests in cryptocurrencies and blockchain startups. As part of their compensation, certain CoinDesk employees, including editorial employees, may receive exposure to DCG equity in the form of stock appreciation rights, which vest over a multi-year period. CoinDesk journalists are not allowed to purchase stock outright in DCG.