The CEO of decentralized finance (DeFi) insurer Nexus Mutual has lost the equivalent to over $8 million in a targeted attack, the firm disclosed Monday.
The attacker, also a Nexus Mutual member, completed KYC (know-your-customer) 11 days ago and switched to a new address on Dec. 3, before gaining remote access to Karp's computer and modified MetaMask wallet extension, according to the company's tweets. That tricked him into signing a different transaction that transferred funds from his hardware wallet to attacker's address.
Only Karp's address has been compromised and so far Nexus Mutual and its members have remained unaffected. "The mutual is not impacted; the pool of funds and all systems are safe," according to another tweet an hour ago.
Since news of the attack broke, the price of wrapped NXM tokens has declined by over 14% to 16.66 USDT (tether) on cryptocurrency exchange Huobi.
Some of the stolen funds have been transferred via decentralized exchange aggregator 1inch.exchange. "We welcome any assistance to stop the funds, which will likely move quickly," Nexus said.
Nexus Mutual is a community-owned insurance alternative, offering protection from various risks in the DeFi ecosystem. Only members can participate in the network, buy cover and hold NXM tokens.
The leader in news and information on cryptocurrency, digital assets and the future of money, CoinDesk is an award-winning media outlet that strives for the highest journalistic standards and abides by a strict set of editorial policies. In November 2023, CoinDesk was acquired by Bullish group, owner of Bullish, a regulated, institutional digital assets exchange. Bullish group is majority owned by Block.one; both groups have interests in a variety of blockchain and digital asset businesses and significant holdings of digital assets, including bitcoin. CoinDesk operates as an independent subsidiary, and an editorial committee, chaired by a former editor-in-chief of The Wall Street Journal, is being formed to support journalistic integrity.