CEO of DeFi Insurer Nexus Mutual Hacked for $8M in NXM Tokens

Nexus Mutual's CEO, Hugh Karp, lost the tokens after an attacker gained remote access to his computer.

AccessTimeIconDec 14, 2020 at 1:11 p.m. UTC
Updated Sep 14, 2021 at 10:42 a.m. UTC
10 Years of Decentralizing the Future
May 29-31, 2024 - Austin, TexasThe biggest and most established global hub for everything crypto, blockchain and Web3.Register Now

The CEO of decentralized finance (DeFi) insurer Nexus Mutual has lost the equivalent to over $8 million in a targeted attack, the firm disclosed Monday.

A total of 370,000 of the project's native NXM tokens were drained from Hugh Karp's address to one owned by the attacker at 09:40 am UTC, according to data source etherscan.io. The transaction cost 0.00429472 ETH, or $2.49.

Hugh Karp's personal address transaction
Hugh Karp's personal address transaction

The attacker, also a Nexus Mutual member, completed KYC (know-your-customer) 11 days ago and switched to a new address on Dec. 3, before gaining remote access to Karp's computer and modified MetaMask wallet extension, according to the company's tweets. That tricked him into signing a different transaction that transferred funds from his hardware wallet to attacker's address.

Only Karp's address has been compromised and so far Nexus Mutual and its members have remained unaffected. "The mutual is not impacted; the pool of funds and all systems are safe," according to another tweet an hour ago.

Since news of the attack broke, the price of wrapped NXM tokens has declined by over 14% to 16.66 USDT (tether) on cryptocurrency exchange Huobi.

Some of the stolen funds have been transferred via decentralized exchange aggregator 1inch.exchange. "We welcome any assistance to stop the funds, which will likely move quickly," Nexus said.

Nexus Mutual is a community-owned insurance alternative, offering protection from various risks in the DeFi ecosystem. Only members can participate in the network, buy cover and hold NXM tokens.

Disclosure

Please note that our privacy policy, terms of use, cookies, and do not sell my personal information has been updated.

CoinDesk is an award-winning media outlet that covers the cryptocurrency industry. Its journalists abide by a strict set of editorial policies. In November 2023, CoinDesk was acquired by the Bullish group, owner of Bullish, a regulated, digital assets exchange. The Bullish group is majority-owned by Block.one; both companies have interests in a variety of blockchain and digital asset businesses and significant holdings of digital assets, including bitcoin. CoinDesk operates as an independent subsidiary with an editorial committee to protect journalistic independence. CoinDesk employees, including journalists, may receive options in the Bullish group as part of their compensation.


Learn more about Consensus 2024, CoinDesk's longest-running and most influential event that brings together all sides of crypto, blockchain and Web3. Head to consensus.coindesk.com to register and buy your pass now.


Read more about