QUADRIGA INITIATIVE
CRYPTO WATCHDOG & FRAUD RECOVERY PLATFORM
A COMMUNITY-BASED, NOT-FOR-PROFIT
$8 000 000 USD
DECEMBER 2020
UNITED KINGDOM
NEXUS MUTUAL
DESCRIPTION OF EVENTS
"The CEO of decentralized finance (DeFi) insurer Nexus Mutual has lost the equivalent to over $8 million in a targeted attack, the firm disclosed Monday." "Nexus Mutual is a community-owned insurance alternative, offering protection from various risks in the DeFi ecosystem. Only members can participate in the network, buy cover and hold NXM tokens." "Nexus Mutual attack was not a result of its smart contract or external smart contracts, rather, the attacker was able to social engineer their way into the founder’s personal wallet." "Only Karp’s address has been compromised and so far Nexus Mutual and its members have remained unaffected. “The mutual is not impacted; the pool of funds and all systems are safe,” according to another tweet an hour ago."
"On Monday 14th of December at 9:40am UTC, I was tricked into approving a single transaction that sent 370,000 NXM to a hacker instead of what I thought was claiming some mining rewards. The hacker has subsequently liquidated the majority of the NXM into ETH/BTC and has been dispersing it to many different addresses and exchanges."
"The attacker was a member of the mutual, having passed know-your-client verification 11 days ago. The attacker was not fully identified though, with investigations still pending. The attacker needed to be a verified member of the mutual in order to receive NXM tokens, though a Nexus Mutual community manager told Cointelegraph that they are "working on the assumption that [the hacker] could have committed identity fraud."" "The attacker gained remote access to his computer & modified the metamask extension, tricking him into signing a different transaction which transferred funds to the attacker’s own address." "The fact that the attacker succeeded in getting Karp to sign the modified transaction demonstrates that Karp did not verify the transaction data on the hardware wallet (which presumably was not compromised) before signing it. Due to the small screen size of these devices and the likelihood that Karp performs many such transactions per day, this is unsurprising but unfortunate."
"To the attacker. Very nice trick, definitely next level stuff. You'll have trouble cashing out that much NXM. If you return the NXM in full, we will drop all investigations and I will grant you a $300k bounty."
"However, like most DeFi related hacks that take place, it’s unlikely that the attacker is going to return the funds." "According to Scorechain, the hacker has been busy converting the stolen NXM into Bitcoin." "Some of the stolen funds have been transferred via decentralized exchange aggregator 1inch.exchange. “We welcome any assistance to stop the funds, which will likely move quickly,” Nexus said." "[T]he attacker has reportedly already laundered up to $2.7 million worth of the stolen NXM, and is now demanding a similar amount to not sell off the rest." “Hello Hugh. I will not sell wNXM any more until wNXM recovers his value or you send me 4.5k ETH. If you need any negotiation with me, send msg to my eth address. Following are your addresses. You are rich, Hugh [...]” "Any negotiation is requested to be directed via the attacker’s Ethereum address, and the message concludes by listing three wallet addresses claimed to belong to Karp, along with the assertion that he is “rich.”" "The Nexus Mutual team is collaborating with law enforcement agencies to track the hacker, and it seems that they are closing in on the attacker. The team shared a reassuring tweet yesterday after Karp alluded to have gained access to the attacker’s IP and other details which might help to nail the hacker."
KYC can create a closed community, but it's far from foolproof. It certainly does not remove the need for proper protections of funds.
HOW COULD THIS HAVE BEEN PREVENTED?
The solution to prevent this event would have been to store the funds offline and use a multi-signature wallet. Large funds should not have been stored on the same wallet as used for other everyday transactions.
Founder of DeFi protocol Nexus Mutual gets hacked for $8M (May 11)
NXM Hack Update (May 11)
CEO of DeFi Insurer Nexus Mutual Hacked for $8M in NXM Tokens - CoinDesk (May 12)
The Nexus Mutual hacker is now asking for a $2.6M ransom (May 12)
4 ways Nexus Mutual could’ve prevented yesterday’s attack (May 12)
CEO Of Defi Insurer Nexus Mutual Hacked For $8m In NXM Tokens (May 12)
$8 million stolen in unusual DeFi hack - CoinGeek (May 12)
CEO of Nexus Mutual Hacked for $8M. Follow our investigation - Scorechain Blog (May 12)
Here’s What Happened to Nexus Mutual CEO’s Stolen Funds - Decrypt (May 12)
Nexus Mutual Founder Offers $300k Bounty After $8m Hack (May 12)
Nexus Mutual hacking incident | CoinJournal.net (May 12)
Over $8 Million in Cryptocurrency Tokens Stolen from Nexus Mutual Founder Hugh Karp's Personal Account: Report (May 12)
nexus mutual hack Archives - Halborn (May 12)
$8 Million Nexus Mutual Hacker Lives in Singapore, Says Team | Crypto Briefing (May 23)
CipherTrace Cryptocurrency Crime and Anti-Money Laundering Report 2020 (Jun 20)
https://mobile.twitter.com/certik_io/status/1338833688180654080 (Jan 10)
@HughKarp Twitter (Jun 26)
@amanusk_ Twitter (Jul 24)
@EtherText Twitter (Jul 24)
@EtherText Twitter (Jul 24)
