Nexus Mutual Founder Hacked

From Quadriga Initiative Cryptocurrency Hacks, Scams, and Frauds Repository
Revision as of 11:32, 17 February 2023 by Azoundria (talk | contribs)
Jump to navigation Jump to search

Notice: This page is a freshly imported case study from the original repository. The original content was in a different format, and may not have relevant information for all sections. Please help restructure the content by moving information from the 'About' section to other sections, and add any missing information or sources you can find. If you are new here, please read General Tutorial on Wikis or Anatomy of a Case Study for help getting started.

Notice: This page contains sources which are not attributed to any text. The unattributed sources follow the initial description. Please assist by visiting each source, reviewing the content, and placing that reference next to any text it can be used to support. Feel free to add any information that you come across which isn't present already. Sources which don't contain any relevant information can be removed. Broken links can be replaced with versions from the Internet Archive. See General Tutorial on Wikis, Anatomy of a Case Study, and/or Citing Your Sources Guide for additional information. Thanks for your help!

Nexus Mutual

KYC can create a closed community, but it's far from foolproof. It certainly does not remove the need for proper protections of funds.

This exchange or platform is based in United Kingdom, or the incident targeted people primarily in United Kingdom. [1][2][3][4][5][6][7][8][9][10][11][12][13][14][15][16][17][18][19][20]

About Nexus Mutual

"The CEO of decentralized finance (DeFi) insurer Nexus Mutual has lost the equivalent to over $8 million in a targeted attack, the firm disclosed Monday." "Nexus Mutual is a community-owned insurance alternative, offering protection from various risks in the DeFi ecosystem. Only members can participate in the network, buy cover and hold NXM tokens." "Nexus Mutual attack was not a result of its smart contract or external smart contracts, rather, the attacker was able to social engineer their way into the founder’s personal wallet." "Only Karp’s address has been compromised and so far Nexus Mutual and its members have remained unaffected. “The mutual is not impacted; the pool of funds and all systems are safe,” according to another tweet an hour ago."

"On Monday 14th of December at 9:40am UTC, I was tricked into approving a single transaction that sent 370,000 NXM to a hacker instead of what I thought was claiming some mining rewards. The hacker has subsequently liquidated the majority of the NXM into ETH/BTC and has been dispersing it to many different addresses and exchanges."

"The attacker was a member of the mutual, having passed know-your-client verification 11 days ago. The attacker was not fully identified though, with investigations still pending. The attacker needed to be a verified member of the mutual in order to receive NXM tokens, though a Nexus Mutual community manager told Cointelegraph that they are "working on the assumption that [the hacker] could have committed identity fraud."" "The attacker gained remote access to his computer & modified the metamask extension, tricking him into signing a different transaction which transferred funds to the attacker’s own address." "The fact that the attacker succeeded in getting Karp to sign the modified transaction demonstrates that Karp did not verify the transaction data on the hardware wallet (which presumably was not compromised) before signing it. Due to the small screen size of these devices and the likelihood that Karp performs many such transactions per day, this is unsurprising but unfortunate."

"To the attacker. Very nice trick, definitely next level stuff. You'll have trouble cashing out that much NXM. If you return the NXM in full, we will drop all investigations and I will grant you a $300k bounty."

"However, like most DeFi related hacks that take place, it’s unlikely that the attacker is going to return the funds." "According to Scorechain, the hacker has been busy converting the stolen NXM into Bitcoin." "Some of the stolen funds have been transferred via decentralized exchange aggregator 1inch.exchange. “We welcome any assistance to stop the funds, which will likely move quickly,” Nexus said." "[T]he attacker has reportedly already laundered up to $2.7 million worth of the stolen NXM, and is now demanding a similar amount to not sell off the rest." “Hello Hugh. I will not sell wNXM any more until wNXM recovers his value or you send me 4.5k ETH. If you need any negotiation with me, send msg to my eth address. Following are your addresses. You are rich, Hugh [...]” "Any negotiation is requested to be directed via the attacker’s Ethereum address, and the message concludes by listing three wallet addresses claimed to belong to Karp, along with the assertion that he is “rich.”" "The Nexus Mutual team is collaborating with law enforcement agencies to track the hacker, and it seems that they are closing in on the attacker. The team shared a reassuring tweet yesterday after Karp alluded to have gained access to the attacker’s IP and other details which might help to nail the hacker."

This exchange or platform is based in United Kingdom, or the incident targeted people primarily in United Kingdom.

The background of the exchange platform, service, or individuals involved, as it would have been seen or understood at the time of the events.

Include:

  • Known history of when and how the service was started.
  • What problems does the company or service claim to solve?
  • What marketing materials were used by the firm or business?
  • Audits performed, and excerpts that may have been included.
  • Business registration documents shown (fake or legitimate).
  • How were people recruited to participate?
  • Public warnings and announcements prior to the event.

Don't Include:

  • Any wording which directly states or implies that the business is/was illegitimate, or that a vulnerability existed.
  • Anything that wasn't reasonably knowable at the time of the event.

There could be more than one section here. If the same platform is involved with multiple incidents, then it can be linked to a main article page.

The Reality

This sections is included if a case involved deception or information that was unknown at the time. Examples include:

  • When the service was actually started (if different than the "official story").
  • Who actually ran a service and their own personal history.
  • How the service was structured behind the scenes. (For example, there was no "trading bot".)
  • Details of what audits reported and how vulnerabilities were missed during auditing.

What Happened

The specific events of the loss and how it came about. What actually happened to cause the loss and some of the events leading up to it.

Key Event Timeline - Nexus Mutual Founder Hacked
Date Event Description
December 14th, 2020 12:00:00 AM Main Event Expand this into a brief description of what happened and the impact. If multiple lines are necessary, add them here.

Total Amount Lost

The total amount lost has been estimated at $8,000,000 USD.

How much was lost and how was it calculated? If there are conflicting reports, which are accurate and where does the discrepancy lie?

Immediate Reactions

How did the various parties involved (firm, platform, management, and/or affected individual(s)) deal with the events? Were services shut down? Were announcements made? Were groups formed?

Ultimate Outcome

What was the end result? Was any investigation done? Were any individuals prosecuted? Was there a lawsuit? Was any tracing done?

Total Amount Recovered

There do not appear to have been any funds recovered in this case.

What funds were recovered? What funds were reimbursed for those affected users?

Ongoing Developments

What parts of this case are still remaining to be concluded?

Prevention Policies

The solution to prevent this event would have been to store the funds offline and use a multi-signature wallet. Large funds should not have been stored on the same wallet as used for other everyday transactions.

References

  1. Founder of DeFi protocol Nexus Mutual gets hacked for $8M (May 10, 2021)
  2. NXM Hack Update (May 10, 2021)
  3. CEO of DeFi Insurer Nexus Mutual Hacked for $8M in NXM Tokens - CoinDesk (May 11, 2021)
  4. The Nexus Mutual hacker is now asking for a $2.6M ransom (May 11, 2021)
  5. 4 ways Nexus Mutual could’ve prevented yesterday’s attack (May 11, 2021)
  6. CEO Of Defi Insurer Nexus Mutual Hacked For $8m In NXM Tokens (May 11, 2021)
  7. $8 million stolen in unusual DeFi hack - CoinGeek (May 11, 2021)
  8. CEO of Nexus Mutual Hacked for $8M. Follow our investigation - Scorechain Blog (May 11, 2021)
  9. Here’s What Happened to Nexus Mutual CEO’s Stolen Funds - Decrypt (May 11, 2021)
  10. Nexus Mutual Founder Offers $300k Bounty After $8m Hack (May 11, 2021)
  11. Nexus Mutual hacking incident | CoinJournal.net (May 11, 2021)
  12. Over $8 Million in Cryptocurrency Tokens Stolen from Nexus Mutual Founder Hugh Karp's Personal Account: Report (May 11, 2021)
  13. nexus mutual hack Archives - Halborn (May 11, 2021)
  14. $8 Million Nexus Mutual Hacker Lives in Singapore, Says Team | Crypto Briefing (May 22, 2021)
  15. CipherTrace Cryptocurrency Crime and Anti-Money Laundering Report 2020 (Jun 19, 2021)
  16. https://mobile.twitter.com/certik_io/status/1338833688180654080 (Jan 10, 2022)
  17. @HughKarp Twitter (Jun 26, 2022)
  18. @amanusk_ Twitter (Jul 24, 2022)
  19. @EtherText Twitter (Jul 24, 2022)
  20. @EtherText Twitter (Jul 24, 2022)
Retrieved from "https://quadrigainitiative.com/cryptocurrencyhackscamfraudwiki/index.php?title=Nexus_Mutual_Founder_Hacked&oldid=2258"