Nexera Private Key Compromise Contract Upgrade
Notice: This page is a freshly imported case study from an original repository. While the original content had a similar format, some sections may not have been fully completed. Please help fill in any empty sections or any missing information you can find. If you are new here, please read General Tutorial on Wikis or Anatomy of a Case Study for help getting started.
Notice: This page contains sources which are not attributed to any text. The unattributed sources follow the initial description. Please assist by visiting each source, reviewing the content, and placing that reference next to any text it can be used to support. Feel free to add any information that you come across which isn't present already. Sources which don't contain any relevant information can be removed. Broken links can be replaced with versions from the Internet Archive. See General Tutorial on Wikis, Anatomy of a Case Study, and/or Citing Your Sources Guide for additional information. Thanks for your help!
Nexera, formerly called the Alliance Block DAO, is a decentralized autonomous organization. Holders of the token can participate in community governance, stake their tokens, or fund different community grants. The protocol founders appear to have been tricked into exposing access to their private keys and/or upgrading the smart contract. Once the upgrade was completed, the tokens were withdrawn and sold for BNB. Both the smart contract and trading were temporarily halted. Some of the funds were able to be recovered and burned before they were traded.[1][2][3][4][5][6][7][8][9][10][11][12][13][14][15][16][17][18]
About Nexera/AllianceBlock DAO
"DAO stands for "Decentralized Autonomous Organization". The AllianceBlock DAO is the decision-making tool for NXRA holders in the AllianceBlock ecosystem. Through Votes in the DAO, the community can let it’s voice be heard and steer AllianceBlock towards a bright future. It can propose new ideas for product & business development, issue grants that promote ecosystem growth, from the DAO Community Fund, and in the future it’ll also assume control over the smart contracts within our solutions."
"Empowering the future of finance with cutting edge open-source innovation Nexera is advancing finance with open-source infrastructure, seamlessly blending blockchain technology for streamlined management of digital, financial, and real-world assets" "The Nexera infrastructure stack is built with these principles in mind to make it seamless and easy to build with or on top of decentralized and open source technologies"
"The NXRA token plays a key part across the Nexera ecosystem's reputation system." "Staking NXRA unlocks exclusive access to features and opportunities." "Holding NXRA enables DAO participants to shape the future of the Nexera DAO actively." "NXRA is utilized for fees, payments and transaction mechanisms."
The Reality
This sections is included if a case involved deception or information that was unknown at the time. Examples include:
- When the service was actually started (if different than the "official story").
- Who actually ran a service and their own personal history.
- How the service was structured behind the scenes. (For example, there was no "trading bot".)
- Details of what audits reported and how vulnerabilities were missed during auditing.
What Happened
The specific events of the loss and how it came about. What actually happened to cause the loss and some of the events leading up to it.
| Date | Event | Description |
|---|---|---|
| August 6th, 2024 11:28:47 PM MDT | First Malicious Transfer | The first malicious transfer of Nexera tokens. |
| August 7th, 2024 12:16:59 AM MDT | Second Malicious Transfer | A second malicious transfer of Nexera tokens. |
| August 7th, 2024 12:22:00 AM MDT | Cyvers Tweet Posted | Cyvers posts an alert to notify about the smart contract breach and offer any assistance. |
| August 7th, 2024 1:02:00 AM MDT | Nexera Twitter Post Made | Nexera posts a thread on twitter with a high level outline of the exploit which they are facing. |
| August 7th, 2024 3:06:00 AM MDT | ZachXBT Tweet | ZachXBT reports on Twitter with a suggestion that the Nexera team was targeted by North Korean job seekers using a targeted scam. |
| August 7th, 2024 4:13:00 AM MDT | Update On Twitter | An update is posted that they are still under investigation, and trading/withdrawals/deposits have been halted on KuCoin and MEXC. |
| August 7th, 2024 5:17:00 AM MDT | CoinDesk Article | CoinDesk publishes an article on the Nexera exploit. |
| August 7th, 2024 7:34:00 PM MDT | Token Burning | PeckShield reports that some of the exploit tokens have been burned. |
| August 8th, 2024 1:16:00 AM MDT | AegisWeb Analysis | AegisWeb shares an analysis with transaction hashes included. |
Technical Details
This section includes specific detailed technical analysis of any security breaches which happened. What specific software vulnerabilities contributed to the problem and how were they exploited?
Total Amount Lost
The total amount lost has been estimated at $2,092,000 USD.
How much was lost and how was it calculated? If there are conflicting reports, which are accurate and where does the discrepancy lie?
Immediate Reactions
"Our system has detected a suspicious transaction involving your proxy contract. An address took ownership of your proxy contract and upgraded it. Shortly after, the address used the withdraw admin function to transfer all the $NXRA tokens.
The address is currently selling all the tokens for $ETH, and some of the funds have already been bridged to the $BNB chain. The total estimated loss is around $1.5 million."
"A suspicious transaction involving Nexera's proxy contract has occurred. An address took ownership of the proxy contract and upgraded it. Shortly after, the address used the withdraw admin function to transfer all the NXRA tokens. Currently, the address is selling all the tokens for ETH, and some of the funds have already been bridged to the BNB chain. The total estimated loss is around $1.5 million."
"The team is investigating an exploit involving smart contracts containing NXRA tokens.
While we are still finalizing our findings, there are already a couple of things that we can share: 1️) The $NXRA token contract has already been paused. Trading is halted on decentralized exchanges, and we are working with centralized exchanges to halt trading. 2️) Everyone is advised to stop trading.
We continue to investigate the exploit now and will come back here ASAP with follow-up steps.
Thank you for your understanding and patience while we sort this out with the utmost priority."
"We have already identified the exploit in the past hours. We have acted fast and managed to stop further damage.
We have also taken the following steps:
We are working with our partners at @HypernativeLabs to trace the source of the exploit and have begun discussions with law enforcement.
KuCoin has already suspended deposits and withdrawals, with trading to halt in the next few hours.
MEXC has already suspended deposits and withdrawals and halted trading.
Trading on DEXes has already been halted.
We have suspended bridging on Nexera Bridge.
As mentioned, everyone is advised to stop trading. We will continue to investigate and provide updates as we go."
"We recently concluded our technical investigation into the exploit and have determined that there is no issue with our smart contracts.
As mentioned in the previous update, we have already acted on freezing the $NXRA assets remaining in the attacker’s wallet and stopped further damage.
From this, we have these additional updates:
The exploit was part of a wider coordinated attack targeting multiple projects and protocols. Thanks to our team and partners, we managed to identify and stop it quickly and mitigate damage.
Of the total $NXRA tokens that were transferred, only $440k was effectively compromised. The remaining $NXRA assets in the attacker’s wallet have been frozen, and they cannot do anything with them.
We have made a technical assessment and determined that there will be no need to issue a new $NXRA token. We are keeping the same token address as we have now.
We are taking steps to ensure we can get the token live as soon as possible.
We are also issuing a full post-mortem report in the coming days.
Users who have staked on Fundrs will have all their $NXRA restored. For now, nothing needs to be done.
Users are still strongly advised against trading. KuCoin and MEXC have already halted their services (deposits, withdrawals and trading), and more exchanges have been notified and advised to do the same.
We greatly appreciate your patience and continued trust as we resolve this exploit.
Rest assured, we are working as fast as possible and with the community’s best interest in mind."
"The NXRA token is trading at $0.036, down 40% since the exploit occurred, according to CoinMarketCap. Blockchain sleuth ZachXBT revealed on Telegram that the attacker is connected to a string of recent compromised private-key incidents including SpaceCatch, Concentric Finance, OKX DEX, Serenity Shield and Reach. Data from Zapper shows that the attacker holds 32.5 million NXRA tokens worth $1.23 million and $555,000 of tether's USDT stablecoin."
Ultimate Outcome
"Nexera(@Nexera_Official), a decentralized finance (DeFi) protocol, has burned 32.5 million of its native NXRA tokens involved in a recent hack as part of efforts to address the incident and enhance security."
Total Amount Recovered
The total amount recovered is unknown.
What funds were recovered? What funds were reimbursed for those affected users?
Ongoing Developments
What parts of this case are still remaining to be concluded?
Individual Prevention Policies
No specific policies for individual prevention have yet been identified in this case.
For the full list of how to protect your funds as an individual, check our Prevention Policies for Individuals guide.
Platform Prevention Policies
Policies for platforms to take to prevent this situation have not yet been selected in this case.
For the full list of how to protect your funds as a financial service, check our Prevention Policies for Platforms guide.
Regulatory Prevention Policies
No specific regulatory policies have yet been identified in this case.
For the full list of regulatory policies that can prevent loss, check our Prevention Policies for Regulators guide.
References
- ↑ SlowMist Hacked - SlowMist Zone (Accessed Aug 8, 2024)
- ↑ @Nexera_Official Twitter (Accessed Aug 8, 2024)
- ↑ @zachxbt Twitter (Accessed Aug 8, 2024)
- ↑ Hacking Employers and Seeking Employment: Two Job-Related Campaigns Bear Hallmarks of North Korean Threat Actors (Accessed Aug 8, 2024)
- ↑ @Nexera_Official Twitter (Accessed Aug 8, 2024)
- ↑ @Nexera_Official Twitter (Accessed Aug 8, 2024)
- ↑ @CoinDesk Twitter (Accessed Aug 8, 2024)
- ↑ Blockchain Protocol Nexera Suffers $1.8M Exploit, NXRA Token Price Tumbles 40% (Accessed Aug 8, 2024)
- ↑ @Echoeweb Twitter (Accessed Aug 8, 2024)
- ↑ @web3_watchdog Twitter (Accessed Aug 8, 2024)
- ↑ @CyversAlerts Twitter (Accessed Aug 8, 2024)
- ↑ @JoshuaTensor Twitter (Accessed Aug 8, 2024)
- ↑ @AegisWeb3 Twitter (Accessed Aug 8, 2024)
- ↑ @CertiKAlert Twitter (Accessed Aug 8, 2024)
- ↑ @PeckShieldAlert Twitter (Accessed Aug 8, 2024)
- ↑ Nexera Foundation — Cutting edge open-source innovation on blockchain (Accessed Aug 8, 2024)
- ↑ Notion – The all-in-one workspace for your notes, tasks, wikis, and databases. (Accessed Aug 8, 2024)
- ↑ Notion – The all-in-one workspace for your notes, tasks, wikis, and databases. (Accessed Aug 8, 2024)