The personal address of Hugh Karp, founder of the Nexus Mutual protocol, has been hacked. More than $8 million worth of the NXM token has been stolen.
Nexus Mutual disclosed the hack to the public through their Twitter account, claiming that only Karp’s address was affected in the attack. Nexus Mutual further outlined that there is no subsequent risk to Nexus Mutual or any members. Nexus Mutual assured users’ that their funds are safe.
At 9:40am this morning @HughKarp's personal address was attacked and drained by a member of the mutual. Only Hugh’s address was affected in this targeted attack and there is no subsequent risk to Nexus Mutual or any members.https://t.co/72nrIDpKW6
— Nexus Mutual 🐢 (@NexusMutual) December 14, 2020
The hacker was a verified member of Nexus Mutual, having completed know-your-customer verification (KYC) 11 days prior to the hack. Nexus Mutual said:
“Hugh’s using a hardware wallet. The attacker gained remote access to his computer & modified the metamask extension, tricking him into signing a different transaction which transferred funds to the attacker’s own address.”
The transaction shows that the hacker successfully claimed 370,000 NXM tokens. This amounts to $8,280,600 at the current market price of $22,38 per token.
Karp took to Twitter to compliment the hacker, stating that they performed a “very nice trick”. Karp went on to offer a $300,000 bounty and promised to drop all charges, in exchange for returning the tokens. It is, however, unlikely that the hacker will give in to Karp’s request, as they have already started converting the stolen funds into ETH.
To the attacker. Very nice trick, definitely next level stuff.
You'll have trouble cashing out that much NXM.
If you return the NXM in full, we will drop all investigations and I will grant you a $300k bounty.
— Hugh Karp 🐢 (@HughKarp) December 14, 2020