Fraud and Scams

Targeted Attack – $8.2 Million Stolen by Hackers

There’s been another theft in the Cryptoverse – this time a ‘personal’ one, as hackers have stolen more than USD 8.2m from the account of Hugh Karp, the founder of decentralized finance (DeFi) insurance protocol Nexus Mutual.


Nexus Mutual published the news in a Twitter post today, declaring that Karp’s “personal address was attacked and drained by a member of the mutual.” They said that only this specific address was touched in “this targeted attack and there is no subsequent risk to Nexus Mutual or any members,” adding that “the mutual is not impacted; the pool of funds and all systems are safe.”

As claimed in the transaction details, NXM 370,000 was stolen, worth some 8.25m. Per CoinGecko.com, the price of the coin dropped less than 1% in the past 24 hours, and 4.7% in a week, to the current price of USD 22.3 (at 12:32 UTC).

A part of the stolen funds is now being exchanged, stated the protocol.

Nexus Mutual reported this as a “targeted personal attack on Hugh,” explaining further that the attacker gained remote access to Karp’s computer and modified the MetaMask extension, “tricking him into signing a different transaction which transferred funds to the attacker’s address.” According to them, the attacker completed know-your-customer (KYC) 11 days ago but then switched membership to a new address on December 3. “Our investigation is ongoing to identify the attacker and how they operated,” they said.

Meantime, Karp himself described this attack as “next-level stuff,” assuring a high bounty and a stop to the investigation should the attacker return the funds – a move which some commenters thought may incentivize other bad players.

This theft came at a time when many and various warnings are being sent within the Cryptosphere over the emails and texts sent to Ledger and Trezor users in an effort to trick them and take their funds.

Leave a Comment

Leave a Reply