Hugh Karp, the founder of popular decentralized insurance protocol, Nexus Mutual has reportedly lost over $8 million worth of cryptos to an attack. The platform’s official Twitter handle announced this on Monday, December 14, 2020, saying that Mr. Karp was tricked into approving the transaction after the attacker gained access to his computer. Mr. Karp also said that the company’s pool of funds and systems are safe.
Another $8 Million Lost To Spoof Attack
As more scam activities continue to rock the crypto ecosystem, Nexus Mutual boss Hugh Karp seems to be the latest person hit by many of these attacks.
On Monday, the company, Nexus Mutual, revealed what happened to its boss. It was said that the attack on Karp was on his address and was orchestrated by a member of the mutual.
Tokens lost were reported to be 370,000 NXM (Nexus Mutual Tokens), approximately $8.25 million in fiat value. Some of the stolen tokens have also been exchanged on the decentralized exchange platform, 1inch.Exchange.
Details on investigations so far revealed that the attacker gained remote access to Hugh’s computer, modified the MetaMask extension, and tricked him into approving a transaction to the attacker’s own address from his hardware wallet.
It was also revealed that the attacker had previously completed KYC 11 days back, switching membership to a new address on Friday, December 3.
Confirming the event, Mr. Karp said;
“Then when I was performing an unrelated transaction, MetaMask popped up with a spoof transaction, and I subsequently approved it, thinking it was the transaction I was intending to conduct. Instead, it was transferring NXM to their wallet.”
He furthered by saying that no one else was affected by the attack; not even his private keys were compromised. He referred to the attack as a “very nice trick” and “definitely next-level stuff.”
Through his Twitter handle, Hugh Karp had compelled the crypto thief to refund his funds, warning that he’ll have trouble cashing out all those funds. He promised to give the attacker a $300K bounty reward if he heeds to his demands.
One Too Many Attacks
This may seem like another scam attack technique, attacks of this nature where fund owners are tricked into parting away their funds aren’t new in the crypto ecosystem.
This isn’t limited to person-to-person attack. There are also cases of Twitter scams and fake Defi protocols carting away with millions of dollars worth of cryptocurrencies from unsuspecting members of the crypto community. In regards to this, a crypto whale warns of growing DeFi scams, as reported by ZyCrypto.