Hugh Karp, founder of the DeFi platform Nexus Mutual, revealed details about a recent hack in his wallet, which resulted in the loss of 370,000 NXM worth $ 8.4 million.
The hack happened on December 11, and according to Hugh Karp, he did not install any malware. On that day, he was composing an email and noticed that the computer screen blinked several times, but he did not pay attention to it. As it turned out later, the screen blinking was a sign that the attacker had gained remote access to the computer.
Sometime later, the attacker removed the MetaMask extension from Hugh Karp's computer and replaced it with a malicious version of the program. As previously reported, on December 14, the founder of Nexus Mutual attempted to execute a transaction from his Ledger hardware wallet using MetaMask.
"The transaction looked fine - the malicious version of the wallet changed the displayed information, so I calmly confirmed it. Information about the transaction also appeared on the Ledger wallet, and here I did not check the addresses, and NXM tokens are not natively supported by Ledger. Therefore, I confirmed it here too. And a malicious transaction went into the blockchain. Then I saw MetaMask confirmation that the transaction was successful, but the Nexus Mutual application did not receive it. Then I found the transaction through Etherscan and understood what happened,"he noted.
Hugh Karp admits that if he carefully checked the transaction details on the Ledger wallet, the theft could have been avoided. He noted that the hack was aimed specifically at him. In addition, the hacker did not steal all of the available NXM tokens, which means the transaction was prepared in advance.
Although Kaspersky Lab specialists help Hugh Karp in the investigation of the incident, it is still unknown what kind of vulnerability the hackers used to gain access to the victim's computer. The founder of the platform also emphasizes that users need to use MetaMask with the utmost care, and maximize the separation of funds on wallets.
Recall that on December 16, the hacker sold 35% of the tokens stolen from Hugh Karp. The stolen NXM were converted to ETH and renBTC tokens.