The decentralized finance (DeFi) space was rocked last morning by news that Nexus Mutual founder Hugh Karp was hit with a personal attack.
His project, a decentralized mutual product to allow users to hedge against risks in the DeFi space, was not directly affected. But, his personal account, which contained over $8 million worth of the native NXM token, was exploited.
According to early reports from the Nexus Mutual team, what had happened was that the leading DeFi extension, MetaMask, was corrupted to broadcast altered transactions. The attacker managed to alter the transactions from MetaMask so that it directed the coins to his own address.
Pretty much think of this as the classic “clipboard” attack on Bitcoin users, where users attempting to send their coins to one address would be forced to send it to the attacker’s address.
The DeFi founder, though, says that he has acquired the IP of the attacker.
Related Reading: Here’s Why Ethereum’s DeFi Market May Be Near A Bottom
DeFi Founder Discusses $8 Million Hack
Shortly after the attack, Karp tweeted that he would distribute $300,000 worth of bounty to the attacker if he or she returned the funds:
“To the attacker. Very nice trick, definitely next level stuff. You’ll have trouble cashing out that much NXM. If you return the NXM in full, we will drop all investigations and I will grant you a $300k bounty.”
To the attacker. Very nice trick, definitely next level stuff.
You’ll have trouble cashing out that much NXM.
If you return the NXM in full, we will drop all investigations and I will grant you a $300k bounty.
— Hugh Karp ? (@HughKarp) December 14, 2020
The attacker did not immediately respond, seemingly opting to sell more of his coins via proxy wallets tied back to the original wallet used in the attack. The coins were sold after they were swapped to WNXM, a non-KYCed version of the NXM coin.
While many speculate that the attacker used fake KYC documents to make this transition, Karp says that he has the attacker’s IP at the very least.
“Attacker. The mempool is a dark forest, but the IPs on the internet are quite transparent. I’m still happy to honour the bounty if you return the funds (less the bounty) within the next 12 hours. No questions asked.”
Attacker.
The mempool is a dark forest, but the IPs on the internet are quite transparent.
I’m still happy to honour the bounty if you return the funds (less the bounty) within the next 12 hours. No questions asked.
— Hugh Karp ? (@HughKarp) December 14, 2020
Related Reading: Tyler Winklevoss: A “Tsunami” of Capital Is Coming For Bitcoin
Solutions to This Pressing issue
While programmers are decoding the malicious payload to determine exactly how this attack took place without Karp knowing, many are still convinced that the attack can be replicated to some extent with revised code.
Many have proposed that to prevent this from affecting DeFi users in the future, users should potentially purchase an airgapped machine that only interacts with hardware wallets.
Such a machine would enable users to interact with DeFi apps without fear that there is a malicious package on their computer.
Related Reading: 3 Bitcoin On-Chain Trends Show a Macro Bull Market Is Brewing
Featured Image from Shutterstock Price tags: nxmusd, nxmbtc, nxmeth, wnxmeth, wnxmbtc, wnxmusd, wnxm Charts from TradingView.com DeFi Founder Targeted in $8m Hack Says He Has His Hacker's IP