Hugh Karp, founder of the DeFi-project of mutual insurance Nexus Mutual, who lost more than $8 million as a result of hacking, described in detail the details of the incident and gave recommendations to users.
Karp used a Ledger hardware wallet connected to the Nexus Mutual application via the MetaMask extension on a Windows computer. According to him, on December 11, while writing an email, the screen turned off for two or three seconds.
“Everything returned to normal, and I just assumed that something strange had happened, and continued,” said the CEO of the project.
An hour later, the attacker replaced MetaMask with a malicious version. On December 14, the founder of Nexus Mutual decided to receive a reward for mining — the extension displayed a standard pop-up message with a request. Karp did not check the address and confirmed the transaction. He discovered the substitution only after contacting the Etherscan blockchain browser.
“This attack showed that it is necessary to check all transactions, regardless of their size,” Karp said.
In his opinion, the hacker prepared the transaction in advance, because he stole 370,000 in native NXM tokens (about $8.22 million at that time), and not all available assets. The private keys in the Ledger wallet were not affected.
The CEO of Nexus Mutual called the MetaMask wallet an “obvious target” for many attackers. He recommended that the community use separate devices to sign transactions and split assets into different repositories.
Karp also turned to the organizer of the attack with a proposal to direct his skills in the right direction and join the “white hackers”.
Recall that on December 16, the attacker demanded a ransom of 4,500 ETH from the founder of Nexus Mutual.