According to a Nexus Mutual disclosure, by compromising Karp’s personal device, the funds were drained on Monday morning UTC. A compromised version of MetaMask was reportedly installed by the hacker, which tricked Karp into signing a transaction that redirected all his NXM tokens to an attacker-controlled address.
The loot, worth $8.2 million as of press time, amounts to 370,000 NXM. With a total balance of 354 ETHs worth over 200,000 dollar, the hacker already started converting to Ether.
According to Nexus Mutual, Karp used a wallet made of hardware. The attacker, however by replacing a legitimate transaction with his own, circumvented the protection. By requiring confirmation on the device itself, where the display should be protected from this form of tampering, some hardware wallets should provide protection against these types of attack.
The attacker was a member of the mutual, 11 days ago, having passed know-your-customer verification. However the attacker was not fully identified, with investigations still pending. In order to receive NXM tokens, the attacker needed to be a verified member of the mutual, although a Nexus Mutual community manager told Cointelegraph that they were working on the assumption that might have committed identity fraud.
Since the attack happened, the NXM token has dropped 17 percent, although the protocol itself has not been affected. The NXM stolen in the hack, however, amounts to about 6 percent of all tokens in circulation, which could pose significant price downward pressure.
Karp later supplemented the attacker with a “very nice trick.” In exchange for returning the tokens, he offered a $300,000 bounty and dropped all charges, arguing that the hacker would have trouble converting the NXM into more liquid forms of money.