The day before, we wrote about the theft of more than $ 8 million in cryptocurrency from the wallet of Hugh Karp, CEO of the Nexus Mutual blockchain platform.
The incident has new details – the experts of the analytical company Scorechain managed to track the flow of the stolen coins. It turns out that all this time the hacker was busy converting the stolen NXM into bitcoins. Here’s how he did it.
Let us remind you that the scheme of theft itself turned out to be very difficult. First of all, the hacker chose a victim for himself, and he did it on purpose. Then he got remote access to the entrepreneur’s computer and, at the right time, made changes to the operation of the software on Karp’s computer. In fact, he replaced the real MetaMask wallet with a fake one, which eventually became the reason for the successful deception.
Judging by the sources, the representative of the Nexus Mutual project also used a hardware wallet, that is, he related to the security of his own cryptocurrency of responsibility. Alas, either his device did not have a separate screen that displays the truthful details of the transaction, or Karp simply did not pay attention to the displayed numbers.
In any case, he confirmed the transfer of a huge amount of cryptocurrency to the fraudster’s wallet, without knowing it. Due to the complexity of the circuit, he even called the circuit «next level». Karp also openly offered the fraudster 300 thousand dollars in case of a refund, but judging by what was happening, this amount did not suit the hacker.
An example of stealing cryptocurrency
First, the hacker converted the stolen funds into a wrapped NXM token, which were then moved to an address ending in 2e2b. This was followed by multiple swaps using the Uniswap and 1Inch Exchange decentralized exchanges. According to Scorechain, this was done to “find optimal exchange routes,” that is, the hacker was trying to find the best price to sell the stolen funds.
After selling wrapped NXM for ETH, the attacker changed ethers to renBTC, a token that is part of the Ren Protocol project. As a reminder, RenBTC is a decentralized version of bitcoins on the Ethereum network, also known as tokenized bitcoins. The hacker ended up using renBTC to convert the stolen funds into bitcoins.
He ended up burning renBTC – this is the usual procedure for obtaining real bitcoins that provide such tokens – and received BTC into his wallet in three separate transactions. According to analysts, the hacker attack against Hugh Karp was very successful – now the attacker has at least 147 bitcoins, or $ 2.9 million at the current exchange rate. This is not the end: there are 198 thousand NXM left on his wallet, which the hacker will probably also transfer to bitcoins.
We checked the latest data: over the past day, the Nexus Mutual rate has grown by 1.3 percent.
At the same time, the rate of the Wrapped NXM coin, which is in the possession of the hacker, sank 5.3 percent.
Today, other interesting details emerged: the hacker contacted Hugh, but not to receive a reward of 300 thousand dollars. On the contrary, he demanded 4500 Ethers from Karp, or the equivalent of $ 2.67 million. If the fraudster receives them, then he promises to stop selling WNXM and drop the cryptocurrency rate. He attached the text of the message to this transaction.
Hi Hugh. I will no longer sell wNXM until the cryptocurrency recovers, if you send me 4.5 thousand ethers. If you want to discuss something with me, please send a message to my ETH-address. By the way, I follow all your addresses. You are rich, Hugh.
We have checked the contents of the specified addresses. The first one has $ 636K tokens, the second has $ 9.78M tokens, and the last one contains $ 1.76M of Ether.
Note that this is not the first time that the renBTC protocol serves as a «bridge» between stolen tokens and bitcoins. In October of this year, another hacker attacked the Harvest Finance DeFi protocol. The attacker stole about $ 24 million from the protocol and used renBTC to convert the stolen funds into bitcoins.
We believe that the consequences of what happened – apart from the loss of a large amount of funds – will be small. The situation did not affect Karp’s reputation, since the hacker acted insolently and even used a fake program, that is, anyone could be in his place. Also, the exchange rate of the NXM cryptocurrency practically did not change, which means that users made the right decision and did not transfer the impressions of the situation to the hack victim’s project.
For now, it remains to be hoped that the author of the hack will fall into the hands of law enforcement officers. Be that as it may, this money does not belong to him, and the abundance of hacks has a bad effect on the image of cryptocurrencies and prevents their mass popularization. And this needs to be corrected.
To avoid falling into such a trap, keep your private keys in a safe place, do not use suspicious software.
