$8.2 million stolen from Nexus Mutual CEO via rogue Metamask extension

avatar
(Edited)

image.png
(image source)

Yesterday Nexus Mutual announced on their official Twitter page that the personal address of their CEO Hugh Karp was attacked and drained. The attackers managed to steal 8,2 million dollar in NXM tokens from his wallet. There is no sign other wallets were targeted in this attack.

image.png

I found this news rather shocking. How can a CEO of a company that is involved in the crypto business and has access to a wallet with these amounts of crypto be so inattentive?

image.png

Screenshot of the transaction from etherscan.io
https://etherscan.io/tx/0x4ddcc21c6de13b3cf472c8d4cdafd80593e0fc286c67ea144a76dbeddb7f3629

According to the company’s tweets the attacker seems to be a Nexus Mutual member that somehow gained remote access to Karp’s computer and modified his MetaMask wallet extension. The company also claims their pool of funds and all systems are safe.

Hugh Karp himself compliments the attacker and offers him a $ 300k bounty if he returns the loot.

image.png

Metamask

MetaMask is one of the most famous wallet apps. The downside of this is that popular wallets are also popular targets for cybercriminals.
There has seen an alarming number of phishing attacks aimed at Metamask wallet owners.
Cybercriminals even buy Google ads to trick people into downloading rogue wallet apps.

image.png

Many people on Twitter complain having lost money on this scam and the number of victims is quickly growing.

image.png

Tips

Always be careful when you download wallets to store your possessions. Check, double check and triple check whether you have the right one!
Consider a hardware wallet when you have large amounts of crypto. Never, really never fill in your 12/24 word passphrase when asked!
Another advice is to use a dedicated machine that you use for crypto. This could be a virtual machine running on your computer.
Don’t use this machine for your daily stuff such as browsing, emails, social media etcetera to reduce the chance of also becoming a victim.

Be careful out there!

[EDIT]
After finishing this blog I saw a blog of @onealfa who is using Tails (an operating system (OS), created and optimized for user's privacy and anonymity) for his crypto business.
Check his blog here: https://leofinance.io/@onealfa/new-tails-is-out

Posted Using LeoFinance Beta

hive-167922 leofinance hive cryptocurrencies phishing technology security archon neoxian palnet bilpcoin
0
0
0.000
16 comments
avatar

I read about the hack. Who stores 8 million worth of crypto on metamask?

And they are an insurance company. The CTO is a Romanian girl, co-national with me. I wonder if the one stealing them will send the funds back for the $300,000 bounty.

Posted Using LeoFinance Beta

0
0
0.000
Reply
avatar

Who stores 8 million worth of crypto on metamask?

Absolutely foolish!

I wonder if the one stealing them will send the funds back for the $300,000 bounty.

I don't think so. If the attacker wanted a bounty he (or she) would have contacted the victim himself.
And do you trust them to give you the bounty?
I don't know if it's really that difficult to loose these coins.

Posted Using LeoFinance Beta

0
0
0.000
Reply
avatar

I read about the hack. Who stores 8 million worth of crypto on metamask?

not the problem. he used a hardware wallet and metamask as the transaction UI

Posted Using LeoFinance Beta

0
0
0.000
Reply
avatar

He used metamask though.

Posted Using LeoFinance Beta

0
0
0.000
Reply
avatar

that's true, made this easier. but regardless of the interface, do you read the tx and the underlying smartcontract in-depth before you hit send?

0
0
0.000
Reply
avatar

pixresteemer_incognito_angel_mini.png
Bang, I did it again... I just rehived your post!
Week 36 of my contest just started...you can now check the winners of the previous week!
!BEER
1

0
0
0.000
Reply
avatar

Damn that's a crazy amount. Makes the leo pool hack look like nothing. I wonder if they will return it. That's probably one of the biggest bounty awards I've heard, assuming it's a genuine offer.

Posted Using LeoFinance Beta

0
0
0.000
Reply
avatar

it's the sad state of ethereum apart from high GAS costs and non-scalability.

  • No Privacy features (address re-use, no privacy friendly wallets)
  • No anonymity features (except tornado.cash)
  • Infura - 100% centralized access point
  • MetaMask - majority is forced to use this because there are no good alternative. A browser extension on top.

There is a stark reason why Scatter-wallet (eosio) moved from browser wallet to standalone as soon as possible. They've forecasted issues like that

Posted Using LeoFinance Beta

0
0
0.000
Reply
avatar

This is a very interesting post for a change. Crazy, that someone in such a position manages such a fortune via Metamask, I would not have imagined.

But a question out of interest;

They offer him 300k if he sends the funds back and promise to refrain from investigations. Do you think the hacker could simply send back the sum -300k and refer to this statement afterwards, i.e. as a gentlemen's agreement?

I would be interested to know what you think about this?

Posted Using LeoFinance Beta

0
0
0.000
Reply
avatar
(Edited)

Buying ads for phishing is a very dangerous scenario. This needs a reblog. There could still be many noobs around who'd trust any link that look official.

Posted Using LeoFinance Beta

0
0
0.000
Reply
avatar

You need to stake more BEER (24 staked BEER allows you to call BEER one time per day)

0
0
0.000
Reply