Hugh Karp’s PC was compromised before the attack.
MetaMask browser extension has been replaced with a malicious application.
Ledger users are now the target of similar personal attacks
The founder of the DeFi insurance protocol Nexus Mutual published a post-mortem on a targeted attack using MetaMask that resulted in the personal loss of $ 8 million in crypto assets.
On December 14 , Hugh Karp, founder of Nexus Mutual, had an unpleasant surprise when he was led to make a transaction to an attacker’s address via MetaMask. This resulted in the loss of 370,000 Nexus Mutual (NXM) tokens, worth approximately $ 8.4 million at the time.
Karp has now detailed the attack in the hopes that others will not fall victim to the same hack.
A post-mortem and update on the status of the hack in NXM from last week.
Thank you to everyone for your messages of support, and especially to those who contributed to our surveys.
PC Windows and MetaMask compromis
The DeFi expert said he was then using a Ledger connected through MetaMask to interact with the Nexus Mutual app, on a computer running Microsoft Windows.
A few days earlier, Karp had noticed a screen flickering while composing an email, but didn’t pay much attention to it. An hour later, on December 11, the MetaMask extension was modified from disk and replaced with a malicious version.
On the day of the attack, he went to claim mining rewards through the MetaMask extension, which revealed a fraudulent transaction instead of a transaction to the intended destination. The transaction appeared in the Ledger and was completed, but there was no confirmation from the Nexus Mutual app. It was then that the attack was finalized.