- A hacker has remotely modified the MetaMask wallet used by Nexus CEO Hugh Karp.
- He changed a transaction to send the CEO's funds to his own wallet.
- The hacker has taken $8 million of Karp's funds.1
#1 Hack transaction: 370000 NXM ~ 8 millions USD
#2 wrap the NXM to wrapped NXM (only NXM is tradable on Uniswap). it means that the hacker presumably went through a KYC process because only KYCd users can move NXM
#3 moved wNXM to 0x03e89f2e1ebcea5d94c1b530f638cea3950c2e2b
#4 then there is a lot of swaps using Uniswap (through 1inch to find optimal swap routes)
#5 then he swap all the ETH to renBTC
#6 the hacker(s) burn the renBTC to receive BTC on the Bitcoin blockchain on currently 3 transactions: 46,14 renBTC - 75,93 renBTC - 15,12 renBTC
#7 Now we are on the bitcoin blockchain thanks to the Ren protocol
Please Note Ren Protocol has been used recently by Harvest Finance hackers (฿81.477474)
#8 Wallet has received the 122 BTC
#9 renBTC burn is planned to this address 3BLjbZkjY2rtvF3mmmFtRcDpbdpVpGPTVS
#10 Hacker has now 147 BTC
The hacker still have 198K NXM to cashout (53%) => he already managed to cashout in BTC the half of the stolen funds
Last update on Dec 15 2020, 11:00am CET
Read more on
1https://decrypt.co/51355/hacker-steals-8-million-from-nexus-ceo-by-remotely-changing-metamask
