Nexus Mutual founder's attacker has cashed out nearly 35% of the stolen funds
December 15, 2020, 8:05AM EST
1 min read
An attacker who stole about $8.25 million from Nexus Mutual founder Hugh Karp's wallet address yesterday has now successfully withdrawn almost 35% of the funds.
According to The Block Research, the attacker used renBTC — an ERC-20 token backed 1:1 by bitcoin, to withdraw 137 bitcoin to twoaddresses. The withdrawn bitcoin is currently worth about $2.65 million or about 35% of the stolen funds. It was worth about $2 million at the time of withdrawal (see chart below).
The attacker initially stole Nexus Mutual (NXM) tokens and then converted them into ether (ETH) first and then renBTC via decentralized exchange (DEX) aggregator 1inch and DEX protocol Matcha. Specifically, the attacker sold 102,000 NXM on 1inch and 16,000 NXM on Matcha. The rest of the funds are still intact in the attacker's other addresses.
One of the attacker's addresses has a connection with crypto exchange Huobi, i.e., it is their Ethereum address on the exchange.
The attacker's withdrawals suggest that they are unlikely to return funds to Karp, who offered a bounty of $300,000 yesterday. While Karp has lost most of his funds, he said he still has a "material amount of NXM left."
As for how the attack occurred, Karp was tricked into approving one spoof transaction since the attacker gained access to his computer and altered his MetaMask extension.
The Block Research was commissioned by Algorand to create Layer-1 Platforms: A Framework for comparison, which provides a “look under the hood” at seven platforms: Algorand, Avalanche, Binance Smart Chain, Cosmos, Ethereum/Ethereum 2.0, Polkadot, and Solana.
We assess their technical design, related ecosystem data, and qualitative factors such as key ecosystem members to get an understanding of how they differ. Having done this analysis, we draw some insights for what the future of the broader smart contract landscape could look like for years to come.