It has been reported by disclosure by Nexus Mutual that the funds were drained on Monday (December 14) morning UTC by compromising Karp’s personal device, as the hacker managed to install a compromised version of MetaMask that tricked Karp into signing a transaction that redirected all his NXM tokens to an attacker-controlled address.
The report said that according to Nexus Mutual, Karp was using a hardware wallet. The attacker circumvented the protection by replacing a legitimate transaction with his own. Some hardware wallets should provide protection against these types of attacks by requiring confirmation on the device itself, where the display should be protected against this form of tampering.
Also, the attacker was a member of the mutual, having passed know-your-client verification 12 days ago.
It has been analyzed that the attacker was not fully identified though, with investigations still pending, as the attacker needed to be a verified member of the mutual in order to receive NXM tokens.
A Nexus Mutual community manager said that they are “working on the assumption that [the hacker] could have committed identity fraud.”
Likewise, the NXM token dropped 17% since the attack occurred, although the protocol itself was not affected.
The NXM stolen in the hack amounts to approximately 6% of all tokens in circulation, which could pose significant downward pressure on price.
As per the report, Karp later complemented the attacker for performing a “very nice trick.”
Thus, he offered a $300,000 bounty and dropping all charges in exchange for returning the tokens by arguing that the hacker would have trouble in converting the NXM into more liquid forms of money.