The hacker, who stole $8.3 million from the private wallet of Nexus Mutual CEO Hugh Karp on Monday, has sent a ransom demand for $2.66 million in Ether (ETH) embedded in the input data of an Ethereum transaction.
It has been reported that in the poorly-worded December 16 message, the attacker addressed Karp directly, and suggested that they will cease selling off the stolen NXM until the price recovers or Karp sends 4,500 ETH.
“Hello Hugh. I will not sell wNXM any more until wNXM recovers his value or you send me 4.5k ETH. If you need any negotiation with me, send msg to my eth address. Following are your addresses. You are rich, Hugh […]”
However, it’s not clear if the hacker offered to return the remainder of the stolen NXM in the latter scenario, though this would likely be a prerequisite condition for Karp if he decides to send the ransom.
The report said that any negotiation is requested to be directed through the attacker’s Ethereum address, and the message concludes by listing three wallet addresses claimed to belong to Karp, along with the assertion that he is “rich.”
The hacker managed to install a compromised version of Metamask that tricked Karp into signing a transaction transferring all his 370,000 NXM to the attacker’s wallet.
Likewise, in a tweet, Karp complemented the attacker on some “next level stuff,” while noting that it would be difficult to cash out so much NXM, and offering a $300,000 bounty if the tokens were returned in full.
Thus, the attacker has already laundered up to $2.7 million worth of the stolen NXM and is now demanding a similar amount to not sell off the rest.