• A hacker has remotely modified the MetaMask wallet used by Nexus CEO Hugh Karp.
• He changed a transaction to send the CEO's funds to his own wallet.
• The hacker has taken $8 million of Karp's funds._¹

#1 Hack transaction: 370000 NXM ~ 8 millions USD

#2 wrap the NXM to wrapped NXM (only NXM is tradable on Uniswap). it means that  the hacker presumably went through a KYC process because only KYCd users can move NXM

#3 moved wNXM to 0x03e89f2e1ebcea5d94c1b530f638cea3950c2e2b

#4 then there is a lot of swaps using Uniswap (through 1inch to find optimal swap routes)

#5 then he swap all the ETH to renBTC

#6 the hacker(s) burn the renBTC to receive BTC on the Bitcoin blockchain on currently 3 transactions: 46,14 renBTC - 75,93 renBTC - 15,12 renBTC

#7 Now we are on the bitcoin blockchain thanks to the Ren protocol

Please Note Ren Protocol has been used recently by Harvest Finance hackers (฿81.477474) 

#8 Wallet has received the 122 BTC

#9 renBTC burn is planned to this address 3BLjbZkjY2rtvF3mmmFtRcDpbdpVpGPTVS 

#10 Hacker has now 147 BTC

The hacker still have 198K NXM to cashout (53%) => he already managed to cashout in BTC the half of the stolen funds

Last update on Dec 15 2020, 11:00am CET

Read more on

¹https://decrypt.co/51355/hacker-steals-8-million-from-nexus-ceo-by-remotely-changing-metamask