CEO of Nexus Mutual Hacked for $8M. Follow our investigation

A hacker has remotely modified the MetaMask wallet used by Nexus CEO Hugh Karp.
He changed a transaction to send the CEO’s funds to his own wallet.
The hacker has taken $8 million of Karp’s funds._¹

#1 Hack transaction: 370000 NXM ~ 8 millions USD

#2 wrap the NXM to wrapped NXM (only NXM is tradable on Uniswap). it means that the hacker presumably went through a KYC process because only KYCd users can move NXM

#3 moved wNXM to 0x03e89f2e1ebcea5d94c1b530f638cea3950c2e2b

#4 then there is a lot of swaps using Uniswap (through 1inch to find optimal swap routes)

#5 then he swap all the ETH to renBTC

#6 the hacker(s) burn the renBTC to receive BTC on the Bitcoin blockchain on currently 3 transactions: 46,14 renBTC – 75,93 renBTC – 15,12 renBTC

#7 Now we are on the bitcoin blockchain thanks to the Ren protocol

Please Note Ren Protocol has been used recently by Harvest Finance hackers (฿81.477474)

#8 Wallet has received the 122 BTC

#9 renBTC burn is planned to this address 3BLjbZkjY2rtvF3mmmFtRcDpbdpVpGPTVS

#10 Hacker has now 147 BTC

The hacker still have 198K NXM to cashout (53%) => he already managed to cashout in BTC the half of the stolen funds

Last update on Dec 15 2020, 11:00am CET