A hacker has remotely modified the MetaMask wallet used by Nexus CEO Hugh Karp.
He changed a transaction to send the CEO's funds to his own wallet.
The hacker has taken $8 million of Karp's funds._¹

#1 Hack transaction: 370000 NXM ~ 8 millions USD

#2 wrap the NXM to wrapped NXM (only NXM is tradable on Uniswap). it means that the hacker presumably went through a KYC process because only KYCd users can move NXM

#3 moved wNXM to 0x03e89f2e1ebcea5d94c1b530f638cea3950c2e2b

#4 then there is a lot of swaps using Uniswap (through 1inch to find optimal swap routes)

#5 then he swap all the ETH to renBTC

#6 the hacker(s) burn the renBTC to receive BTC on the Bitcoin blockchain on currently 3 transactions: 46,14 renBTC - 75,93 renBTC - 15,12 renBTC

#7 Now we are on the bitcoin blockchain thanks to the Ren protocol

Please Note Ren Protocol has been used recently by Harvest Finance hackers (฿81.477474)

#8 Wallet has received the 122 BTC

#9 renBTC burn is planned to this address 3BLjbZkjY2rtvF3mmmFtRcDpbdpVpGPTVS

#10 Hacker has now 147 BTC

The hacker still have 198K NXM to cashout (53%) => he already managed to cashout in BTC the half of the stolen funds

Last update on Dec 15 2020, 11:00am CET

Talk with one of our experts

No Surprises. Just Straightforward Pricing
‍At Scorechain, what you see is what you pay—no hidden fees, no tricky tiers.
One Platform. Everything You Need
‍Get everything—from monitoring to risk scoring to reporting to travel rule—in one powerful, easy-to-use system.
Your Data Stays Yours—Always
‍Unlike some providers, we don’t analyze, mine, or share your data. Ever. What’s yours stays yours—period.
350+ Compliance & Digital Asset teams have trusted us since 2015