The latest crypto heavyweight to have been targeted by malicious actors is Hugh Karp, who is the CEO of Nexus Mutual, a decentralized finance (DeFi) provider. The company revealed on Twitter that the chief executive’s personal crypto wallet had been compromised by the hackers and his funds had been drained. A compromised version of a renowned Ethereum-based crypto wallet called MetaMask had been installed by the hackers and had tricked the CEO into authorizing a transaction for diverting his entire holdings of NXM tokens into their own wallet. According to the company, a hardware wallet had been used by Karp for keeping the tokens.
However, the protection protocols were broken by the attacker and they had replaced a legitimate transaction with their own. As per the details of the transaction, a total of 370,000 NX tokens valued at $2.8 million had been carted away by the thief. On-chain data shows that the malicious actor has already begun to convert the tokens into Ether. They are still investigating the theft. Karp said that the attacker had operated very smoothly and said that it was a ‘very nice trick’. A $300,000 reward was offered by Karp to the thief and said that he would drop all charges against him if the stolen tokens were returned.
Karp stated that cashing out the NXM tokens would be difficult for the hacker and if he returned them, they would give him a $300k bounty and drop all investigations. MetaMask is one of the most popular crypto wallets available. However, this year has seen it become a target of an alarming number of phishing attacks and other hacks. Earlier this month, CipherTrace, a blockchain security and forensics firm, had issued a warning after it noted an increase in reports of a malicious browser extension on Chrome of MetaMask stealing the funds.
The warning explained that there had been an increase in alerts and comments within the crypto community. The company went on to say that crypto forums and projects were also reporting fake MetaMask websites. As a matter of fact, a number of them had also shown up in Google ads in search results directly above legitimate links, every time a user searches for MetaMask in the search engine. However, the primary problem for the crypto wallet has been none other than phishing. It appears that there are a number of fake websites that are targeting the wallet.
Most of these fake websites ask the users to provide their 12-word seed phrase for upgrading and connecting their wallets. However, the malicious actors only use these seed phrases for breaking into the users’ MetaMask wallets and steal their funds. As far as MetaMask’s role is concerned, they have already asked its users to only download the wallet from their official accounts on their respective app marketplace. People have been advised to be cautious of entering their details on any website, as they could become victims of the latest phishing attacks that are currently ongoing.