145 total views
The hacker attack this time was unexpected. The target of the attack was Hugh Karp, the founder of Nexus Mutual (NXM) himself.
Nexus Mutual has always been regarded as the head of the DeFi insurance track. Since the DeFi insurance business itself is to resist the security risks of traders, this security incident caused many people to shout “Insurance is not insured”.
With the explosive growth of the number of DeFi projects, the proportion of “hackers”, “geeks”, “developers”, and “scientists” is increasing.
It can be clearly seen that the food chain in the DeFi field may be being recast, but the top computer talents behind the above-mentioned titles are already at the top of this food chain.
Is insurance “not insured”?
In official information and discussions in many communities, the entire process of the hacker attack by Nexus Mutual founder Hugh Karp has been restored.
Nexus Mutual is regarded as the head of the DeFi insurance track, and it is also one of the many well-known DeFi head agreements that will appear in the second half of 2020. Its native token, NXM, reached a high of $21 in July, with a maximum increase of 6 times in half a month. After the attack, NXM fell by 20%.
According to the official introduction, Nexus Mutual allows users to purchase insurance for some smart contracts to insure against accidents caused by smart contract vulnerabilities in some current mainstream agreements (such as Compound, Aave, Uniswap). On this platform, users can insure specific smart contracts for a period of 30 days or more, and each insurance is priced in its native token NXM.
Similar to traditional mutual insurance, Nexus Mutual is owned by NXM holders. NXM is the core asset of the system and represents the rights of community members, including risk assessment through staking and participation in community governance.
This is an old brand founded in 2017. It is a company limited by guarantee established in the UK based on a mutual insurance organization structure. It is worth noting that Hugh Karp, the founder of Nexus Mutual, has more than 15 years of experience in the insurance industry and was the CFO of UK Life Operations.
However, even though he was experienced, he was still “schemed”.
According to the official disclosure details, after the attacker obtained remote control of Hugh Karp’s personal computer, he modified the Metamask plug-in used on the computer and misled him to sign a transaction-this transaction eventually transferred a huge amount of tokens to the attacker’s In the account.
Subsequently, 370,000 NXM tokens were transferred to an unknown account, worth about 8.33 million US dollars.
“The hacking process is actually quite common. It is Trick (deceiving) Karp to sign a seemingly normal transaction, but the actual transaction is to send the coins to himself”, Wan Hui Dovey, founding partner of Primitive Ventures and member of the Advisory Board of Coindesk Publicly analyze the incident.
“Because Karp definitely does not have a large amount of wNXM, but a large amount of NXM, he must complete the “fishing” work in the internal disk. Then after the fishing is completed, the price of NXM itself will only fall to 100% of the MCR. I must know that it cannot be shipped by Bonding curve, so I was very experienced to directly wrap the NXM and go to the outside to smash it.”
(Note: wNXM refers to wrapped NXM, the ERC20 version of NXM’s local currency. The relationship between the two is that only the holder of nxm can convert NXM to wNXM by 1-1 mapping.)
“Professor Bitcoin LA” from the community described the hacker’s current behavior more simply: “The 370,000 coins stolen by the hacker has already cost more than 200,000 coins. He replaced NXM with WNXM and hit the disk. I changed it, and recharged it to other CEX and DEX, and sold it in various ways.”
This is a scam carefully planned by hackers. Wan Hui summed up the incident: “The hacker who hacked Nexus Mutual not only got the remote control of Huge Karp’s computer, but also did it in order to harvest Karp’s NXM. KYC of Nexus Mutual, (this is) has been carefully prepared for a long time, so it is useless to have KYC.”
After the incident was fermented in the community, many investors also sighed like her: “The top of the entire DeFi food chain is really hackers and scientists.”
Even the founder Karp himself commented on this behavior when he tweeted about hackers, “a great trick, absolutely an advanced operation.”
Recasting the food chain, reproducing the “double-edged sword”
“A hacker will never detour because of who you are,” the CertiK security verification team commented.
Since the advent of DeFi’s “agricultural era”, the industry’s structure has quietly changed. And highly skilled computer experts such as “scientists,” “geeks,” and “hackers” once again stepped onto the front of the stage. Technical talents are becoming more influential new “wealth” and new “resources” in the DeFi field.
Perhaps more and more people have noticed this. There is a view that one of the important purposes of the previous series of “mergers and acquisitions” by YFI founder AC (Andre Cronje) is to gather talents.
It can be seen from the mergers and acquisitions made by AC that he has merged many high-quality projects that have been formed in more precise project mergers and acquisitions, and tried to integrate the world’s top developers. The Keep3r developed by it provides a new platform to aggregate DeFi developers. Integrate the world’s top developers to form a distributed gathering place for developer resources-this is what AC and its team want.
“The reason why YFI is so popular is that AC has attracted too many top talents to develop on his platform. Any proposal in it can be used as an excellent project.” The idea is highly praised.
“To a certain extent, this is a big merger of the world’s top developers, through the aggregation of talents to achieve aggregation of projects, aggregation of funds. This model is much more advanced.”
But under this new model, the constant emergence of security incidents once again let the market see the two sides of technology. From “developer talent” to “hacker”, it may only depend on a single thought.
In fact, compared to the “inductive” fraud that Karp suffered, more security issues in the DeFi field still lie in the project vulnerabilities.
According to the “2020 Cryptocurrency Crime and Anti-Money Laundering Report” released by the digital currency analysis company CipherTrace, DeFi hackers accounted for 21% of the total theft in 2020, and in 2019, the number of DeFi hackers is almost negligible. If you don’t consider the data related to the KuCoin exchange stolen incident, DeFi hackers will account for more than 50% of the total amount. At the same time, some hackers are also using DeFi, choosing to launder stolen funds through decentralized exchanges.
Regarding the continuous emergence of technical “crimes”, Wan Hui once regarded the DeFi hacking incident as “a typical process of survival of the fittest”. In this process, only the best contract and the most robust contract can be marketed. Used.
“As a neutral financial tool, DeFi is used to defend private property against various drawbacks of centralized finance. Similarly, there will naturally be corresponding evil forces to do what they think is “reasonable”.”
In any case, DeFi applications are gradually deeply involved in the entire market. DeFi has also brought new vitality with an innovative attitude, and has also met many needs of the market. However, the early development stage of new technologies will face some new challenges.
What is more optimistic is that, in the face of technological security, which is a huge risk faced by traditional finance and the entire blockchain industry, although DeFi is inevitable, DeFi is also actively fighting.