Recently, the decentralized insurance protocol Cover Protocol is gaining momentum. It has both the aura blessing of Yearn.finance founder Andre Cronje (AC) and the surge of governance tokens. Two highlights make it successful with the concept of DeFi insurance. Caught the eye of the market.
However, at 5:40 pm on December 14th, Beijing time, CertiK Skynet monitoring discovered a huge transaction from Hugh Karp, the founder of Nexus Mutual. The transaction transferred a total of 370,000 NXM tokens to an unknown account with a value of up to $8.3 million. As soon as the news came out, the NXM token plummeted 16%, dropping to a minimum of 16.1 US dollars. Subsequent Nexus Mutual issued a statement stating that this attack is only a personal impact and will not cause any financial risk to Nexus Mutual users.
This time the hacker attack was unexpected, and the object of the attack turned out to be Hugh Karp, the founder of Nexus Mutual (NXM).
According to the official introduction, Nexus Mutual allows users to purchase insurance for some smart contracts to insure against accidents caused by smart contract vulnerabilities in some current mainstream agreements (such as Compound, Aave, Uniswap). On this platform, users can insure specific smart contracts for a period of 30 days or more, and each insurance is priced in its native token NXM.
Similar to traditional mutual insurance, Nexus Mutual is owned by the holder of NXM. NXM is the core asset of the system, which represents the rights of community members, including risk assessment through staking and participation in community governance.
This is an old brand founded in 2017. It is a company limited by guarantee established in the UK based on a mutual insurance organization structure. It is worth noting that Hugh Karp, the founder of Nexus Mutual, has more than 15 years of experience in the insurance industry. He once served as the CFO of UK Life Operations. However, even if he is experienced, he is still being tricked.
Nexus Mutual has always been regarded as the head project of the DeFi insurance track. Since the DeFi insurance business itself is to resist the security risks of traders, this security incident caused many people to shout that insurance is not safe.
◢▏ Day and night protection, difficult to prevent house thieves
According to the official statement of Nexus Mutual, the hacker seems to have obtained remote control of Karp’s computer, installed a modified Metamask, and then asked Karp to sign a transaction to transfer the 370,000 NXM tokens in the wallet address To move to the wallet designated by the hacker, the value is approximately US$8.3 million.
The hacking process is actually quite common, that is, Trick (deceiving) Karp to sign a seemingly normal transaction, but the actual transaction is to send the currency to himself. Wan Hui Dovey, the founding partner of Primitive Ventures and a member of the Advisory Committee of Coindesk, openly commented Make an analysis of this incident.
Because Karp definitely does not have a large amount of wNXM in his hands, but a large amount of NXM, he must complete the fishing work in the inner disk. Then after the phishing is complete, as long as the price of NXM itself drops to 100% of MCR, the hacker must know that the Bonding curve cannot be used for shipment, so he is very experienced and directly wraps the NXM he has obtained and sends it to the external market.
(Note: wNXM refers to wrapped NXM, the ERC20 version of NXM’s local currency. The relationship between the two is that only the holder of NXM can convert NXM to wNXM by 1:1 mapping.)
The hacker seems to be a member of the Nexus Mutual community and passed the KYC about eleven days ago. The Nexus Mutual community manager told the foreign media “Cointelegraph” that they believe that hackers have passed KYC certification with fake certificates. Therefore, seeking normal legal channels may not be able to bring hackers to justice.
◢▏Coin price plummeted by 16%, unable to settle claims
Although Nexus Mutual has indicated for the first time, users’ funds will not be affected. However, due to the huge amount of hacked, the market might be in danger of being sold off. Therefore, the price of NXM tokens plummeted by 16% within three hours after the hacked news appeared. It fell from 19.2 US dollars to 16.1 US dollars.
Although at December 11, Nexus Mutual added itself to Cover Protocol, another insurance platform. However, because the reason for this hack was not a contract vulnerability on the Nexus Mutual platform, but a problem with Karp’s computer permissions, the claim could not be settled.
Karp also urged on Twitter that hackers should not want to sell assets easily. They have locked the wallet address and will continue to track the flow of funds, but he also praised the hackers as an outstanding one.
The attack on the account of the founder of Nexus Mutual illustrates the importance of insurance. The high-density hacking incident is a warning. In the blockchain network world, no matter who you are and what role identity you have, hackers will not bypass you because of your fluke. The losses caused by security incidents may happen to everyone.
In any case, DeFi applications are gradually deeply participating in the entire market, and DeFi is also bringing new vitality with an innovative attitude, and it also meets many needs of the market. From the perspective of vision, DeFi insurance is expected to become a more efficient and convenient risk hedging tool, but whether this new oar can set off a huge wave is still facing market test.
