OKEx - Leading Cryptocurrency Exchange Demo Trading
Copied

Share articles to

Academy Industry Analysis Article
DeFi DEX DeFi Digest OKEx Insights

DeFi hits new all-time high, Nexus Mutual CEO victimized in MetaMask attack

2020.12.19 Matthew Lam

OKEx Insights' DeFi Digest is a weekly examination of the decentralized finance industry.

DeFi Digest image

DeFi Market Snapshot

It has been a historic week for BTC — and, by extension, decentralized finance. The market-leading cryptocurrency skyrocketed past its previous all-time high and just this weekend reached levels over $24,000 on global cryptocurrency exchanges. This surge also led to a new all-time high for total value locked in the DeFi market, which is currently close to $17 billion

The total borrowing volume in the DeFi lending sphere rose 8% this week as Compound maintained its market dominance in this sector with a 55% share. The weekly average trading volume of decentralized exchanges, meanwhile, rose by 3% — with Uniswap's dominance declining to 36%. 

In the yield farming sector, Curve remained the largest liquidity pool with $0.73 billion in total value locked, as of the time of writing. SushiSwap ranked second with a total value locked of $0.69 billion.

The total value locked in DeFi reached an all-time high of over $16B. Source: DeFi Pulse and DeBank

The cryptocurrency community is remaining primarily bullish on decentralized finance, following the launch of Ethereum 2.0. 

Staking in the Ethereum protocol upgrade has also received a boost in the form of one-click ETH 2.0 staking on OKEx, which is now available to users. Additionally, this week's launch of the OKEx cross-chain gateway will allow users to transfer crypto-assets across multiple blockchains.

The MetaMask trick

The biggest news in the DeFi world this week was that Hugh Karp, the CEO of DeFi insurance platform Nexus Mutual, lost $8 million from his personal MetaMask wallet after it was compromised.

As disclosed by Nexus Mutual, the attacker was a member of the platform who passed its know-your-customer procedures on Dec. 3. NXM, the native token of Nexus Mutual, can only be transferred between members of the protocol.  To hide their true identity, the attacker switched their membership to the address used to attack Karp's wallet on Dec. 11. The attacking address was then used to receive Karp's tokens.

The attacker then gained remote access to Karp's computer and modified the MetaMask wallet extension. This tricked Karp into signing a transaction that redirected his 370,000 NXM tokens — worth approximately $8 million — to the attacker's address with a public name tag "Nexus Mutual Hacker 1."

Afterwards, the attacker then began converting the stolen NXM tokens into other cryptocurrencies. First, they converted NXM tokens into wNXM tokens, then converted a portion of them into ETH via decentralized exchanges 1inch.exchange and Uniswap. A small portion of the wNXM tokens were converted into BNT on Bancor.

The attacker first converted stolen NXM tokens into WNXM tokens. Source: Etherscan

After the initial laundering, the "Nexus Mutual Hacker 1" address received RENBTC from a series of transactions sent by two wallet addresses. That RENBTC was then transferred out from the hacker to another address.

The attacker received RENBTC and transferred it to another wallet address. Source: Etherscan

The "Nexus Mutual Hacker 1" address has a balance of zero Ether as of press time.

Nexus Mutual may take legal action

The stolen NXM tokens accounted for 6% of the total NXM supply, and the price of NXM initially dropped right after the attack. While Karp first complimented the attacker for performing a "very nice trick," he later requested that they return the NXM in full, for which he would grant a $300K bounty in return. 

While the attacker did not respond to Karp's bounty offer directly, they asked for 4,500 ETH from Karp — who, as of the time of this writing, did not respond. The Nexus Mutual team has reiterated that the hack was a personal attack and that the funds and security of the Nexus Mutual protocol are not affected. 

The Nexus Mutual team later discovered that one of the addresses suspected to have been used by the attacker belongs to a Singaporean resident with registered phone numbers, an email address and a residential IP address.

The team initiated a Telegram chat based on the information and urged the attacker to cooperate before they involve Singapore law enforcement. However, the Telegram contact denied attacking Karp's wallet.

Beware of rotten seed phrase attacks

Apart from the hack on Karp, MetaMask wallets for some DeFi users were exploited by hackers in the past month.

The MetaMask team is aware of the situation and stated that it believes that users are falling victim to so-called rotten seed phrase attacks. This type of attack is described as occurring when malicious websites mimic websites that users are trying to install the MetaMask extension from. In essence, the malicious websites imitate fake onboarding processes for users. When a user performs a backup of their seed phrase, the scammer is able to obtain the user's seed phrase — providing them complete access to the user's funds.

The MetaMask team reiterated that it never asks for seed phrases nor hosts websites that provide seed phrases to users. Additionally, the firm noted, users could be more likely to be compromised if they installed a crypto wallet via a search engine advertisement, as opposed to directly via metamask.io.


OKEx Insights presents market analyses, in-depth features, original research & curated news from crypto professionals.

Follow OKEx Insights on Twitter and Telegram

Exclusive Reward for Newcomers

Earn free bitcoin worth $10 by signing up & placing your first order!

Disclaimer: This material should not be taken as the basis for making investment decisions, nor be construed as a recommendation to engage in investment transactions. Trading digital assets involve significant risk and can result in the loss of your invested capital. You should ensure that you fully understand the risk involved and take into consideration your level of experience, investment objectives and seek independent financial advice if necessary.

Recommended

industry-analysis-en