SushiSwap released ambitious roadmap to curb Uniswap’s DEX dominance
DeFi hits new all-time high, Nexus Mutual CEO victimized in MetaMask attack
OKEx Insights' DeFi Digest is a weekly examination of the decentralized finance industry.
DeFi Market Snapshot
It has been a historic week for BTC — and, by extension, decentralized finance. The market-leading cryptocurrency skyrocketed past its previous all-time high and just this weekend reached levels over $24,000 on global cryptocurrency exchanges. This surge also led to a new all-time high for total value locked in the DeFi market, which is currently close to $17 billion.
The total borrowing volume in the DeFi lending sphere rose 8% this week as Compound maintained its market dominance in this sector with a 55% share. The weekly average trading volume of decentralized exchanges, meanwhile, rose by 3% — with Uniswap's dominance declining to 36%.
In the yield farming sector, Curve remained the largest liquidity pool with $0.73 billion in total value locked, as of the time of writing. SushiSwap ranked second with a total value locked of $0.69 billion.
The cryptocurrency community is remaining primarily bullish on decentralized finance, following the launch of Ethereum 2.0.
Staking in the Ethereum protocol upgrade has also received a boost in the form of one-click ETH 2.0 staking on OKEx, which is now available to users. Additionally, this week's launch of the OKEx cross-chain gateway will allow users to transfer crypto-assets across multiple blockchains.
The MetaMask trick
The biggest news in the DeFi world this week was that Hugh Karp, the CEO of DeFi insurance platform Nexus Mutual, lost $8 million from his personal MetaMask wallet after it was compromised.
As disclosed by Nexus Mutual, the attacker was a member of the platform who passed its know-your-customer procedures on Dec. 3. NXM, the native token of Nexus Mutual, can only be transferred between members of the protocol. To hide their true identity, the attacker switched their membership to the address used to attack Karp's wallet on Dec. 11. The attacking address was then used to receive Karp's tokens.
The attacker then gained remote access to Karp's computer and modified the MetaMask wallet extension. This tricked Karp into signing a transaction that redirected his 370,000 NXM tokens — worth approximately $8 million — to the attacker's address with a public name tag "Nexus Mutual Hacker 1."
Afterwards, the attacker then began converting the stolen NXM tokens into other cryptocurrencies. First, they converted NXM tokens into wNXM tokens, then converted a portion of them into ETH via decentralized exchanges 1inch.exchange and Uniswap. A small portion of the wNXM tokens were converted into BNT on Bancor.
After the initial laundering, the "Nexus Mutual Hacker 1" address received RENBTC from a series of transactions sent by two wallet addresses. That RENBTC was then transferred out from the hacker to another address.
The "Nexus Mutual Hacker 1" address has a balance of zero Ether as of press time.
Nexus Mutual may take legal action
The stolen NXM tokens accounted for 6% of the total NXM supply, and the price of NXM initially dropped right after the attack. While Karp first complimented the attacker for performing a "very nice trick," he later requested that they return the NXM in full, for which he would grant a $300K bounty in return.
While the attacker did not respond to Karp's bounty offer directly, they asked for 4,500 ETH from Karp — who, as of the time of this writing, did not respond. The Nexus Mutual team has reiterated that the hack was a personal attack and that the funds and security of the Nexus Mutual protocol are not affected.
The Nexus Mutual team later discovered that one of the addresses suspected to have been used by the attacker belongs to a Singaporean resident with registered phone numbers, an email address and a residential IP address.
The team initiated a Telegram chat based on the information and urged the attacker to cooperate before they involve Singapore law enforcement. However, the Telegram contact denied attacking Karp's wallet.
Beware of rotten seed phrase attacks
Apart from the hack on Karp, MetaMask wallets for some DeFi users were exploited by hackers in the past month.
The MetaMask team is aware of the situation and stated that it believes that users are falling victim to so-called rotten seed phrase attacks. This type of attack is described as occurring when malicious websites mimic websites that users are trying to install the MetaMask extension from. In essence, the malicious websites imitate fake onboarding processes for users. When a user performs a backup of their seed phrase, the scammer is able to obtain the user's seed phrase — providing them complete access to the user's funds.
The MetaMask team reiterated that it never asks for seed phrases nor hosts websites that provide seed phrases to users. Additionally, the firm noted, users could be more likely to be compromised if they installed a crypto wallet via a search engine advertisement, as opposed to directly via metamask.io.
OKEx Insights presents market analyses, in-depth features, original research & curated news from crypto professionals.