Sunday, December 22, 2024

Digital Napalm

We love the smell of napalm in the GM.

Uncategorized

Hugh Karp of Nexus got hacked for $24M

Hugh Karp is the founder of Nexus Mutual | Blockchain & Insurance.  You can learn more about what Nexus Mutual does here or at its site.

Karp recently gave a video interview to Bankless regarding his story of woe and what people can do to prevent it.

He was on a Windows PC running a hardware wallet through Metamask. He opened a Microsoft Word file. It could have been a .pdf or anything but it exploited a vulnerability in the Microsoft operating system. There was another file embedded within the .docx file that opened up the door for the hacker by allowing the malware to be placed on the PC. It effectively gave the hacker remote access to his computer which compromised his entire PC. The hacker switched Chrome into developer mode and initiated a malicious version of the Metamask extension. At that point his private keys were still OK because they were on a hardware wallet. But what he later did was interact with Metamask on his computer when he was claiming some rewards – when Metamask popped up asking for approval it created a spoof transaction. It then pushes the transaction to the hardware wallet – in theory it shows you what to do but it’s a very challenging thing to decipher all of that hex code, so he was tricked into approving the transaction. But instead of approving the rewards, what he was actually doing was sending the attacker a large amount of NXM, directly from the hardware wallet.

The ingenuity of the hacker combined with well.. Windows lolol made this professional (obviously Mr. Karp is no idiot) lose millions of dollars.

This is just another, exquisitely painful example of why people need to be super careful downloading anything to their computers from an unknown source.    It also makes a good example of why until there are more safeguards regarding crypto, widescale adoption is not going to happen.

Leave a Reply

Your email address will not be published. Required fields are marked *