On Monday, a hacker who stole $ 8.3 million from Nexus Mutual CEO Hugh Karp’s private wallet sent a ransom request for $ 2.66 million of Ether (ETH) embedded in the input data of an Ethereum transaction.
In his message dated December 16, the attacker is directly addressing Karp; He suggests they will stop selling the stolen NXM until the price corrects or Karp sends 4,500 ETH. The message contains the following statements:
“HELLO HUGH. I WILL NOT SELL ANY MORE WNXM UNTIL I RECOVER THE WNXM VALUE OR SEND ME 4.5 THOUSAND ETH. IF YOU NEED TO SEE ME, SEND A MESSAGE TO MY ETH. BELOW YOUR ADDRESSES. YOU ARE RICH HUGH […] “
It is unclear whether the hacker has offered to return the rest of the stolen NXM in the case he mentions it as the second scenario, but if he decides to send the ransom, this will likely be a precondition for Karp. Any negotiation is requested to be directed through the attacker’s Ethereum address. The message results in three wallet addresses allegedly owned by Karp and claiming to be “rich”.
How was Karp hacked?
As we reported earlier, Karp signed a transaction that redirects all NXM tokens to an address controlled by the attacker; used a captured version of MetaMask.
Karp later offered a $ 300,000 reward, claiming that the hacker would have trouble converting NXM into more liquid currency forms. He announced that he would not file a criminal complaint in exchange for returning the tokens.
However, it was reported that the attacker had already laundered $ 2.7 million of the NXM he worked with and now demanded a similar amount to not sell the rest.