Nexus Mutual founder's attacker has cashed out nearly 35% of the stolen funds

DeFi • December 15, 2020, 8:05AM EST

UPDATED: December 15, 2020, 8:10AM EST

Partner offers

An attacker who stole about $8.25 million from Nexus Mutual founder Hugh Karp's wallet address yesterday has now successfully withdrawn almost 35% of the funds.

According to The Block Research, the attacker used renBTC — an ERC-20 token backed 1:1 by bitcoin, to withdraw 137 bitcoin to two addresses. The withdrawn bitcoin is currently worth about $2.65 million or about 35% of the stolen funds. It was worth about $2 million at the time of withdrawal (see chart below).

The attacker initially stole Nexus Mutual (NXM) tokens and then converted them into ether (ETH) first and then renBTC via decentralized exchange (DEX) aggregator 1inch and DEX protocol Matcha. Specifically, the attacker sold 102,000 NXM on 1inch and 16,000 NXM on Matcha. The rest of the funds are still intact in the attacker's other addresses.

One of the attacker's addresses has a connection with crypto exchange Huobi, i.e., it is their Ethereum address on the exchange.

The attacker's withdrawals suggest that they are unlikely to return funds to Karp, who offered a bounty of $300,000 yesterday. While Karp has lost most of his funds, he said he still has a "material amount of NXM left."

As for how the attack occurred, Karp was tricked into approving one spoof transaction since the attacker gained access to his computer and altered his MetaMask extension.

AUTHOR

Yogita Khatri

Yogita Khatri is a senior reporter at The Block and the author of The Funding newsletter. As our longest-serving editorial member, Yogita has been instrumental in breaking numerous stories, exclusives and scoops. With over 3,000 articles to her name, Yogita is The Block's most-published and most-read author of all time. Before joining The Block, Yogita wrote for CoinDesk and The Economic Times. You can reach her at [email protected] or follow her latest updates on X at @Yogita_Khatri5.

Connect on

WHO WE ARE

The Block is a news provider that strives to be the first and final word on digital assets news, research, and data.

+ Follow us on Google News

Connect with the block on

More by Yogita Khatri

Coinbase to acquire Vector.fun, the Tensor-built Solana trading platform, to advance 'everything exchange' vision

November 21, 2025, 12:22PM EST

Mergers & Acquisitions

JPMorgan says crypto market correction appears driven by retail selling of bitcoin and ether ETFs

November 20, 2025, 5:43PM EST

Markets

Latest Crypto News

Coinbase Derivatives to expand 24/7 futures trading for bevy of altcoins including ADA, AVAX, DOGE and SHIB

Grayscale's Dogecoin and XRP ETFs tee up to launch on Monday following NYSE approvals

Solo bitcoin miner beats 1-in-180-million odds to land $265,000 block

Institutional buyers ‘nibbling’ as crypto selloff widens, but analysts warn final shakeout may not be done