Learn how a smart contract vulnerability led to the theft of $1.8 million from Nexera, a DeFi protocol. Discover the hacker’s tactics and the ongoing challenges facing the DeFi industry.
The decentralized finance (DeFi) ecosystem has once again become the victim of a significant security breach. Blockchain infrastructure protocol Nexera has fallen victim to a significant exploit, resulting in the theft of approximately $1.8 million worth of digital assets.
The attack, detailed by crypto security firm Cyvers on August 7th, involved a complex manoeuvre where the attacker gained control of Nexera’s proxy contract. This strategic asset, often a central point of control within DeFi protocols, was exploited to execute a “withdraw admin” function, stealing the entirety of the platform’s NXRA tokens (32.5 million NXRA tokens).
“Our system has detected a suspicious transaction involving your proxy contract. An address took ownership of your proxy contract and upgraded it. Shortly after, the address used the withdraw admin function to transfer all the $NXRA tokens,” Cyvers explained in a post on X (Twitter).
Following the incident, Nexera swiftly responded by pausing the NXRA token contract and halting trading on decentralized exchanges. The platform is also actively collaborating with centralized exchanges to suspend trading activities. Kucoin and MEXC have already implemented these measures.
Announcement
— Nexera (@Nexera_Official) August 7, 2024
The team is investigating an exploit involving smart contracts containing NXRA tokens.
While we are still finalizing our findings, there are already a couple of things that we can share:
1️⃣ The $NXRA token contract has already been paused. Trading is halted on…
While these measures are essential to mitigate further losses, the platform faces a daunting task in rebuilding trust and recovering stolen funds because unlike the Ronin Network breach, where a suspected white hat hacker stole $9.8 million worth of Ether and returned stolen funds promptly, the Nexera attacker displayed clear malicious intent.
Immediately following the theft, the hacker initiated a process to launder the stolen NXRA tokens. By converting the stolen funds into Ethereum (ETH) and potentially utilizing cryptocurrency mixers, the attacker aims to obscure the stolen funds’ origins, making it significantly more challenging for authorities and cybersecurity firms to trace and recover the assets.
The attack has sent shockwaves through the cryptocurrency community, with the NXRA token’s value plummeting by 40% in the aftermath. Blockchain sleuth ZachXBT has linked the attacker to a series of previous private key compromises, including high-profile incidents involving SpaceCatch, Concentric Finance, OKX DEX, Serenity Shield, and Reach. The attacker currently holds a substantial stash of 32.5 million NXRA tokens, valued at approximately $1.23 million, along with $555,000 in USDT stablecoin.
As the DeFi industry continues to grow, protocols must prioritize robust security measures to protect user funds. This includes conducting rigorous audits, implementing advanced security features, and fostering a culture of responsible development.
RELATED TOPICS
- 6 of the Best Crypto Bug Bounty Programs
- India’s Largest Crypto Exchange WazirX Hacked: $234.9M Stolen
- Crypto Scammer Returns $9.27 Million Out of $24M Crypto Theft
- Dark Web Drug Lord Pleads Guilty, Forfeits $150M Cryptocurrency
- Inferno Drainer Phishing Nets Scammers $80M from Crypto Wallets
- Crypto Exchange FixedFloat Hacked: $26 Million in BTC, ETH Stolen
