The attacker who hacked the personal wallet of the founder of the Nexus Mutual DeFi protocol, Hugh Karp, demanded 4,500 ETH (~$2.6 million at the time of writing). The hacker left a comment using a transaction.

He stated that he would not sell NXM tokens until the exchange rate was restored or until Karp transferred the buyback. The hacker added three addresses to the message, which store more than $10 million.

“You’re a rich man, Hugh,” the unknown wrote.

Screenshot of the transaction from the Etherscan service.

Karp responded to the attacker’s demand on his Twitter. According to him, one of the addresses belongs to the Nexus Foundation, and he does not have such a large amount of cryptocurrency.

The Nexus Mutual team stated that they had identified a user from Singapore who had recently undergone a KYC procedure and interacted with the attacker’s wallet.

Earlier, representatives of the project explained that the hacker installed a compromised version of the MetaMask application on Karp’s personal computer, which tricked him into confirming the transaction.

The attacker’s prey was 370,000 NXM (about $8.22 million at the time of writing). According to Nexus Mutual, the protocol itself and user funds were not affected.

On December 14, the WNXM token rate fell from $19.15 to $16.57. At the time of writing, the coin is trading at $16.18.

Karp considered that such a volume of NXM would be problematic to cash out. He offered the attacker a reward of $300,000, calling the hack “a very good trick.”

Recall that to withdraw 137 BTC to two addresses, the hacker used the renBTC tokenized bitcoin protocol.