A smart contract security incident has resulted in the exploitation of the Nexera protocol, resulting in the theft of $1.5 million in digital assets.
According to an August 7 X post by Cyvers, Nexera, a decentralized finance (DeFi) protocol that sought to connect DeFi with traditional finance, was compromised for $1.5 million in Nexera (NXRA) tokens.
Our system has identified a suspicious transaction that pertains to your proxy contract. An address assumed the proprietorship of your proxy contract and upgraded it. Shortly after, the address utilized the withdraw admin function to transmit the $NXRA tokens.
“Our system has detected a suspicious transaction involving your proxy contract. An address took ownership of your proxy contract and upgraded it. Shortly after, the address used the withdraw admin function to transfer all the $NXRA tokens.”
Although the $1.5 million is considered a relatively minor incident, it occurred only one day after Ronin Network was exploited by a suspected white-hat hacker, who stole $9.8 million in Ether tokens. The hacker promptly returned all of the lost funds within a few hours.
The perpetrator is currently evading authorities with the stolen funds, evidence of the incident’s malicious intent.
According to Cyvers, the infiltrator has initiated the sale of a portion of the NXRA tokens for Ether.
“The address is currently selling all the tokens for $ETH, and some of the funds have already been bridged to the $BNB chain. The total estimated loss is around $1.5 million.”
Hackers frequently convert their stolen tokens into Ether to launder the funds through cryptocurrency mixers such as Tornado Cash. This process complicates tracing the origin of the funds for cybersecurity firms.
Nexera hacker is associated with previous exploits
According to onchain data, this is not the exploiter’s initial malevolent incident.
ZachXBT, an onchain investigator, stated in a Telegram post on August 7 that the exploiter’s addresses are also associated with previous private key compromises.
“Attacker is on-chain linked to recent private key compromise incidents, including SpaceCatch, Concentric Finance, OKX DEX, Serenity Shield, Reach, and many others.”
“Attacker is connected on-chain to recent private key compromise incidents such as SpaceCatch, Concentric Finance, OKX DEX, Serenity Shield, Reach, and many more.”
The exploit transpired nearly three weeks after a hacker stole more than $230 million from WazirX, an Indian cryptocurrency exchange, in the second-largest cryptocurrency breach of 2024 thus far.
