Nexera protocol has been exploited for $1.5 million worth of digital assets in another smart contract security incident.
Nexera, a decentralized finance (DeFi) protocol aiming to bridge DeFi with traditional finance, was hacked for $1.5 million worth of Nexera (NXRA) tokens, according to an Aug. 7 X post by Cyvers:
“Our system has detected a suspicious transaction involving your proxy contract. An address took ownership of your proxy contract and upgraded it. Shortly after, the address used the withdraw admin function to transfer all the $NXRA tokens.”
While the $1.5 million counts as a relatively small incident, it comes only a day after Ronin Network was exploited for $9.8 million worth of Ether (ETH) tokens by a suspected white hat hacker, who returned all the lost funds within a few hours.
Related: $510B crypto sell-off wipes 2024 gains for top 50 coins
The hacker is already on the run with the funds
Showcasing the malicious intent of the incident, the hacker is already on the run with the stolen funds.
The hacker has started selling part of the NXRA tokens for Ether, according to Cyvers:
“The address is currently selling all the tokens for $ETH, and some of the funds have already been bridged to the $BNB chain. The total estimated loss is around $1.5 million.”
Hackers often convert their stolen tokens into Ether, to launder the funds via cryptocurrency mixers like Tornado Cash, making the origin of the funds more difficult to trace for cybersecurity firms.
Related: Market makers sold over $300M Ether as ETH price crashed below $2,200
Nexera hacker connected to previous exploits — Onchain investigator
This isn’t the first malicious incident caused by the exploiter, according to onchain data.
The exploiter’s addresses are connected to previous private key compromises as well, according to onchain investigator ZachXBT, who wrote in an Aug. 7 Telegram post:
“Attacker is connected on-chain to recent private key compromise incidents such as SpaceCatch, Concentric Finance, OKX DEX, Serenity Shield, Reach, and many more.”
The exploit occurred nearly three weeks after a hacker stole over $230 million from WazirX, an Indian cryptocurrency exchange, in the second-largest cryptocurrency hack of 2024 so far.
Magazine: How crypto bots are ruining crypto — including auto memecoin rug pulls