TL;DR
- Nexera Protocol Hacked: A hacker exploited a vulnerability in Nexera’s system on August 7, stealing $1.8 million worth of NXRA tokens by manipulating a proxy contract.
- Market Impact: The value of NXRA tokens plummeted by 48% following the attack, with stolen tokens being converted to Ether and bridged to Binance Smart Chain.
- Ongoing Investigation: Nexera is taking steps to prevent further damage, while on-chain investigator ZachXBT links the hacker to previous exploits, highlighting a troubling trend of repeat offenders in the DeFi space.
The Nexera protocol, a DeFi platform bridging traditional finance with blockchain technology, has suffered a significant security breach. On August 7, a hacker exploited a vulnerability within Nexera’s system, resulting in a loss of $1.8 million. This incident was confirmed by Nexera in a post on X.
Announcement
The team is investigating an exploit involving smart contracts containing NXRA tokens.
While we are still finalizing our findings, there are already a couple of things that we can share:
1️⃣ The $NXRA token contract has already been paused. Trading is halted on…— Nexera (@Nexera_Official) August 7, 2024
According to the post, the attack was executed by exploiting a proxy contract within Nexera’s infrastructure. The malicious actor gained control of the proxy contract, upgraded it, and then used the “withdraw admin” function to siphon off $1.8 million worth of Nexera (NXRA) tokens. This breach highlights a critical vulnerability in the platform’s security protocols.
Market Impact on Nexera
In the aftermath of the attack, the value of NXRA tokens plummeted by 48%. The stolen tokens are being sold off in exchange for Ether and bridged to the Binance Smart Chain (BNB). The total estimated loss remains around $1.8 million, causing significant concern among investors and stakeholders.
Interestingly, this breach occurred just a day after a white hat hacker compromised the Ronin Network for $9.8 million worth of Ether (ETH). Unlike the Nexera incident, the white hat hacker returned all the stolen assets within a few hours, showcasing a stark contrast in hacker intentions and actions.
Ongoing Investigation
Nexera has updated its followers on X, stating that they have identified the exploit and are taking steps to prevent further damage.
Update
We have already identified the exploit in the past hours. We have acted fast and managed to stop further damage.
We have also taken the following steps:
✅ We are working with our partners at @HypernativeLabs to trace the source of the exploit and have begun discussions…
— Nexera (@Nexera_Official) August 7, 2024
The hacker’s actions raise significant alarm, especially given their method of transforming stolen tokens into Ether, a frequent strategy employed to clean illicit funds through cryptocurrency mixers such as Tornado Cash. This process complicates efforts to recover the stolen assets and bring the perpetrators to justice.
Repeat Offender
In a twist that adds further intrigue, on-chain investigator ZachXBT has connected the Nexera hacker to a string of earlier breaches, which encompass incidents at SpaceCatch, Concentric Finance, OKX DEX, Serenity Shield, and Reach.
This connection underscores a troubling trend of repeat offenders in the crypto space, raising questions about the overall security of DeFi platforms. The Nexera hack serves as a stark reminder of the vulnerabilities within the DeFi ecosystem.
As the investigation continues, the crypto community watches closely, hoping for swift action to prevent future breaches and restore confidence in blockchain security.
