Key Takeaways:
Decentralized cryptocurrency trading platform Nexera fell victim to a hack on Wednesday, resulting in a loss of $1.5 million worth of its native NXRA token. According to reports, the hacker took over the exchange’s proxy contract, giving them full control over its functions.
Nexera, founded in 2018, facilitates multi-chain trading between Ethereum and Arbitrum blockchains. The NXRA coin, which is at the center of the incident, is used for various functions within the ecosystem, like paying transaction fees and earning rewards.
Hackers Steal 42M NXRA Worth $1.5 Million From Nexera DEX’s Multi-Sig Wallets
Blockchain security firm Cyvers was the first to report the incident. In an X post mentioning Nexera, they said their system detected a “suspicious transaction” involving the decentralized exchange’s (DEX) proxy contract.
The analysts noted that the hacker’s wallet managed to take control of Nexera’s proxy contract and upgraded it with new permissions. This allowed them to utilize the platform’s “withdraw admin” function to transfer out all NXRA tokens, which was all of its liquidity.
Cyvers said the hacker’s address has been selling most of the loot for Ether (ETH), while some has been bridged to the BNB Chain.
On-chain security firm Certik reported that two Nexera multi-sig wallets were exploited for 47.253 million NXRA. They noted that after selling some tokens, the hacker bridged $448,000 USDT to the BSC chain, which was then sent to another address.
The hacker’s wallet still holds 32.5 million NXRA, worth around $1.2 million, but is unable to move it due to insufficient liquidity. The total estimated loss for Nexera in this exploit is reported to be $1.5 million.
Nexera Halts All Activities On Its Exchange And Asks Users Not To Trade NXRA
Shortly after the event, the Nexera team took to X and confirmed the attack, noting they were pausing the NXRA contract to halt all trades with the token on its platform and are working with centralized exchanges (CEX) to do the same. The decentralized exchange has urged all NXRA holders to cease trading until the investigation is complete and the issue is resolved.
Following the hack, the value of NXRA plummeted by over 40% within hours. At the time of writing, the token is trading at $0.04022 – down 33.8% in the last 24 hours.
The attack has drawn significant attention to Nexera because this is the second time the DEX has been compromised. In April, a project deployed on its ecosystem called ALBT was hacked, leading to the theft of 100 million ALBT tokens. However, the incident flew under the radar.
Ronin Bridge Losses $9.3 Million Worth of Ethereum In Latest Hack
The Nexera hack comes just two days after Ronin Bridge, an Ethereum sidechain built to support the popular play-to-earn crypto game Axie Infinity, was attacked. Blockchain security firm PeckShield was the first to report the incident that resulted in 3,996 ETH worth approximately $9.3 million being stolen.
Axie Infinity players use the Ronin Bridge to transfer assets between Ethereum and Ronin networks.
The game’s co-founder Aleksander Leonard Larson said they have halted all functions using Ronin and have opened an investigation into the exploit. He assured users that over $850 million worth of assets currently secured by the bridge are safe.
Reports suggest that Ronin Bridge may have suffered a Maximal Extractable Value (MEV) hack, which is a technique where a bad actor attempts to extract the maximum potential profits from blockchain transactions by manipulating the order and inclusion of those transactions during block production.
Ronin Suffered The Largest DeFi Hack In 2022
Nevertheless, this is not the first incident involving Ronin Bridge. In 2022, the Ethereum sidechain suffered one of the largest exploits in the history of decentralized finance (DeFi) after hackers accessed private keys to its validator nodes to steal 173,600 ETH and 25.5 million USDC, worth approximately $624 million.
The breach executed through compromised private keys allowed the hackers to gain control over five of the nine validator nodes necessary for approving transactions on the Ronin Network.
Following the hack, Ronin took immediate steps to enhance security, including taking its token-bridging protocol and decentralized exchange offline for a few months before reinstating them.
The FBI later attributed the Ronin Bridge hack to the North Korean Lazarus hacking group. The US Department of Treasury imposed sanctions on a wallet that had received the stolen funds. The Ronin Network team worked with law enforcement, forensic cryptographers, and investors and managed to recover around $40 million worth of the stolen funds last year.
These thefts highlight the persistent vulnerabilities of the crypto sector, especially DeFi protocols like DEXs and token bridges.
Read more: Bitcoin Makes Top 10 In Global Asset Ranking
