Nexera (NXRA) Suffers $1.5 Million Exploit, Attacker Linked to Multiple Incidents
Attackers gain control of Nexera's proxy contract, upgrade it, and subsequently utilize the withdraw admin function to transfer all NXRA tokens.
Nexera (NXRA), a platform facilitating the Ethereum network to Arbitrum layer-2 trading, has fallen victim to a significant exploit resulting in an estimated loss of $1.5 million. The attack, which occurred on August 7, 2024, saw an attacker gain control of Nexera’s proxy contract, upgrade it, and subsequently utilize the withdraw admin function to transfer all NXRA tokens.
The malicious actor, identified as a known entity connected to previous private key compromise incidents involving platforms like SpaceCatch, Concentric Finance, OKX DEX, Serenity Shield, Reach, and others, is actively selling the stolen NXRA tokens for Ethereum. However, the hacker bridged a portion of the funds to the Binance Smart Chain (BNB).
Furthermore, the exploited funds are currently residing at the addresses 0xe697949817a45446776376db203c04d31b580a10 and 0x6bd33c8256f7a37336b2b8fe967321e25540337b.
Insight Into Nexera Exploit and Impact
Nexera, founded in 2018 by Rachid Ajaja and Matthijs de Vries, has been a prominent player in the decentralized finance (DeFi) space. The platform’s native token, NXRA, plays a vital role in its ecosystem, facilitating transaction fees and reward mechanisms.
Nonetheless, the attack highlights the ongoing vulnerability of DeFi protocols to smart contract exploits. The attacker’s ability to gain control of the proxy contract and manipulate its permissions underscores the need for robust security measures within DeFi platforms.
In the aftermath of the exploit, the value of NXRA has plummeted by over 40%, currently trading at $0.037. Nexera’s team is actively investigating the incident and working to mitigate the damage caused by the attack.
Vitalik Buterin Falls Victim to $691,000 Cyber Heist
Ethereum co-founder Vitalik Buterin lost his X account (formerly Twitter) to hackers, resulting in the theft of $691,000 in digital assets. The majority of the stolen funds, approximately 73%, were non-fungible tokens (NFTs).
The hackers exploited a phishing link shared on social media, likely Twitter, which granted them access to multiple crypto wallets. The malicious tweet containing the phishing link has been removed, but the incident raises serious concerns about security vulnerabilities within the cryptocurrency space.
The attack highlights the importance of remaining vigilant against phishing scams and underscores the need for enhanced security measures to protect digital assets.