Nexera has fallen victim to a major cyberattack, resulting in the theft of $1.8 million. This incident has triggered an investigation and the suspension of all smart contracts on the platform. The hacker, who has been linked to several previous exploits, is in the process of liquidating stolen NXRA tokens for Ether and transferring the funds to the BNB chain.
NXRA Token Contract Paused Amid Hack
Blockchain infrastructure provider Nexera, formerly known as AllianceBlock, has confirmed a serious security breach that resulted in a significant financial loss of $1.8 million. The hack, identified by the crypto security firm Cyvers, has led Nexera to take immediate action. They have temporarily halted their smart contracts and have started an investigation into the breach.
In a public announcement made on X (formerly Twitter), Nexera stated that the company has “identified the exploit” and is collaborating with law enforcement. The NXRA token contract has been paused, while trading on decentralized exchanges is also halted. Additionally, centralized exchanges, including KuCoin and MEXC, have suspended deposits and withdrawals of NXRA tokens to prevent further losses.
Current data from Zapper indicates that the attacker is in possession of 32.5 million NXRA tokens, which are valued at approximately $1.23 million, as well as $555,000 in Tether’s USDT stablecoin. Reports suggest that the hacker has initiated the process of liquidating NXRA tokens in exchange for Ether, with some funds already moved to the BNB chain. Cyvers estimates the total loss due to this breach to be around $1.5 million.
This incident is not unique, as the attacker has a history of previous hacks, including breaches at OKX DEX, SpaceCatch, and Concentric Finance. The series of attacks underscores the ongoing security challenges within the decentralized finance (DeFi) sector. The use of mixers like Tornado Cash complicates recovery efforts for stolen assets by obscuring the tracing of funds.
The crypto industry as a whole faced a challenging month in July, with hackers managing to steal approximately $266 million across 16 different breaches, emphasizing the persistent security vulnerabilities that plague the space. Among these incidents was the attack on Indian crypto exchange WazirX on July 18, which alone accounted for over $230 million in losses—an astonishing 86.4% of the total theft for the month.
Nexera Takes Steps Following Exploit
In response to the recent exploit, Nexera has taken the drastic measure of burning the 32.5 million NXRA tokens involved in the cyberattack. This action is part of a broader strategy to address the hacking incident and enhance security protocols. According to a report from blockchain security firm PeckShieldAlert, these tokens have been permanently removed from circulation.
Details concerning the breach reveal that Nexera plans to implement several steps to ameliorate the situation. Although their smart contracts were not affected, the team swiftly froze the remaining 32.5 million NXRA tokens held in the attacker’s wallet. After further analysis, it was determined that only $440K of the total NXRA tokens transferred were compromised.
The decision to burn the tokens is aimed at supporting the stability of the Nexera ecosystem and preventing the stolen tokens from being used, traded, or circulated in the market, which would further impact its value. The attack on Nexera, which took place on August 7, specifically targeted the theft of 47 million NXRA tokens, valued at around $1.76 million. The hacker has begun selling parts of the stolen tokens in exchange for Ethereum (ETH), as well as transferring portions of the funds to the BNB Chain.
Nexera clarified that the exploit was part of a wider coordinated attack affecting various projects and protocols. The company has assured users that there is no need to create a new NXRA token as the original token address remains valid. Users were advised to abstain from trading due to the connections between the attacker and exploit-related addresses on exchanges like KuCoin and MEXC, which subsequently suspended their services.
Ongoing Laundering of Stolen Funds
In a related development, the hacker responsible for the Rain crypto exchange breach, which occurred earlier this year, has also begun laundering stolen funds via the crypto mixer Tornado Cash. Notably, blockchain security firm PeckShield reported that the hacker transferred 1,155 ETH, valued at approximately $2.9 million, to Tornado Cash in an attempt to obscure the origins of the funds.
The Rain exchange was hacked on April 29, with around $14.1 million taken, including various cryptocurrencies like Bitcoin, Ethereum, Solana, and XRP. Rain co-founder AJ Nelson publicly acknowledged the breach and stated that the exchange would cover the stolen assets to maintain operational stability for its users.
In another instance, an exploiter associated with the DeFi protocol Unizen has transferred 865.4 ETH, worth nearly $2.16 million, to Tornado Cash. This marked the first movement of the stolen funds since the hack on March 8. Unizen had announced earlier that users who lost $750,000 or less would be compensated for their losses.
In an intriguing twist, an MEV (Maximum Extractable Value) bot that drained 3,996 ETH from the Ronin network bridge on August 6 has returned most of the stolen funds. This indicates that the bot may have accidentally exploited the vulnerability, and upon realizing its actions, returned the funds while being rewarded for its discovery of the exploit.
AI Security System Matches Human Experts
Interestingly, recent developments in AI have led to the creation of an automated security testing system capable of performing penetration tests. In a recent experiment, it matched the effectiveness of leading professional cybersecurity pentesters, completing tasks in under 1.1% of the time taken by human testers. This advancement could provide significant benefits to the crypto industry, which has suffered a staggering $1.4 billion in hacks this year alone. As cyber threats continue to evolve, the implementation of AI-powered security testing may prove invaluable in improving overall security resiliency within the crypto space. Stay tuned for more updates on this evolving story on the Turkish NY Radio.
