Yesterday morning, a hacker stole 370,000 NXM (equivalent to $8 million) from Nexus Mutual CEO Hugh Karp. The hacker accomplished the attack by infecting Karp’s computer with malware and installing a modified, malicious MetaMask extension – tricking him into signing a different transaction that transferred funds to the attacker’s own address.
While the hack may sound novel (Nexus referred to it as “next level”), we documented the possibility of this exact type of attack in a previous blog post.
For institutional investors transferring sizable amounts of crypto (e.g., $8 million worth), attacks like the Nexus hack are showing that retail-tier technologies (like simple Chrome extensions and hardware wallets) are no longer sufficient protection. If you’re using retail tech, you risk invoking an attack of opportunity for hackers – as there’s now a clear way to trick even the CEO of a popular Ethereum project into sending funds to an unauthorized wallet.
So, how can you stop attacks like this one from happening to you? At Fireblocks, we’ve been researching crypto hacks for years; we have developed a distinct philosophy on the best way to eliminate digital asset-based cybercrime, and we’re confident that this type of hack is actually completely preventable with the right security technologies.
Here are our 4 recommendations to eliminate the possibility of an attack like the Nexus hack:
1) Automate deposit address authentication to avoid sending funds to the wrong address
The Nexus hacker remotely modified Karp’s MetaMask wallet to send funds to a different deposit address than he intended (the hacker’s own). This is not the first time deposit address and transaction spoofing has resulted in massive asset losses for an institution, nor is it the first time that a Chrome web extension hack was a part of a spoofing attack like this.
Institutions have utilized a number of different methods to mitigate deposit address attacks, such as test transfers and hardware wallets. However, each of these methods comes with their own issues (such as slowing down operations and failing to account for internal/social engineering attacks).
Today, institutions are utilizing new technologies to automate deposit address authentication and rotation. Solutions like the Fireblocks Network – an on-chain asset transfer and deposit address authentication protocol – completely secures deposit addresses from spoofing attacks (like the Nexus hack) and removes the operational burden of whitelisting and test transfers in the process. The Fireblocks Network guarantees:
- Total mitigation of man-in-the-middle attacks
- Full address proofing and recipient authentication
- A fail-close system if an attack is detected on either end
- Whitelisting of DeFi specific addresses
2) Access DeFi using enterprise-grade tools
Hackers are always looking to take advantage of institutional investors that are using retail-grade tool (MetaMask) to access DeFi protocols. Technologies like these are unable to offer the kind of security institutions require when they’re sending large amounts of crypto, as they were built for everyday retail transactions.
The biggest issue with browser-based DeFi app integrations is that you’re leaving your private keys in the browser, and signing transactions from there. Although this wasn’t the vulnerability exploited in the Nexus attack, many institutional users are still using the built-in browser wallet, exposing their private keys. When a hacker steals browser-held information (e.g., with a simple malware-based attack), pocketing your funds is an easy next step.
Unfortunately, accessing DeFi through consumer-grade apps also means your assets aren’t insured.
With a newer, institutional-grade DeFi solution, cyberattacks like these are fully preventable. Fireblocks offers fully secured private keys, deposit address & destination contract whitelisting, internal policies/workflows, and multiple ways to access DeFi (including DeFi API and an enterprise-grade DeFi Browser Extension that mitigates the security issues of retail-grade extensions); the hacker would not have been able to modify Karp’s data on Chrome if he’d been secured by a solution like this.
3) Utilize a wallet with more flexibility than hardware can offer
Some institutions choose to add a hardware wallet to their tech stack to add an additional layer of security, but this isn’t always enough.
The issue with utilizing a hardware wallet to add security to DeFi is that it presents operational and governance problems for institutions. Most importantly, high-value transactions (e.g. $8 million) should require a multi-approval workflow and policy checks.
Unfortunately, it’s very difficult to enforce institutional policies and procedures when using a single physical device, such as a hardware wallet.
4) Add a policy engine to your workflow to ensure transactions require multiple approvals
When institutions utilize MPC-based wallets instead of hardware, they gain the ability to add multi-approval workflows and policy checks to all transactions.
For example, if Nexus had been working with a solution like Fireblocks DeFi, the policy engine would have sent a notification to Karp and he would have been able to reject the transaction to the new deposit address – effectively avoiding this entire situation.
Upping your security in 2021
It’s absolutely possible to avoid attacks like the Nexus hack – it’s just important to understand which threat vectors hackers are taking advantage of, and how to best account for them. Our newest security whitepaper walks you through everything you need to know about digital asset security in 2021, from private key security and deposit address spoofing to insider attacks and social engineering.