Nexera Halts NXRA Trading amid $1.5M Exploit Investigation

Coinspeaker
Nexera Halts NXRA Trading amid $1.5M Exploit Investigation

Nexera is grappling with a major security breach that has resulted in the theft of approximately $1.5 million worth of NXRA tokens. The incident, identified by blockchain security platform Cyvers Alerts, involves the exploitation of Nexera’s proxy contract.

Details of The Exploit

According to Cyvers Alerts, the breach occurred when an unauthorized address took control of Nexera’s proxy contract, which manages the NXRA token operations. This address then performed an upgrade on the contract, giving it enhanced administrative powers. Using these new privileges, the attacker accessed the withdraw admin function to move all NXRA tokens from the contract.

🚨ALERT🚨Hey @Nexera_Official,
Our system has detected a suspicious transaction involving your proxy contract.
An address took ownership of your proxy contract and upgraded it. Shortly after, the address used the withdraw admin function to transfer all the $NXRA tokens.

The… pic../Of4bAD7UiP

— 🚨 Cyvers Alerts 🚨 (@CyversAlerts) August 7, 2024

The stolen tokens were quickly converted into Ethereum (ETH). Additionally, a portion of the ETH was transferred to the Binance Smart Chain (BNB Chain), which complicates the tracking and recovery of the funds due to the involvement of multiple blockchain networks.  The ability to recover the stolen funds, which may be concealed using privacy mixers like Tornado Cash, will be a critical factor in mitigating the damage and restoring community trust.

Nexera’s Response

Nexera promptly paused the NXRA token contract to prevent further transactions. Trading of NXRA tokens on decentralized exchanges (DEXs) has been halted and operations on Nexera Bridge paused to prevent additional transactions. Additionally, KuCoin and MEXC have suspended deposits, withdrawals, and trading, and more exchanges have been notified to do the same. The company is working with web3 security firm Hypernative Labs to trace the source of the exploit, in addition to engaging several law enforcement agencies.

In the most recent update, Nexera confirmed that its smart contracts were not compromised. The exploit was part of a coordinated attack targeting multiple projects. Fortunately, the company’s swift response and collaboration with partners prevented further damage. Out of the stolen NXRA tokens, only $440,000 was effectively compromised, while the remaining assets in the attacker’s wallet have been successfully frozen.

Nexera has determined that issuing a new NXRA token will not be necessary, and the current token address will remain unchanged. The platform is focusing on relaunching the token and will provide a detailed post-mortem report in the coming days. For users who have staked NXRA on Fundrs, their assets will be restored automatically, and no additional actions are needed from their end.

News of the hack has caused a dramatic drop in the NXRA token’s value, plummeting 49%, as indicated by CoinMarketCap.

Rising Trend of Crypto Hacks

The Nexera breach is part of a troubling trend of rising crypto hacks. Immunefi’s latest report shows that the cryptocurrency sector experienced a significant increase in hacks and fraud in Q2 2024, with losses totaling $572.7 million, an increase of 112% from the previous year.

This trend is exemplified by recent high-profile incidents, including the July 18 WazirX hack, which led to a loss of $235 million in digital assets. Less than 24 hours ago, Ronin Network also experienced a security breach. The breach involved a white-hat exploit where $12 million in ETH and USDC was withdrawn. Although these funds are being returned, the incident has heightened concerns about the security of blockchain platforms.

The growing frequency of these attacks calls for heightened vigilance among users and robust security measures by crypto platforms to safeguard against such threats.next

Nexera Halts NXRA Trading amid $1.5M Exploit Investigation