Attackers hacked Nexera smart contract and stole $1.5 million from the protocol

Decentralized protocol Nexera has been hacked, with $1.5 million worth of digital assets stolen in yet another smart contract security breach. The decentralized finance (DeFi) product has been hacked by cybercriminals, blockchain security experts at Cyvers have confirmed.

The protocol team itself also reported an exploit related to smart contracts containing NXRA tokens. They are currently suspended. Trading of the asset on decentralized exchanges (DEX) has also been frozen.

Cyvers researchers stated: “Our system detected a suspicious transaction involving a proxy contract. An unknown address took control and updated it. Shortly after, the attacker used the admin withdraw function to transfer all NXRA tokens.”

In this case, the attacker has already disappeared with the cryptocurrencies and has gradually begun exchanging them for Ethereum (ETH): “The address is currently selling all assets for ETH, and some of the funds have already been transferred to the BNB chain. It is assumed that he will try to confuse the traces of the transactions.”

The attackers are reported to often convert the stolen tokens into Ether to launder the funds through cryptocurrency mixers, including Tornado Cash and others. This makes it much more difficult for cybersecurity companies to track the origin of digital funds.

According to blockchain security researcher ZachXBT, the attacker’s addresses are linked to several other cases of private key compromise: “The hacker is linked in a chain to recent incidents including the theft of funds from SpaceCatch, Concentric Finance, OKX DEX, Serenity Shield, Reach, and others.”

While $1.5 million is considered a relatively small amount, the incident occurred just one day after the Ronin Network was hacked. The attacker stole $9.8 million worth of ETH, but returned the funds within hours.