The Nexera protocol has fallen victim to a $1.5 million hack. Nexera, a DeFi platform designed to connect traditional finance with blockchain innovations, experienced a severe vulnerability on August 7, as reported by Cyvers.
According to Cyvers, the attack was facilitated by exploiting a proxy contract within Nexera’s system. The malicious actor gained control of the proxy contract, upgraded it, and then utilized the “withdraw admin” function to siphon off the $1.5 million worth of Nexera (NXRA) tokens.
Interestingly, this breach comes just a day after the Ronin Network was compromised for $9.8 million worth of Ether (ETH). In a rare twist, the suspected white hat hacker who stole the funds from Ronin returned all the assets within a few hours, though the hacker is now on the run with the funds.
AD 4nXduQPKjnotLO7qCcPfgITDuxbipON2YHu9KV1yx9P9YeEqTD2XAtQaaIKptDkmX
Source: Cyvers Alerts
This swift return contrasts sharply with the Nexera incident, where the stolen NXRA tokens are being sold off in exchange for Ether and bridged to the Binance Smart Chain (BNB). The total estimated loss remains around $1.5 million.
The Nexera updated on their Twitter that they have identified the exploit and are acting to stop further damage.
The hacker’s activities are particularly concerning due to their pattern of converting stolen tokens into Ether, a common tactic used to launder funds via cryptocurrency mixers like Tornado Cash. This process complicates efforts of the stolen assets and brings perpetrators to justice.
Adding another layer of complexity, on-chain investigator ZachXBT has linked the Nexera hacker to a series of previous exploits, including breaches at SpaceCatch, Concentric Finance, OKX DEX, Serenity Shield, and Reach. This connection underscores a troubling trend of repeat offenders in the crypto space.