Nexera, a blockchain infrastructure protocol specializing in tokenization, recently became the victim of a DeFi hack, losing $1.5 million to the exploiter, according to the crypto security firm Cyvers.
DeFi hacks happen when attackers exploit weaknesses in decentralized finance applications, leading to theft of funds, market manipulation, or other harmful activities. These vulnerabilities often come from coding errors, design flaws, or other weaknesses in the smart contracts and protocols that support DeFi platforms.
Nexera Hacker Buys ETH with Stolen Funds
According to Cyvers, an unknown entity took control of Nexera’s proxy contract, upgraded it, and then used the admin withdraw function to transfer NXRA tokens. The security firm detected the suspicious transaction and reported that the address took over the proxy contract and transferred all the NXRA tokens soon after upgrading it.
🚨ALERT🚨Hey @Nexera_Official,
Our system has detected a suspicious transaction involving your proxy contract.
An address took ownership of your proxy contract and upgraded it. Shortly after, the address used the withdraw admin function to transfer all the $NXRA tokens.The… pic.twitter.com/Of4bAD7UiP
— 🚨 Cyvers Alerts 🚨 (@CyversAlerts) August 7, 2024
Cyvers also disclosed that the hacker is currently selling the stolen tokens for ETH, with some funds already moved to the BNB chain. Hackers often convert stolen tokens to ETH and use crypto mixers like Tornado Cash to hide the funds’ origins, making it harder for cybersecurity firms to trace them.
After Cyvers’ report, Nexera announced on X that it is “investigating an exploit involving smart contracts containing NXRA tokens” and outlined steps to mitigate the damage and prevent further losses. The Nexera team paused trading on the NXRA token contract and halted trading on decentralized exchanges. They are also talking to centralized exchanges to stop NXRA trading.
Ronin Bridge Suffers $11.3M Exploit
In a related event, CoinTab reported a critical issue involving Axie Infinity’s Ronin network, where an MEV bot withdrew over 4,000 ETH, equivalent to $11.3 million, from the bridge. The Axie Infinity team paused the protocol to investigate. The withdrawn funds are currently held at a specific address, as shown in recent Etherscan transactions.