7 August 2024 Incident: Post Mortem Report From the Nexera Team
Contents
A recent incident targeted Nexera Fundrs, resulting in the unauthorized transfer of $NXRA tokens from its smart contracts. This post-mortem report provides a detailed overview of what happened, how we responded, and the steps we’re taking to secure our platform and safeguard our community.
What Happened
On 7 August 2024, an external actor gained unauthorized access and transferred $NXRA tokens from Fundrs’ Staking Contracts on Ethereum. We immediately identified the root cause of this incident and paused the $NXRA token contract, effectively halting all on-chain transactions involving $NXRA tokens.
Out of the 47.24M $NXRA tokens that were stolen, the attackers were only able to sell 14.75M tokens (the equivalent of approximately USD 449K). We successfully removed the remaining 32.5M $NXRA balance from the attackers’ wallet, preventing further loss.
What Was Affected
The attackers gained access to credentials to manage smart contracts for the Fundrs platform. Using these credentials, they transferred $NXRA tokens from the Fundrs …
What Happened
On 7 August 2024, an external actor gained unauthorized access and transferred $NXRA tokens from Fundrs’ Staking Contracts on Ethereum. We immediately identified the root cause of this incident and paused the $NXRA token contract, effectively halting all on-chain transactions involving $NXRA tokens.
Out of the 47.24M $NXRA tokens that were stolen, the attackers were only able to sell 14.75M tokens (the equivalent of approximately USD 449K). We successfully removed the remaining 32.5M $NXRA balance from the attackers’ wallet, preventing further loss.
What Was Affected
The attackers gained access to credentials to manage smart contracts for the Fundrs platform. Using these credentials, they transferred $NXRA tokens from the Fundrs …