Nexera DeFi project had its second hack in a year

Nexera, a DeFi project featuring a decentralized market, went through its second hack in the past year. The exploit affected the native token NXRA. 

Nexera announced the second hack on its protocol in the past year, affecting a smart contract holding the native NXRA token. None of the funds ended up on exchanges, as Nexera immediately halted the token smart contract and froze the assets. 

The recent hack affected a total of 47M tokens, where the exploiter managed to sell some of the funds. Later, 32.5M NXRA were frozen in the hacker’s wallet and destroyed. Initially, the exploit was noted by the Cyvers Alert on-chain researchers. They warned Nexera that an exploiter had altered its proxy contract and was moving and bridging tokens. 

Nexera claimed its main smart contract is solid and the NXRA token will still use the same address. Later, the project team issued a warning for all holders to disable approvals of any Nexera smart contracts from their wallets. The warning to revoke access to Nexera contracts arrived more than 24 hours after the initial hack. Revoking access to the contract must be done manually, as soon as possible before incurring additional losses. According to Etherscan, 23,083 holders may be affected.

Estimates of losses range between $440K and $1.5M. NXRA has limited trading volumes and mostly relies on DEX activity. The hack added to the pressure on the native token, crashing the price to $0.018 before recovering to $0.03. Since the exploit, NXRA trading has been stopped, awaiting further clarifications on active risks. The full report on the exploit may take a few days, while NXRA will remain frozen for a few days.

The hacker managed to exploit a proxy smart contract with a token reserve, draining the available assets. The 47M NXRA are a small part of the total supply of 850M tokens. However, some of the assets were sold fast for ETH, then converted to tokens on Binance Smart Chain. The part of tokens successfully sold is estimated at $440K.

Nexera to resume activity after second hack

The size of the Nexera hack is relatively small compared to other Web3 exploits. The protocol itself was not directly targeted, but the hacker tried to exploit a collection of projects in a staking smart contract. 

What drew attention to the hack was the fact that Nexera faced a similar situation before. The same team ran Alliance Block (ALBT), which lost $5M in tokens on a staking smart contract in early 2023.

The hacker managed to withdraw 112M ALBT from a Bonq lending protocol, along with 500K Binq euro (BEUR) tokens. The ALBT token price crashed after the hack, as the exploiter moved the funds from Polygon to Ethereum with the intention of selling. 

After that hack, Nexera rebranded and issued a new token and ticker. This time, the asset will remain, despite the direct attack. 

Nexera raised suspicions of potential insider work, or even a deliberate attack by hackers infiltrated as part of the team. On-chain researcher and analyst @ZachXBT believes the Nexera attack may be part of a bigger trend where hackers join crypto companies, or inject malicious software during interviews. Researchers connect the hacker group to North Korea, with a goal of siphoning valuable tokens and swapping them for ETH to later mix and trade. 

The presence of locked value and collateral increases the damage of hacks against Web3 projects. As DeFi revived in 2024, attacks also accelerated. In July, several large exploits affected WazirX, Compound, LiFi and other platforms. 

In the case of Nexera, the direct losses were small, but the loss of value and reputation hurt multiple holders. There were even some doubts that Nexera’s hack was the work of insiders, aiming to generate conditions for a token buyback. Currently, NXRA owners are still trying to see if their funds would be unlocked and if the project’s smart contracts are deemed safe to use again. 

Cryptopolitan reporting by Hristina Vasileva