Nexera, a decentralized finance (DeFi) project, has experienced its second hack within the past year. This time, the breach affected its native token, NXRA. The breach involved an intelligent contract that held the NXRA token, leading to significant disruptions and losses.
Immediate actions and impact
Upon discovering the hack, Nexera promptly halted the token’s smart contract and froze the assets to prevent further losses. The exploit resulted in the loss of 47 million NXRA tokens. Although the hacker managed to sell some funds, Nexera successfully froze 32.5 million NXRA in the hacker’s wallet, which was subsequently destroyed. Initial detection came from on-chain researchers at Cyvers Alert, who observed unusual activity involving altering Nexera’s proxy contract and the movement and bridging of tokens.
Nexera assured users that the leading smart contract remains secure and that the NXRA token address will not change. However, the project team advised all NXRA holders to revoke approvals from their wallets for any Nexera intelligent contracts to avoid potential losses. This advisory came more than 24 hours after the hack was detected, and manual revocation is necessary to secure the wallets. Etherscan indicates that approximately 23,083 holders could be affected by this security breach.
Financial and market consequences
The hack’s financial impact ranges between $440,000 and $1.5 million. NXRA, which relies heavily on decentralized exchange (DEX) activity, saw its trading volume plummet, causing the token price to drop to $0.018 before rebounding to $0.03. Trading of NXRA has been suspended pending further clarifications on any ongoing risks. The full report on the exploit is expected in the coming days, and NXRA tokens will remain frozen during this period.
The hacker exploited a proxy smart contract with a token reserve, draining 47 million NXRA tokens. These tokens represent a small fraction of the total supply of 850 million. Part of the stolen tokens, estimated at $440,000, was quickly converted to ETH and then to tokens on the Binance Smart Chain.
Background and Broader Implications
The Nexera hack has drawn significant attention partly because the project experienced a similar security breach in early 2023. The same team previously managed Alliance Block (ALBT), which suffered a $5 million loss from a staking brilliant contract hack. During that incident, the hacker withdrew 112 million ALBT and 500,000 Bonq euro (BEUR) tokens, causing a substantial price crash for ALBT as the funds were moved from Polygon to Ethereum and sold.
Following the earlier hack, Nexera rebranded and issued a new token and ticker. This time, despite the direct attack, the NXRA token will remain. Speculation about potential insider involvement or deliberate attacks by hackers infiltrating the team has arisen. On-chain researcher and analyst @ZachXBT suggested that the Nexera attack might be part of a more significant trend where hackers join crypto companies or inject malicious software during interviews. Some researchers believe the hacker group responsible is linked to North Korea, aiming to siphon valuable tokens and swap them for ETH to mix later and trade.
The DeFi sector experienced a resurgence in 2024, and the frequency and scale of attacks have increased. Recent large exploits have affected platforms like WazirX, Compound, and LiFi. In Nexera’s case, while the direct financial losses were relatively small, the reputational damage and loss of value have significantly impacted NXRA holders. There are even concerns that the hack could have been orchestrated internally to create conditions for a token buyback. Currently, NXRA owners await confirmation on whether their funds will be unlocked and if the project’s smart contracts are safe to use again.