Nexera's post-mortem says an external actor used compromised credentials to take control of Fundrs smart contracts and transfer 47.24 million NXRA tokens from Ethereum staking contracts on 7 August 2024. Nexera paused NXRA and NAI token contracts across multiple chains, sold exposure was limited to 14.75 million NXRA worth about $449,000, and the team removed 32.5 million NXRA from the attackers' wallet. Malware analysis identified BeaverTail and found that InvisibleFerret could deploy if conditions on the compromised client were met, aligning the intrusion with state-backed social engineering tradecraft. The company said the smart contracts themselves were not the root cause, and that no user wallets or confidential data were breached.