By
Bhushan Akolkar
January 9th, 2023
Since calling for the return of 90% of its stolen crypto assets, Nomad has now received $32.6 million from white hat hackers.
Following last week’s $190 million hack, the alleged white hat hackers responsible have now returned $32.6 million in tokens to the Nomad bridge. This latest development comes just a few days after the cross-chain bridge published an Ethereum wallet address where it hoped to receive the funds. Majority of the returned funds comprised stablecoins USD Coin (USDC), Tether (USDT), and Frax. There were also a few other altcoins included.
In early August, the Nomad token bridge was drained of $190 million worth of crypto assets in under three hours. This came about after some perceived lapses in the security of the Ethereum-based cross-chain bridge. According to research published by Paul Hoffman of BestBrokers, Nomad highlighted this vulnerability in its recent audit and deemed it low risk. However, upon discovering the exploit, members of the public got in on the hack by deploying a copy-and-paste format of the initial hack transaction. This digital heist saw users withdraw funds from the bridge that did not belong to them.
The Nomad hack was peculiar because it involved several attackers instead of the lone attacker number associated with such acts. Furthermore, PeckShield reports that around 41 addresses made away with more than $152 million, representing 80% of stolen funds.
Nomad White Hat Hackers
However, Nomad decided to identify the hack as work done by white hat hackers. According to the crypto company, these “ethical hackers” were acting in its interest by capturing funds otherwise lost to malicious hackers. In addition, Nomad stated that it was open to forfeiting 10% of the stolen funds if the hackers return 90%. The cross-chain protocol also assures that it would not prosecute whoever obliged its request. Instead, the individual(s) will be considered a legitimate tester of cross-chain protocol vulnerabilities. However, others outside this ‘bubble’ are liable to arrests, prosecutions, and blacklisting. A statement by Nomad chief executive officer Pranay Mohan read:
“We will not prosecute white hats. But we will continue to work with our partners, intelligence firms, and law enforcement to pursue all other malicious actors to the fullest extent under the law.”
The Nomad attack happened only four months after the protocol raised $22.4 million in seed funding back in April. Blockchain analysis provider Elliptic terms the exploit as one of the largest crypto hacks in history. A Twitter statement by Elliptic read:
“The Nomad cross-chain bridge hack is the 8th largest crypto theft ever. Elliptic has identified over 40 exploiters with the most prolific gaining almost $42m. Wallets used to initiate previous DeFi thefts are among those involved in this exploit.”
Nomad is a bridge protocol that allows users to swap tokens between blockchains to make various networks interoperable. However, many consider bridges as one of the weakest links in the crypto space. For instance, a Chainalysis estimate reports that bridges have lost approximately $2 billion in digital assets to hacks this year.
