Nomad sets 10% bounty for hackers returning stolen crypto
The sheriff of decentralized finance project Nomad covered the internet with wanted posters during a recent $190 million hack of the company’s systems. Nomad tries to play nice about the heist, and it’s ask dozens of ne’er do wells to voluntarily hand over their share of ill-gotten gains. If you do, Nomad let you keep 10% of your ill-gotten gains, and entrepreneurs to promise they don’t go though the dogs on you.
Monday, Nomad Token Bridge experienced what was initially a $2.3 million hackbut reports from crypto security companies have shown that the The breach allowed users to skip verification messages normally required to access the platform. Users simply copy and paste the original hacker’s transaction number and replace it with their own, allowing some fun. A crypto bridge essentially connects multiple blockchain networks, and most of the stolen $190 million was $84 million in USD, according to Wednesday reports.
Nomad said in a statement late Thursday that anyone who returns 90% of their stolen funds to the bridge will keep the remaining 10% and be considered a “white hat hacker” for all intents and purposes not to pursue further action. justice. The company said these supposedly good players can return their stolen ETH/ERC-20 to the found Anchorage Digital wallet. here.
The company said $20 million has already been refunded through a few of these “white hats,” though a number of them may have been users returning to the bridge with their heads held in shame to exploit the security flaw. There are instances where hackers turn around and return their stolen crypto. The most famous case was that of a hacker by the name of “Mr. White Hat” who stole over $600 million from the Poly DeFi network, then turned around and all rendered few weeks later. The hacker said he was simply trying to “help secure the Poly project”.
Even though he becomes a much more difficult task when there are multitudes of hackers involved. Nomad CEO Pranay Mohan said in a statement that the company the main purpose was to restore the funds of bridged users, but it also wanted to “prosecute all other malicious actors to the fullest extent permitted by law”.
Gizmodo contacted Nomad to ask if the company knew the total number of wallets that committed the hacks and the number of “white hats” that surrendered their crypto, but we didn’t immediately hear back Friday morning.
Nomad’s statement also said so has been working with blockchain security firm TRM Labs to try to identify the wallets of those who stole the funds. This could be a tall order given that other crypto security specialists company Elliptical identified more than 40 wallets of exploiters involved. The biggest breach was apparently $42 million. Elliptical further reported that there are wallets associated with other past crypto heists that dug into Nomad’s exposed flank this week.
It’s not easy to connect a real person to their wallet, though. It is done using old school detective work. Other well-known hacking groups responsible for other multi-million dollar bridge thefts like the Lazarus Group affiliated with North Korea fled with much bigger heists, and are still at large. Crypto thieves have also been known to put their stolen funds into mixers to help conceal where they derive their assets from.
The Nomad hack was big, but that was just the eighth largest one this year, according to Elliptic. These hacks have proven to be a major drain on the crypto industry which is still facing turmoil from a major coin price drop. A separate Solana network hack drained more than $5.2 million from individual wallets earlier this week.