Nomad Bridge Hackers Return $9M in USDT, USDC After $190M Exploit

Key Insights:

• Hackers returned $9 million to Nomad after attackers abused a “chaotic” security exploit to steal $190.38 million.
• Blockchain firm PeckShield reported that most recouped were stablecoins – USDT and USDC.
• The funds came back after Nomad requested white hat hackers and ethical researchers to return.

In what is called one of the most extensive hacks, the cross-chain messaging bridge Nomad fell victim to a security exploit on Monday. Hackers drained $190.38 million in digital assets, including Wrapped Bitcoin (WBTC) and the USD Coin stablecoin (USDC).

As a result, the token bridge said that investigations are going “round the clock,”  with law enforcement teams. In line with it, the firm Tweeted Wednesday that it is seeking “white hat hackers” and “ethical researchers” to return funds.

Nomad Bridge Funds Recovery Process

Dear white hat hackers and ethical researcher friends who have been safeguarding ETH/ERC-20 tokens,

Please send the funds to the following wallet address on Ethereum: 0x94A84433101A10aEda762968f6995c574D1bF154 pic.twitter.com/UF623JSZ8u

— Nomad (⤭⛓🏛) (@nomadxyz_) August 3, 2022

The tweet read that Nomad has partnered with crypto custodian Anchorage Digital, which will accept and safeguard the returned funds. The note read,

“If you are a white hat hacker/ethical security researcher who took ETH/ERC-20 tokens with the intention of returning them, we now have a process for you to do so.”

$9 Million Returned So Far

In recent data shared by blockchain security firm PeckShield, hackers have returned $9 million of the total lost funds. This accounts to around 5% of crypto assets stolen, after Nomad revealed the fund recovery address.

It's a very good start – so far $9m returned (~5% of total loss). https://t.co/PE8sa45aQc

— PeckShield Inc. (@peckshield) August 3, 2022

 

Per PeckShield’s stats, most of the funds sent back were stablecoins, notably $3.78 million USDC and $2 million USDT. This is followed by $1.38 million in Covalent (CQT) and $1.2 million in Frax (FRAX). Multiple crypto addresses sent the stolen funds.

Nomad Bridge allows users to send and receive tokens from Ethereum (ETH) blockchain to others such as Avalanche (AVAX), Evmos (EVMOS), and Moonbeam (GLMR).

Per news reports, the Nomad blamed “impersonators posing as Nomad and providing fraudulent addresses to collect funds.”

The exploit follows the theft of blockchain bridge Harmony, which lost around $100 million in an attack in June. Majority hackers target these token bridges, given their relative new coming and inevitable bugs.

According to Nikos Andrikogiannopoulos, CEO of Metrika, an operational intelligence source for blockchain, Cross-chain bridges are “complicated” and more frequent software updates of the bridge could introduce bugs and enable exploits. He told FX Empire,

“The high rate of innovation in the crypto world and the frequent software upgrades of the multi-chain world will inevitably introduce more vulnerabilities. We need to have real-time monitoring infrastructure in place to prevent and quickly react to exploits.”