A wallet linked to the Nomad Bridge Exploit has transferred $7.5 million worth of crypto to an unknown wallet. The transfer comes amid Nomad’s efforts to incentivize the hackers to return the stolen funds.
Nomad Exploiter Transfers $7.5M to Unknown Wallet
On Wednesday, one of the wallets involved in the Nomad bridge exploit transferred a substantial amount of assets to a wallet other than the official Nomad recovery wallet.
The exploiter transferred about $7.5 million worth of crypto to an unknown wallet address amid an ongoing Nomad’s bounty program that encouraged the hackers to return the assets.
On August 1, just a few days after Nomad announced the completion of a $22 million seed round with investors including Coinbase Ventures, Polygon, OpenSea, and others, the Nomad token bridge was hacked, resulting in the theft of $200 million in cryptocurrency.
Although not the largest hack in terms of assets stolen, this attack drew significant attention due to the extraordinary number of hackers involved – “300 unique addresses participated in the exploit,” the firm said in an official statement, with some hackers impersonating the firm’s staff.
According to samczsun, a research analyst at Paradigm, the cause of the attack is believed to be an update to the protocol’s smart contracts.
10% Bounty Offer for Whitehats
The platform put up a 10% bounty program a few days after the exploit to incentivize the hackers to restore the stolen funds. According to the program description, anyone who returns 90% of the assets they hacked while keeping 10% will be considered a “white hat” and will not face legal consequences.
On August 17, Nomad updated its users on the progress made toward fund recovery, including engaging with “white hats” through the bounty program and exploring options to restore the Nomad bridge.
On August 23, Nomad and Metagame introduced the Nomad Whitehat proprietary NFT to further incentivize hackers to return the stolen funds.
The exclusive NFT, which basically depicts a white wizard’s hat, is being offered by NFT firm Metagame and can be minted by the hackers who return at least 90% of their stolen assets to Nomad. The nonfungible token serves no use other than to serve as a trophy to reflect an act of good faith from the white hats. Consequently, this move has been ridiculed by the community.
The company also stated that it is teaming with TRM Labs, an intelligence platform dedicated to combating cryptocurrency fraud and financial crime, to “trace black hats” and recover funds.
The cybercriminals apparently haven’t turned a deaf ear to Nomad and Metagame’s earnest appeals. According to Etherscan, around 20% of the stolen funds have been returned to Nomad. That’s more than $36.4 million, with the majority of it coming from the recovery wallet Nomad had put up for hackers looking to make amends.
Bad Actors Target Crypto Bridges
Bridge attacks have been increasingly common in recent months as crypto users have shown a stronger desire to transfer assets between blockchains.
In April’s Ronin bridge attack, the largest decentralized finance (DeFi) attack in history, over $600 million worth of cryptocurrencies were taken from the bridge supporting the blockchain-based game Axie Infinity.
A few months prior, over $300 million was drained off the Wormhole bridge, causing significant harm to the Solana blockchain community and the wider decentralized finance ecosystem.
However, not all hackers are able to earn millions from their exploit attempts. Some of them ultimately lose money from their own wallets. Recently, a hacker that attempted to exploit the Rainbow Bridge failed miserably and ended up losing 5 ETH, which is worth around $8,000.