Nomad Offers 10% Bounty To Hackers Who Stole $190 million

The San Francisco-based cryptocurrency service provider Nomad Bridge suffered a crypto hack, draining almost USD 200 million worth of digital funds. Soon after the attack, the company responded to the situation by offering a 10% bounty to hackers in exchange for returning the stolen funds.

On August 5, 2022, the company Tweeted about the whole situation. It offered a negotiation to the cyber criminals through Twitter, stating,

“Nomad is announcing an up to 10% bounty to Nomad Bridge hackers where Nomad will consider any party who returns at least 90% of the total funds they hacked to be a white hat. Nomad will not pursue legal action against white hats”.

Nomad’s recovery process for Bridge funds’ crypto hack

The company also shared its concerns over the stolen money and listed a wallet address “0x6fb89b812c757b87e4dcc638d284e8735c9229bd” for the recovering funds. It asked the hackers to transfer up to 90% of the stolen money in Ethereum in exchange for not taking legal action against them.

Update: Nomad Bridge Hack Bounty

(see below for details)

Please send the funds to the official Nomad recovery wallet address on Ethereum: 0x94A84433101A10aEda762968f6995c574D1bF154 https://t.co/8gO1xVl5IC pic.twitter.com/8D7SvbDQlO

— Nomad (⤭⛓🏛) (@nomadxyz_) August 4, 2022

However, only a small percentage of the stolen money has been returned. Paladin Blockchain Security and Rugdoc have returned digital assets worth USD 1 million, while five white hats — “darkfi-eth,” “anime.eth,” and “returner-of-beans.eth” has returned another USD 11.2 million, combining for a total of USD 16.6 million in returned assets.

In contrast, the other hackers who stole larger funds from Nomad Bridge have not yet contacted the company and bolstering the security systems seems to be the only thing it can do right now. Nomad claimed that only Ethereum-based assets were stolen, and holdings from chains such as GLMR and EVMOS were unaffected.

Nomad and White hat hackers are analyzing the breach

1/ We are inspired by those of you who have analyzed the hack and want to empower you to continue your analysis.

A compilation of data to aid the community's investigation into the Nomad Bridge Hack are here: https://t.co/Z4Zn2eebCz

— Nomad (⤭⛓🏛) (@nomadxyz_) August 9, 2022

After the breach, several white hat hackers are looking into the issue, and Nomad Bridge is working towards compiling a database of the crypto hack that was initiated on August 1, 2022. Data from the crypto hack has been made available in a repository on the company’s official Github account to aid data analysts and white hat hackers in identifying the offenders. The GitHub page claims, “Nomad and community members alike can leverage this repo to perform data analysis.”

How did Nomad lose nearly USD 200 million within hours?

7/ We’ve confirmed that the vulnerability was not exploited on any chain except for Ethereum.

We have also confirmed that only Ethereum-based assets were involved in the hack. Assets from other chains such as GLMR and EVMOS were not affected.

— Nomad (⤭⛓🏛) (@nomadxyz_) August 9, 2022

On August 1, 2022, Nomad Bridge became a victim of a hacking attack when malicious actors breached the system draining nearly $200 million of their funds. The hackers copy-pasted the transactions during a routing upgrade by the company. They created an opening for the bridge that hackers took advantage of and drained all the Ethereum-based assets.

However, soon after that crypto hack was discovered, the company released the notification for the hack. Nomad recommended that users hold on to the funds until they provide further information through Twitter.