Following a significant security breech that allowed hackers to steal $190 million from the Nomad Bridge, some white hats gave back the money they had taken in order to shield it from nefarious people.
A reminder of the circumstances
On Tuesday, August 2, a security hole was found that gave hackers the power to manipulate and conduct more transactions and manipulations than they ought to be able to withdraw from the Nomad Bridge. Thus, more than 190 million dollars have vanished in a few of hours. However, some of these “thefts” were also committed by white hats.
There are different types of hackers in the realm of computers. The white hats and black hats are people who attack security systems with the intention of making them better and protecting users, respectively.
The white hats are often computer security professionals that work for businesses to make sure that all of these systems are secured and safeguarded. The gray caps, who surf between the two borders, are another group.
As a result, after the Nomad Bridge hack, part of the stolen money was reimbursed because it was actually white hats that took it to prevent black hat theft. As of the time of this writing, the official Team Nomad twitter account reports that $16 million has been refunded.
Thank you to
— Nomad (⤭⛓🏛) (@nomadxyz_) August 4, 2022
- 🍉🍉🍉.eth ($4m)
- 0xE3F40743cc18fd45D475fAe149ce3ECC40aF68c3 ($3.4m)
- darkfi.eth ($1.9m)
- returner-of-beans.eth ($1m)
- anime.eth ($900k)
for returning a total of $11.2m to our recovery address!
We’ve recovered a total of $16.6m so far.
Recurring hacks
This is not the first time that a hack of this nature has occurred. In the world of cryptocurrency, bridges, a technology that enables the transfer of one token to another, have become vital. To put it more simply, a bridge enables communication across multiple blockchains in order to support token trades.
With these bridges, which are helpful but require a lot of protection to be put in place, hacks are occurring more frequently. We specifically recall the hack of the Ronin bridge at Axie Infinity, the infamous Play to Earn of 2021, which cost more than 625 million dollars in March.
For instance, Avalanche, Ethereum, Evmos, Milkomeda C1, and Moonbeam tokens can be transferred using the Nomad bridge. After this hack, the Moonbeam smart contract platform assigned maintenance to look into this incident, which caused some of its services to be interrupted.
Contrary to most attacks, which often benefit a single address, this one allowed hundreds of people to use the Nomad Bridge’s security hole to steal money.
Only 8% of losses were recovered.
White hats have had time to take advantage of the security flaw to remove money and keep it out of the wrong hands. On the other side, it turns out that Nomad has only received roughly 16 million dollars back as of right now, or slightly less than 10% of the overall losses.
The Nomad project’s team announced on Twitter the only official address that could be used to restore the money to anyone who had the chance to take advantage of the security flaw.
Nomad Bridge Funds Recovery Process
— Nomad (⤭⛓🏛) (@nomadxyz_) August 3, 2022
Dear white hat hackers and ethical researcher friends who have been safeguarding ETH/ERC-20 tokens,
Please send the funds to the following wallet address on Ethereum: 0x94A84433101A10aEda762968f6995c574D1bF154 pic.twitter.com/UF623JSZ8u
A security examination identifying the weakness?
Furthermore, the Nomad developers refute the claims that they were informed of this issue and its potential to exist. There had just been a security audit, but it was unrelated to the hack that cost the company 190 million dollars.
A narrative that stirs up a lot of discussion within the community to determine whether Nomad is telling the truth or whether there was any carelessness on their part, particularly given that their code was vulnerable yet they did nothing to fix it.
To its part, the business has disclosed that it is collaborating with law enforcement and a number of specialized firms, including TRM Labs, to find the stolen assets. It is also collaborating with Anchorage Digital to safeguard and preserve the funds discovered. Clearly unavailable till further notice, the bridge.
