Whitehat hackers refund $9M to Nomad
White hat hackers have recovered nearly $9 million of the $190 million stolen from Nomad Bridge, Peckshield reveals.
#PeckShieldAlert PeckShield detected ~$9m back @nomadxyz_ Funds collection address containing 100 $ETH (~$164k) ~3.78m from address with ENS name bitliq.eth $USDC~2m $USDT~15.8m $CQT (~$1.38m), ~1.2m $FRAX (~$1.2 million), 200 $WETH (~328k), ~150k $DAI or. . Such. pic.twitter.com/Bpyjt7jnek
— PeckShieldAlert (@PeckShieldAlert) August 3, 2022
According to the blockchain security firm, the refund is about 4.8% of the total loss suffered by the bridge.
A breakdown of the returned funds showed that the majority of them were stablecoins. About $2 million in USDT, $3.8 million in USDC, $1.2 million in FRAX and $150,000 in DAI were returned.
Other tokens returned include SUSHI, WETH, and Ethereum (ETH).
The Nomad team was urging the white hat hackers to return the funds to a designated wallet.
Nomad Bridge Funding Process
Dear friends of white hat hackers and ethics researchers who have protected ETH/ERC-20 tokens,
Please send funds to the following Ethereum wallet address: 0x94A84433101A10aEda762968f6995c574D1bF154 pic.twitter.com/UF623JSZ8u
— Nomad (⤭⛓🏛) (@nomadxyz_) August 3, 2022
Nomad said in a statement that the company “worked with TRM Labs, a leading chain analytics/intelligence company and law enforcement agency, to track stolen funds, identify the recipient’s wallet, and expedite the return of the funds.” We are adjusting.”
The Crypto Bridge Protocol also revealed that it is working with custodian Anchorage Digital to “accept and protect” recovered funds.
Nomad refutes claims it was warned of attack
Nomad has disputed claims that Quantstamp’s audit warned him of a possible hack.
The team said the issues identified in the audit were unrelated to the hack.
4/ Contrary to the misinformation spread within the community, this issue was not disclosed as part of Quantstamp’s audit of the Nomad contract. The problem identified by Quantstamp was related to a completely different function, probe().
— Connections | ✖Chain composability 🧱 (@ConnextNetwork) August 3, 2022
There was increasing chatter within the crypto community that the Nomad team had been warned of security vulnerabilities in their code, but had done nothing about it.