More than $36 million of stolen money has been returned to Nomad Bridge_s fund recovery address

2022-08-22, 05:44

[//]:content-type-MARKDOWN-DONOT-DELETE
![](https://gimg2.gateimg.com/image/article/1688624260a.jpeg)
## [TL; DR]

During the hack, many stablecoins were stolen from the bridge, including USDT, USDC, and <a href="/uk/price/frax-frax" target="_blank" class="blog_inner_link">Frax</a>, and some of the transactions were done by white hat hackers who later pledged to refund the stolen funds.

As part of its continuous attempt to recover the $190 million lost in the bridge exploit, Nomad offered a 10% bounty for hackers who return assets.

Over USD 36 million had been refunded to Nomad Bridge's fund recovery address.

According to Nomad, a bug prevented the replica contract from correctly authenticating messages. As a result, contracts that depended on the replica for inbound message authentication had security vulnerabilities. The Nomad bridge router contract received fraudulent exchanges due to the authentication failure.

A few months ago, Quantstamp examined and audited Nomad protocol's code, and the hacking vulnerability was discovered. But the report classified the vulnerability as low risk.

[Nomad Bridge](http://https://app.nomad.xyz/ "Nomad Bridge"), a cross-chain protocol, had $190 million worth of assets stolen from it last week in what many dubbed "the first decentralized theft." Before the 'chaotic' exploit, the bridge had USD 190million in Total Value Locked (TVL); however, more than half of the money was lost in a few hours during the cross-chain attack.

In a comment, the Nomad team [described](http://https://medium.com/nomad-xyz-blog/nomad-bridge-hack-root-cause-analysis-875ad2e5aacd "described") the attack as a "decentralized robbery," claiming that a bug "allowed the Replica contract to fail to verify messages properly." As a result, anybody could join the attack by copying and pasting the first hack transaction.

During the breach, many stablecoins, [including](http://https://defi-planet.com/2022/08/more-than-36-million-returned-to-nomad-bridges-fund-recovery-address/ "including") USDT, USDC, and Frax, were removed off the bridge, after which the Nomad team [urged](http://https://twitter.com/nomadxyz_/status/1554679735006859264?t=S1zGtHOY8DeAtGEablE5PQ&s=19 "urged") white hat hackers to return the money to a designated address.

(paraphrased) "Dear white hat hackers and ethical researcher friends who have safeguarded ETH/ERC-20 tokens,

Kindly transfer the funds to the following wallet address on <a href="/uk/price/ethereum-eth" target="_blank" class="blog_inner_link">Ethereum</a>: 0x94A84433101A10aEda762968f6995c574D1bF154".
## Over $36 Million has been returned to Nomad’s recovery wallet.
[As of August 5](http://https://cryptonews.com/news/over-usd-36m-returned-nomad-bridges-fund-recovery-address.htm "As of August 5"), Peckshield reported that Whitehat hackers have handed back about $22 million of the[ stolen $190 million](http://https://cryptoslate.com/nomad-bridge-drained-of-190m-after-hundreds-of-addresses-copy-hackers-code/ " stolen $190 million") from Nomad Bridge. According to the blockchain security company, the acknowledged6 amount is estimated at 4.8% of the overall loss incurred by the bridge. Roughly 11.6% of the funds taken have been retrieved, while 50% have remained stable since the breach.

Meanwhile, the current ([at August 8](http://https://twitter.com/nomadxyz_/status/1556681397993058304?s=20&t=lQAZyDunyiuLiw66mj1gIw "at August 8"))Transaction records on Etherscan show that the recovery wallet has cryptos holding valued at $36.4 million. So far, [more than USD 36 million](http://https://cryptonews.com/news/over-usd-36m-returned-nomad-bridges-fund-recovery-address.htm "more than USD 36 million") has been refunded to the official fund recovery address provided by Nomad Bridge.
![](https://gimg2.gateimg.com/image/article/1688624646b.jpeg)
source: [Twitter](http://https://twitter.com/nomadxyz_/status/1556681397993058304?s=20&t=lQAZyDunyiuLiw66mj1gIw "Twitter")
## White-hat Hackers Were Offered 10% Bounty.
The official fund recovery wallet was [issued](http://https://twitter.com/nomadxyz_/status/1554679735006859264 "issued") by Nomad on August 3, and the team made it clear that anyone who returned at least 90% of the stolen funds would be regarded as a white-hat hacker. what it means is that Nomad wouldn't file criminal charges against them. However, the return of the stolen money purportedly gained traction after this announcement of a 10% bounty by the Nomad team. Most Whitehat hackers [responded](http://https://cryptoslate.com/nomad-bridge-offers-10-bounty-to-recover-stolen-funds-whitehat-hackers-have-returned-22m/ "responded") by returning $22 million as of August 5.

Currently, the wallet, "official Nomad funds recovery address," as referred to by Etherscan, has [gained](https://crypto-academy.org/36-million-back-to-nomad-bridge-recovery-account/:// "gained") ETH 2,179.5 ($3.9 million), USDC 9.77 million, USDT 5 million, WBTC 196 ($4.7 million), DAI 3.7 million, as well as varying amounts of other ERC-20 tokens. A review of the returned funds showed that the bulk of them were stablecoins. Other returned tokens include SUSHI, WETH, Ethereum, and others. [DeFi Llama](http:/https://defillama.com/protocol/nomad/ "DeFi Llama") reports that as of Wednesday, August 10, the project's total value locked (TVL) was $95,963.

On Monday, the team [announced](http://https://twitter.com/nomadxyz_/status/1556760803386175488 "announced") the creation of the Nomad Official Communication Key, which will be used to send on-chain messages to outstanding wallet addresses to find more "white hat hackers" and recover more money.
![](https://gimg2.gateimg.com/image/article/1688624796c.jpeg)
source: [Twitter](http://https://twitter.com/nomadxyz_/status/1556760803386175488?s=20&t=rjIPUDfkemNi7xI27-TwQg "Twitter")
## The Next Line of Action for Nomad

Nomad [stated](http://https://cryptoslate.com/nomad-bridge-offers-10-bounty-to-recover-stolen-funds-whitehat-hackers-have-returned-22m/ "stated") that it actively collaborates with law enforcement officials and blockchain firms to see that all customers' funds are recovered. Co-founder and CEO of Nomad, Pranay Mohan, also commented:

"The most vital thing in crypto is a community, and our number one goal is restoring bridged user funds."

Nomad gave a [warning](http://https://cryptoslate.com/nomad-bridge-offers-10-bounty-to-recover-stolen-funds-whitehat-hackers-have-returned-22m/ "warning") to hackers who will not take the peaceful route by emphasizing that it has involved the support of all relevant agencies like TRM Labs, a leading chain analysis/intelligence firm, and law enforcement to track down the stolen funds and prosecute those responsible accordingly. The crypto bridge protocol, Nomad, also [disclosed](http://https://cryptoslate.com/whitehat-hackers-refund-9m-to-nomad/ "disclosed") that it partnered with custodial firm Anchorage Digital to "accept and safeguard" the recovered funds.

In a [follow-up tweet](http://https://cryptonews.com/news/over-usd-36m-returned-nomad-bridges-fund-recovery-address.htm "follow-up tweet") on August 9, Nomad acknowledged certain addresses that helped to return $16.6 million to its recovery address.
![](https://gimg2.gateimg.com/image/article/1688625040d.jpeg)
source: [Twitter](http://https://twitter.com/nomadxyz_/status/1557064592303394818?s=20&t=x99pXm5SeOHZec6lnrr0yw "Twitter")

## Nomad Deny Claims of Being Forewarned about the Attack
According to growing rumors in the cryptocurrency industry, the Nomad team had allegedly received a warning about a security flaw in its code but did nothing about it. Nomad refused these claims that a Quantstamp's probe had forewarned it about the risk of the hack, and according to them, the identified issue in the analysis given had nothing to do with the hack.ConclusionIn some way, Nomad has established itself as a competent crypto bridge protocol owing to its prompt actions and push for recoveries. According to reports, they are shrewdly working behind the scenes to ensure that every stolen object is found and refunded to its rightful owners. However, it is still uncertain how possible it is to retrieve all lost assets, although they said, "Nomad is continuing to work with its community, law enforcement, and blockchain analysis firms to ensure all funds are returned."
<div class="blog-details-info">
<div>Author:** Mashell C.**, Gate.io Researcher
<div class="info-tips">\*This article represents only the views of the researcher and does not constitute any investment suggestions.
<div>\*Gate.io reserves all rights to this article. Reposting of the article will be permitted provided Gate.io is referenced. In all cases, legal action will be taken due to copyright infringement.
</div>

Поділіться