Nomad Offers 10% Bounty for $200M Loot From Bridge Hack

Photo Depicting Crypto Hacker

US-based cryptocurrency company Nomad on Thursday said it is offering a 10 percent bounty and the chance to avoid prosecution if hackers return at least 90 percent of the tokens stolen from the company in a massive breach earlier this week.

On Monday, Nomad lost nearly $200 million after a code error allowed hackers to spoof transactions and withdraw more assets than they have. This incident has been dubbed the eighth-largest crypto hack of all time.

Nomad said it will consider every hacker who takes up its offer to be a white hat and will not initiate legal action against them. The company provided its wallet address on Twitter for hackers to return their loot.

Nomad revealed that it has recovered over $20 million so far. The company is working with law enforcement and blockchain intelligence company TRM Labs to investigate the breach. It is also exploring other ways of recovering the stolen assets.

“The Nomad Bridge hack has an unprecedented amount of hackers with traceable information tied to their addresses. There will be consequences for these actors,” Nomad warned.

Nomad is a cryptocurrency “bridge.” The Nomad bridge functions somewhat like a bank—allowing users to transfer digital assets between different blockchains.

Eighth-Largest Crypto Hack of All Time

On Monday, Nomad confirmed the breach, saying it is aware of suspicious activity on the platform with impersonators “providing fraudulent addresses to collect funds.”

According to blockchain analytics company Elliptic, the “initial exploiter” leveraged the code error to bridge 0.1 Wrapped Bitcoin (WBTC) via the Moonbeam blockchain, raking in 100 WBTC ($2.3m) in Ethereum (ETH). Several other hackers followed suit—40 in total—using over 200 malicious smart contracts to automate a mega heist.

Bridges like Nomad accumulate enormous sums of money. As a result, they attract malicious threat actors like a honeypot attracts bees. It takes little time for malicious hackers to find a vulnerability and exploit it, especially if they work in teams.

Although Nomad has not confirmed the total amount lost, cryptocurrency analysis firm Peckshield told Reuters that $190 million worth of ETH and USDC stablecoin was stolen.

Other analytics firms put the total figure a little lower than that. Elliptic claims over $156 million was stolen—$12.5 in Wrapped BTC, $10m in Covalent (CQT), $4.5m in DAI, $3.7m in FRAX, $3.7m in Tether, and $854.1 worth of other coins.

A researcher with crypto investment firm Paradigm described the Nomad bridge hack as “one of the most chaotic hacks that Web3 has ever seen.”

“All you had to do was find a transaction that worked, find/replace the other person’s address with yours, and then re-broadcast it,” they tweeted.

‘We’re Aware of Impersonators Posing as Nomad’

Meanwhile, Nomad says it is being impersonated by “bad actors” who are trying to take advantage of people seeking to return stolen funds. The company has requested that its followers report any impersonator accounts they encounter.

Nomad assured users that it is working to get things back to normal. “Aside from recovering funds from hackers, we are exploring every option available to us to restore funds and restart the system,” the company said.

Hackers have crypto companies in the cross hairs. There have been many major crypto hacks this year, culminating in hundreds of millions of dollars in losses. On Tuesday, just a day after Nomad was breached, a vulnerability on the Slope Wallet allowed hackers to steal over $4 million from more than 9000 Solana users.

The crypto market is volatile, not just because of fluctuating prices but also due to security risks. We recommend perusing our detailed guide to bitcoin and cryptocurrency scams to understand the pernicious schemes that cybercriminals employ to target unsuspecting victims, and learn how you can protect your assets.

Tech researcher & communications specialist
Mirza has an education background in Global Communications, has worked in advertising, marketing, journalism and television over the years while living in several different countries. He is now working to consolidate news and outreach at VPNoverview.com, while in his free time he likes to work on documentary projects, read about sociology and write about world events.