One of the wallets involved in the Nomad bridge attack moved $7.5 million worth of cryptos to an unknown wallet address, blockchain security company Pecksheild Alert has said.
The attackers transferred 103 WBTC, 1,100 ETH, and 3.45 million DAI to an unknown wallet address.
Nomad’s Funds
A few weeks before the hack in April, Coinbase Ventures, OpenSea, Crypto.com Capital, and Polygon participated in a $22.4-million funding round to boost a “security-first cross-chain messaging solution".
On August 5, Nomad launched a reward programme allowing hackers to keep 10 per cent of the stolen assets and return the rest. Nomad said hackers can keep 10 per cent of the assets and return the rest 90 per cent and they would be labelled as "white hat" and not face any legal consequence.
Since the programme’s launch, white hat hackers returned around $36.5 million worth of cryptos to Nomad’s recovery fund wallet, according to blockchain analytics firm Etherscan. Etherscan’s tracker shows that the fund is up 3.10 per cent to $36.4 million in the last 24 hours to 2:30 pm on Thursday.
Nomad is also working with blockchain intelligence company, TRM labs, to track the black hats and recover the stolen funds. NFT company Metagame has also declared to mint an exclusive wizard’s white hat NFT if they return 90 per cent of the stolen funds.
Nomad Bridge Attack
On August 2, hackers stole around $190 million worth of cryptos in the Nomad Bridge attack. The bridge’s function is to make transactions between different blockchains by creating a wrapped version of a coin and binding the coin in a smart contract on another blockchain. For example, wrapped Bitcoin (WBT) that represents Bitcoin on the Ethereum blockchain; theoretically, one BTC is equal to one WBTC.
Nomad Bridge had a vulnerability in its code, due to which, the amount of WBTC token coming out of the bridge was far greater than the amount of BTC entering the bridge. The hacker exploited this vulnerability and drained ERC-20 tokens worth $190 million from Nomad Bridge. It is believed that when the word about the vulnerability spread, many people joined the party in looting Nomad's wallet.
According to an analysis conducted by Coinbase's principal blockchain threat intelligence researcher Peter Kacherginsky and Heidi Wilder, a senior associate of the special investigations team, this month, hundreds of copycats joined the loot by copying the same code used in the hack but changing the target token, token amount, and recipient addresses.
Lazarus Group
According to the US Treasury Department, the North Korean Hacker group, Lazarus, is behind the hack. The agency has sanctioned the specific ETH wallet addresses connected to the crypto mixer Tornado Cash, which was used by hackers to launder $7.8 million of cryptos.
In a tweet, Nomad said that some funds may be with "white hat" hackers who withdrew the coins to protect themselves when the "black hat" heist was underway.
NFT Bounty
The NFT currently serves only as a trophy, and the first 50 people who return the stolen assets under this reward programme will additionally earn 100 FF tokens, worth around $53, from the Web3 platform Forefront.