Several stablecoins, including USDT, USDC, and Frax, were withdrawn from the bridge during the hack; some of the withdrawals were made by white hat hackers who subsequently offered to return the stolen assets.
Earlier, the Nomad team had requested that white hat hackers return the funds to a designated address.
“Nomad Bridge Funds Recovery Process
Dear white hat hackers and ethical researcher friends who have been safeguarding ETH/ERC-20 tokens,
Please send the funds to the following wallet address on Ethereum: 0x94A84433101A10aEda762968f6995c574D1bF154“
As of today, more than $36 million has been returned to Nomad Bridge’s official fund recovery address.
Etherscan transactions show that the recovery wallet now has cryptocurrency holdings worth $36.4 million.
The wallet, identified by Etherscan as the “official Nomad money recovery address,” has received WBTC 196 ($4.7 million), ETH 2,179.5 (equal to about $3.9 million), DAI 3.7 million, USDT 5 million, and USDC 9.77 million, as well as various sums of other ERC-20 tokens.
The Nomad team shared the fund recovery wallet on August 3. The team, however, stated that anyone who returned at least 90% of the stolen funds would be considered a white-hat hacker, and Nomad wouldn’t take legal action against them. As a result, the return of purportedly stolen funds gained traction.
On Monday, the team announced the creation of the Nomad Official Communication Key, which will be used to send on-chain messages to outstanding wallet addresses in order to find more “white hat hackers” and recover more money.
A few months ago, Quantstamp analyzed and audited Nomad Protocol’s code, and the vulnerability that resulted in the hack was discovered. But the vulnerability was tagged as low risk in the report.
The Nomad team labelled the attack a “decentralized robbery” because anyone could participate by copying and pasting the original hack transaction.
This was due to a bug that caused the Replica smart contract to fail to properly authenticate messages.
“As a result, contracts relying on the Replica for authentication of inbound messages suffered security failures. This authentication failure resulted in fraudulent messages being passed to the Nomad Bridge Router contract,” the team stated.
The bridge had a total value locked (TVL) of $190 million prior to the exploit, but the money was drained within a few hours as a result of the hack. According to DeFi Llama, the project has a total value locked (TVL) of $95,963 as of Wednesday, August 10, 2022, 12:21 UTC.
“Take control of your crypto portfolio with MARKETS PRO, DeFi Planet’s suite of analytics tools.”