blockworks.co
Token bridge Nomad suffered a hack on Monday that resulted in a loss of $190 million in cryptocurrencies. So far, $19.4 million of those funds have been sent back to the protocol.
Nomad created a recovery wallet address in a plea to the “white hat hackers and ethical researcher friends who have been safeguarding ETH/ERC-20 tokens” to return the lost digital assets.
The wallet was set up in association with custodian bank Anchorage Digital. Nomad has since taken to Twitter to thank some of its contributors.
Thank you to
— Nomad (⤭⛓🏛) (@nomadxyz_) August 4, 2022
– 🍉🍉🍉.eth ($4m)
– 0xE3F40743cc18fd45D475fAe149ce3ECC40aF68c3 ($3.4m)
– darkfi.eth ($1.9m)
– returner-of-beans.eth ($1m)
– anime.eth ($900k)
for returning a total of $11.2m to our recovery address!
We’ve recovered a total of $16.6m so far.
Nomad’s hack resulted from an issue in the code itself, 1KX Research told Blockworks. Nomad developers had accidentally enabled a code setting which automatically verified any transaction script sent to the protocol, as long as they had a default “root” of “0x00.”
The result was a free-for-all involving onlookers rushing to submit illicit transactions, quickly draining the token bridge of all user funds kept inside its associated smart contract.
Nomad has acknowledged that some users wanted “more consistent communications” and apologized for not having “provided that up to this point.”
The firm announced via Twitter that hackers who return at least 90% of the total funds they hacked may be considered for a bounty of up to 10%.
This incident is the third-biggest cryptocurrency hack this year after the Solana-to-Ethereum Wormhole bridge and the Axie Infinity Ronin bridge exploits, which lost $325 million and $625 million, respectively, valued at the time of the exploits.