After a $190 million attack, the Nomad token bridge gave out an Ethereum wallet address for the return of cash last week. Whitehat hackers used that address to get back about $32.6 million. The majority of the funds were held in the stable cryptocurrency USD Coin (USDC).
Paul Hoffman of BestBrokers found that the Nomad protocol was vulnerable in a recent examination by Quantstamp on June 6; the audit concluded that the risk was “low.” As soon as the vulnerability was identified, the general public joined the attack by redoing the first hack transaction, creating what has been described as a “decentralized theft.” The cryptocurrency exchange Nomad had more than $190 million stolen from it in less than three hours.
Just four months prior to the attack, in April, the initiative had raised $22.4 million in a seed round. Hoffman said that the attack used a badly initialized Merkle root, which is used in cryptocurrencies to make sure that data blocks sent over a peer-to-peer network are complete and haven’t been changed. Because of a bug in the code, any valid transaction message would automatically be confirmed.
However, not everyone involved in the theft was making the most of the situation. A group of white-hat hackers withdrew money for their own safe return almost immediately after the hack began by using a transaction hash that they had copied from the initial hacker. On the flip side, one hacker allegedly utilized their Ethereum Domain Name to launder the stolen cash, opening the door to cross-verification with Know-Your-Customer data also using the domain.