Nomad Offers 10 Percent Reward on $190 Million Cryptocurrency Hack

Comment

Cryptocurrency startup Nomad is offering 10 percent rewards to recover up to $190 million in digital currency that was seized in a massive hacking attack this week.

Nomad made the announcement on Twitter. mail, which included his crypto wallet address, and said that anyone who returns at least 90 percent of their share of the stolen funds will be considered a “white hat” — hackers who work with companies to investigate their networks, in some cases charging in exchange for identifying security flaws. He promised not to take legal action against these people, but also reiterated his determination to recover the stolen funds one way or another.

“Nomad continues to work with its community, law enforcement, and blockchain analytics companies to ensure all funds are returned,” the company wrote.

A Pair of Hacks Shakes Up an Already Nervous Crypto Industry

The theft occurred when a vulnerability in Nomad’s code allowed hackers to make off with nearly $190 million worth of tokens. More than $20 million had been recovered as of Friday morning, according to Etherscan, a blockchain analytics platform.

Nomad works as a blockchain bridge, allowing users to move assets from one blockchain to another, such as from bitcoin to ethereum. But that also makes them vulnerable to what security experts call “both sides,” weaknesses in either blockchain.

Blockchain analytics company Elliptic Connect said the Nomad breach was the seventh major incident involving a crypto bridge in 2022 and the eighth largest crypto theft of all time. Another crypto bridge, known as Ronin, suffered a $625 million theft earlier this year. In that case, hackers infiltrated the underlying blockchain that powers the popular video game Axie Infinity and made off with some 174,000 ethereum.

Robinhood Cuts 23 Percent of Its Workforce Amid Crypto Crash

“Bridges have long been known to be attractive to hackers,” Elliptic Connect wrote in an unsigned blog post. “They are usually highly liquid, as users who want to convert funds via blockchains often lock their assets within their contracts. They also operate on blockchains that are relatively less secure.”

Nomad’s attack became known as a “round robin” because the hacker’s original code allowed anyone to copy it, opening the floodgates for anyone to join the fray and withdraw funds. Elliptic Connect said it identified more than 40 “exploiters,” including a hacker who amassed just under $42 million by automating the withdrawal process.

By effectively paying hackers, Nomad is employing a strategy that tech companies have long relied on to assess and improve their networks.

Microsoft, for example, proclaims “let the hunt begin!” on its own bug bounty page, which offers up to $60,000 for vulnerability reports on the company’s Azure cloud platform, or $20,000 for vulnerability reports on the Xbox Live online gaming platform. Comparable appraisals for Hyper-V, a code virtualization program, can run as high as $250,000. In 2016, the Department of Defense launched its own bug bounty program called “Hack the Pentagon.”

Senate proposal would give CFTC responsibility for policing bitcoin, ethereum

Nomad is also not the first crypto company to directly engage with hackers.

Last August, a crypto platform called Poly Network was the target of a major attack in which someone stole more than $600 million worth of tokens, according to CNBC. The thief had taken advantage of a vulnerability in the company’s network code that allowed users to transfer funds to their own accounts.

But in an unusual twist, the hacker opened up a dialogue with Poly Network staff and eventually returned the funds, CNBC reported. According to press reports, the company issued a statement calling the hacker “Mr. White Hat”, offering a $500,000 reward and extending an invitation to become the platform’s “senior security advisor”.

Cryptocurrencies in general have suffered sharp declines in value throughout 2022 as bitcoin, ethereum, and other digital currencies have sold off along with the broader stock market. As of Friday morning, Bitcoin stood at roughly $23,000, an increase of around 14 percent in the last month. That compares to more than $66,000 in November 2021.

Leave a Comment