Nomad hack: Hackers return $9M after stealing over $190M

The recent exploit on Nomad had shaken the entire cryptocurrency when attackers stole more than $190 million worth of funds, becoming “one of the most chaotic hacks that Web3 has ever seen.”

The smart contract’s vulnerability in the Nomad case allowed for the exploit to happen. Many users were tempted to discover a transaction that worked, replacing the target address with their own, and rebroadcasting it as a result, even if they lacked any technical skills. Basically, this means copying and pasting the actions taken by the original hacker. The attack was described as “the first decentralized robbery” by anonymous Terra researcher FatMan due to its settings.

Messages popping up in public Discord servers of random people grabbing $3K-$20K from the Nomad bridge – all one had to do was copy the first hacker's transaction and change the address, then hit send through Etherscan. In true crypto fashion – the first decentralized robbery. https://t.co/jWV9AamBer

— FatMan (@FatManTerra) August 2, 2022

PeckShield, the renowned blockchain security company, has discovered the return of $9 million in various crypto assets to the cross-chain bridge. According to the company’s research, the USDC stablecoin received the most funds refunded, followed by the USDT and other altcoins.

Some were helping Nomad by draining funds

According to reports, some people who profited from the project were trying to help Nomad by keeping the cryptocurrency out of the wrong hands. The company then advised ethical researchers and white hat hackers to return the tokens.

Nearly 3.78 million USDC, 2 million USDT, 15.8 million CQT (around $1.38 million), $1.28 million FRAX (roughly $1.2 million), 100 ETH (roughly $164k), and 200 WETH (roughly $328k) were recovered, according to PeckShield. However, more than half of the stolen money is still at three major addresses.

#PeckShieldAlert PeckShield has detected ～$9m has returned into @nomadxyz_ Funds Recovery Address, including 100 $ETH (~$164k) from address with ENS name bitliq.eth, ~3.78m $USDC, ~2m $USDT, ~15.8m $CQT (~$1.38m), ~1.2m $FRAX (~$1.2m), 200 $WETH (~328k), ~150k $DAI and etc. pic.twitter.com/Bpyjt7jnek

— PeckShieldAlert (@PeckShieldAlert) August 3, 2022

Notably, the team is presently working with law enforcement and a blockchain intelligence agency TRM Labs, to track the stolen money and locate the recipient wallets.

Just a few days before the security issue, Nomad disclosed raising $22.4 million in a seed round from prominent business investors like Coinbase Ventures, OpenSea, CryptoCom Capital, Polygon, Gnosis, and Polygon. 

The DeFi sector is facing serious questions from the community after a recent streak of hacks in the past year. While the former Blockcstream executive questioned the centralized nature of DeFi projects in April, as TheCoinRise reported, blockchain security company CertiK also believes that DeFi is not “decentralized” enough since attackers commonly use centralized weak spots to drain millions of hard-earned funds.