WhiteHat Hackers Returns $32.6M Worth of Crypto After Nomad’s Plea

Following Nomad’s reward-backed plea for a refund of its stolen cryptocurrencies worth more than $190 million, ethical hackers popularly known as whitehat hackers have returned $32.6 million in cryptocurrencies. 

In a breakdown, the larger part of the returned digital assets are stablecoins consisting of like USD Coin (USDC), Tether (USDT), and Frax. Additionally, there were altcoins in the array of crypto returned. 

The Nomad Heist was perpetrated on the 2nd of August with several wallet addresses draining almost all the funds that belong to the network. 

The bridge was believed to be exploited by whitehat hackers and other criminal groups. Unlike many other crypto heists which had complicated technical procedures, the Nomad Heist was carried out with a simple ‘copy and paste’ instruction. 

Specifically, no extensive technical know-how on programming was required. The perpetrators were able to replicate transactions, initiating small amount deposits and large withdrawals simultaneously. 

They received approvals by default owing to an error that had occurred during a routine system upgrade. From the details of the heist, there is also the possibility of cross-verification with know-your-customer (KYC) information utilizing the Nomad domain.

Based on research published by Paul Hoffman of BestBrokers, 

“The attack took advantage of a wrongly initialized Merkle root, which is used in cryptocurrencies to ensure that data blocks sent through a peer-to-peer network are whole and unaltered. A programming error effectively auto-proved any transaction message to be valid.”

Whitehat Hackers Comes to the Rescue of Nomad Blockchain

Most of the time whitehat hackers join such looting activities to preserve any platform’s funds from the real thieves. This time around the case was not different.

Many whitehat hackers promised to return the funds and this led to Nomad’s promise of 10% of the siphoned to any entity that returns 90% of the funds. Immediately after, Nomad posted an Ethereum (ETH) wallet address on its Twitter page asking the ethical hackers to send in the funds. 

Straightaway, the whitehat hackers started sending in the funds, the first received batch was worth about $9 million and 4.75% of the siphoned fund. 

PeckShield, a blockchain security firm reported the inflow of the funds. At the time of this writing, $32.6 million, a little over 17.1% of the stolen fund has also been returned by whitehat hackers to the Nomad ETH wallet.