Table of contents
After a major security breach that allows hackers Steal $ 190 million On the Kochevy bridge, some white hats returned the stolen funds to protect them from intruders.
memory of the situation
Last Tuesday, 02 August, e breach of security was discovered to allow attackers to withdraw more cryptocurrencies from Nomad Bridge than usual through various manipulations and transactions. More than $ 190 million disappeared in just a few hours. However, some of these “thefts” were also committed by “white hats”.
There are several categories of hackers in the computer world. Those who attack security systems to improve them to protect users: white hats and those who use them for personal purposes: black hats.
White hats are generally cybersecurity experts who work for companies to ensure that all of these systems are safe and more secure. There are also gray hats that travel between the two borders.
As a result, after the Nomad bridge hacking, some of the stolen funds were returned as it was actually the white hats that took them to prevent the black hats from being stolen. So it is $ 16 million returned As of this writing, according to the Nomad Team’s official twitter.
Thank you very much – 🍉🍉🍉.eth ($ 4 million) -0xE3F40743cc18fd45D475fAe149ce3ECC40aF68c3 ($ 3.4 million) -darkfi.eth ($ 1.9 million) -returner-of-beans.eth ($ 1 million) -anime.eth ($ 900,000) for just $ 11.2 million back to our recovery address!
To date, we have recovered a total of $ 16.6 million.
– Nomad (⤭⛓🏛) (@nomadxyz_) August 4, 2022
This is not the first time a hack like this has occurred. The bridges are technology that has become indispensable in the cryptocurrency space, allowing the transfer of one token to another. Simply put, a bridge allows multiple blockchains to interact to facilitate the exchange between specific tokens.
There are more and more hacks going on with these bridges which are useful but relatively difficult to defend. We remember them in particular Ronin Hack Bridge which cost over $ 625 million last March in Axie Infinity, the hit 2021 Play to Earn game.
For example, Nomad Bridge allows you to transfer Avalanche, Ethereum, Evmos, Milkomeda C1 and Moonbeam tokens. Following this hack, the Moonbeam smart contract platform hired a maintenance team to investigate the event, resulting in the disruption of some of its services.
Unlike many attacks that usually benefit from a single address, this time around, this is not the case. hundreds who were able to use this vulnerability to withdraw funds from Nomad Bridge.
Only 8% of losses are returned
Some white hats have taken advantage of the vulnerability to withdraw funds and prevent them from falling into the wrong hands. On the other hand, it turns out that at the moment only about $ 16 million has been returned to Nomad, that is. almost 10% all losses.
This was announced by the Nomad project team on Twitter. official address only it is possible to return the money to anyone who has had the opportunity to take advantage of the vulnerability.
Recovery process of the nomadic bridge
Dear white hat hackers and friends of ethical researchers protecting ETH / ERC-20 tokens,
Send funds to the following Ethereum wallet address: 0x94A84433101A10aEda762968f6995c574D1bF154 pic.twitter.com/UF623JSZ8u
– Nomad (⤭⛓🏛) (@nomadxyz_) August 3, 2022
Security audit that reveals a vulnerability?
Furthermore, the Nomad developers refute the information they were aware of about such a bug and the possible chances of it occurring. Although a recent security audit was conducted, it did not cover the hack that resulted in a loss of $ 190 million.
A story that makes a lot of noise in the community to find out if Nomad is telling the truth or if he acted carelessly, mainly due to the fact that their code was vulnerable, but they did nothing to fix it.
For its part, the company announced that it would work with authorities, as well as various specialist companies such as TRM Labs, to locate stolen funds, as well as Anchorage Digital to protect and preserve found funds. The bridge is obviously not accessible until further notice.
After this incident, another bridge was breached and restored with huge losses. It remains to be seen when the Nomad Bridge will be operational again as it took 3 months in the case of the Ronin Bridge.