Blockchain security firm identities 41 addresses involved in the $200M Nomad hack

  • Blockchain security firm revealed that more than 41 addresses were associated with the Nomad bridge exploit. 
  • Nomad has provided an address for whitehat attackers to send the funds they took. 

In another DeFi hack, crypto firm Nomad lost almost $200 million in a bridge exploit. The matter was revealed by security firm PeckShield, which said the bridge protocol used for transferring crypto tokens across different blockchains was drained in batches. The attack on Nomad is the latest bridge exploit this year.

A June report by forensics firm Elliptic revealed that hackers had gotten away with over $1 billion from bridges since the year started. Bridges are soft targets for attacks as they control huge amounts of assets. Also, their complexities make them prone to errors and vulnerable to exploitation. The Nomad drained funds, which lasted for hours, represents the 5th largest DeFi hack of all time.

Nomad said in a statement to address the situation that an investigation has started regarding the DeFi exploit. The company added that it had retained lead firms specializing in blockchain intelligence and forensics to handle the matter. The interoperability protocol aims to identify accounts involved in the attack, trace them and recover the stolen funds. 

According to PeckShield, over 41 addresses have been identified and linked to the Nomad hack. The blockchain security firm said these addresses grabbed more than $152 million in the exploit. The addresses include 7 MEV Bots, 7 Rari Capital Arbitrum exploiter, and 6 White Hat, representing 80 percent of the total hack. Furthermore, the security firm revealed that about 10 percent of the addresses with the ENS names got away with $6.1 million. On the other hand, MEV Bots took $6.1 million, and Rari Arbitrum went with $3.4 million. 

Attackers steal funds in batches in nearly $200M Nomad hack

Polygon’s chief information security officer (CISO), Mudit Gupta, said the attacker could have stolen all the funds in a single transaction instead of in batches. He explained that the front running happened for roughly an hour from whitehats and blackhats. According to the security expert, the attacker could have drained all funds in single traction if they had the right skills. 

Another blockchain security firm Zellic noted that understanding bugs is not just enough. The company said in a Twitter thread that the hack was a mess, and it is important to stop merging bugs. The team said the first transaction during the Nomad hack was $2.322 million worth of Wrapped Bitcoin (WBTC). 

Nomad has taken to Twitter to comment on the attack and discuss the recovery process. 

As we alluded to earlier, we are actively working with a leading chain analysis/intelligence firm, TRM Labs, and law enforcement to trace fund flows and identify recipient wallets to coordinate the return of funds. As the investigation continues, all involved are prepared to take necessary action in the coming days, so please keep in mind that timeliness of funds return is important.

The team also provided an address for whitehat hackers who took ETH/ERC- 20 tokens intending to return them.