‘Ethical’ Hacker Returns $9 Million of the $190 Million Nomad Exploit
After cryptocurrency bridge Nomad was exploited by hackers to the tune of US$190 million earlier this week, those responsible have sent back US$9 million.
Since then, a recovery wallet has been set up for the safe return of any other funds they may wish to reimburse:
An Attack of Ethics, or Hackers’ Remorse?
Blockchain security and data analytics company PeckShield detected the initial return of stolen funds to Nomad, primarily in the form of USDC alongside USDT and other altcoins.
Then, on August 3, Nomad posted a tweet requesting the return of the remainder of the funds:
Nomad is a protocol that allows users to transfer tokens from Ethereum to other chains. The August 1 exploit appeared to be the outcome of a flaw in its smart contract. This means a multitude of users, with no technical knowledge, were able to find a transaction that worked, modify the target address with their own, and rebroadcast it.
Some of the users who raked in the stolen funds were, in fact, trying to assist the project by preventing the crypto from falling into the wrong hands. Nomad is appealing to these “ethical researchers” and “white hat hackers”, and has provided a crypto custodian (Anchorage Digital) to handle and safeguard the returned assets.
The Kindness of (Some) Hackers
In February this year, one white hat hacker chose a mere US$2 million bug bounty over the option of “printing unlimited ETH”. The hacker reportedly decided to warn the Optimism team of an issue rather than take the opportunity to print the ETH.
In June, another vigilante hacker was paid US$6 million for preventing a US$330 million hack. Two months earlier, the bug had been reported to Aurora via ImmuneFi, a leading Web3 bug bounty platform. All that is known about this hacker is their Ethereum domain name: pwning.eth.