White hat hackers have returned $32.6M worth of tokens to Nomad bridge

Please fol­low and like us:
Pin Share

Mere hours after the Nomad token bridge pub­lished an Ethereum wal­let address last week for the return of funds fol­low­ing a $190 mil­lion hack, white­hat hack­ers have since returned approx­i­mate­ly $32.6 mil­lion worth of funds. The vast major­i­ty of funds con­sist­ed of sta­ble­coins USD Coin (USDC), Teth­er (USDT) and Frax, along with altcoins. 

Accord­ing to research pub­lished by Paul Hoff­man of Best­Bro­kers, the vul­ner­a­bil­i­ty of the Nomad pro­to­col was high­light­ed in Nomad’s recent audit by Quantstamp on June 6 and was deemed “Low Risk.” As soon as the exploit was dis­cov­ered, mem­bers of the pub­lic joined the attack by copy-past­ing the ini­tial hack trans­ac­tion, which was akin to a “decen­tral­ized rob­bery.” More than $190 mil­lion worth of cryp­tocur­ren­cies were drained from Nomad in less than three hours.

The attack came just four months after the project raised $22.4 mil­lion in a seed round in April. As told by Hoff­man, the attack took advan­tage of a wrong­ly ini­tial­ized Merkle root, which is used in cryp­tocur­ren­cies to ensure that data blocks sent through a peer-to-peer net­work are whole and unal­tered. A pro­gram­ming error effec­tive­ly auto-proved any trans­ac­tion mes­sage to be valid.

Relat­ed: Nomad report­ed­ly ignored secu­ri­ty vul­ner­a­bil­i­ty that led to $190M exploit

Not all par­tic­i­pants of the heist were cap­i­tal­iz­ing on the oppor­tu­ni­ty, though. Almost imme­di­ate­ly after the hack began, white­hat hack­ers copied the same trans­ac­tion hash as the orig­i­nal hack­er to with­draw funds for their safe return. Con­verse­ly, one hack­er alleged­ly used their Ethereum Domain Name to laun­der the stolen funds, lead­ing to the pos­si­bil­i­ty of cross-ver­i­fi­ca­tion with Know-Your-Cus­tomer infor­ma­tion also uti­liz­ing the domain. 



Source link

Please fol­low and like us:
Pin Share

Leave a Reply

Your email address will not be published.