Cryptocurrency Startup Nomad Offers 10% Reward After $190M Hack

More than $2 billion has been stolen from internet bridges this year, according to analytics firm Chainalysis.

Jakub Pozhitsky | Nurphoto via Getty Images

Cryptocurrency company Nomad has said it is offering hackers a reward of up to 10% for recovering user funds after losing nearly $200 million. in a devastating security vulnerability.

Nomad begged the thieves to return any funds to his crypto wallet. In a statement late Thursday night, the company said it has so far recovered more than $20 million in haul.

“The reward is for those who respond now and for those who have already returned the funds,” Nomad said.

Nomad has stated that it will not take legal action against hackers who will return 90% of the assets they have taken, as it will consider these people to be white hat hackers. White hats are like “ethical hackers” in the cybersecurity world. They partner with organizations to alert them to problems in their software.

This comes after a vulnerability in Nomad’s code allowed hackers to steal about $190 million worth of tokens. Users could enter any value into the system and then withdraw funds, even if there were not enough assets on the deposit.

The nature of the bug meant that users didn’t need any programming skills to use it. Once the others realized what was going on, they got together and carried out the same attack.

Nomad said it is working with analytics firm TRM Labs and law enforcement to trace the stolen funds and identify those responsible for the attack. It also works with Anchorage Digital, a licensed U.S. crypto custody bank, to hold any refunds.

The weakest link

Nomad is what is called a crypto bridge, a tool that links different blockchain networks together. Bridges are an easy way for users to transfer tokens from one blockchain to another – say, from ethereum to solana.

What happens is that users deposit multiple tokens and then the bridge generates the equivalent amount in a “wrapped” form at the other end. Wrapped tokens are a claim to the original, which users can trade on platforms other than the one they were created on.

Given the sheer number of assets locked inside bridges, as well as the bugs that make them vulnerable to attacks, they are known to be an attractive target for hackers.

“These bridges are currently accumulating a lot of money,” Adrian Hetman, CTO of crypto security firm Immunefi, told CNBC.

“When there is a lot of money in certain places, hackers tend to find vulnerabilities there and steal that money.”

The attack of the nomads was 8th largest cryptocurrency hack or all the time, according to analytics firm Elliptic. More than 40 hackers were involved, Elliptic said, with one of them making just under $42 million.

According to cryptographic security firm Chainalysis, the exploit has pushed the total amount stolen from bridges this year to over $2 billion. Of the 13 separate hacks, the largest was the attack on Ronin, a $615 million network linked to the controversial crypto game Axie Infinity.

In with separate hack On Tuesday, about $5.2 million in digital coins was stolen from nearly 8,000 wallets connected to the solana blockchain.