Nomad Recovers $11M of $190M Stolen in Frenzied Attack3 Crypto Wallets Hold $95M of Stolen Funds; $6M Laundered on Tornado Cash
A hacking frenzy that nabbed about $190 million worth of cryptocurrency from exchange platform Nomad wasn't completely malevolent now that unnamed individuals have returned a total of $11.4 million, shows data from blockchain security firm PeckShield.
The funds returned include 147 ETH and 200 WETH, it tells Information Security Media Group.
Attackers converged on the cross-chain exchange earlier this week after spotting a flaw in Nomad's smart contracts that made it easy to spoof transactions by failing to verify the amount of digital assets being exchanged (see: Crypto Bridge Nomad Loses $190M in Free-For-All Attack).
A Nomad spokesperson told ISMG on Tuesday that some white hat hackers "reacted quickly to withdraw and safeguard the funds."
Hours ago, the company appealed to "white hat hackers and ethical researcher friends who have been safeguarding ETH/ERC-20 tokens" to return the funds drained during the exploit to an Ethereum wallet address. The company warns against fraudsters taking advantage of the process, clarifying that 0x94A84433101A10aEda762968f6995c574D1bF154 is the only address specified for recovery.
Nomad says it has partnered with Anchorage Digital, a nationally regulated custodian bank, to "accept and safeguard ETH and ERC-20 tokens" in the recovery address. It has partnered with cryptocurrency investigation firm TRM Labs and law enforcement authorities to conduct the probe, it adds.
Three cryptocurrency wallets hold a majority of the stolen funds, PeckShield tells ISMG. "About $95 million sit in these three addresses. About $6 million has been laundered via Tornado Cash," it adds.
The company had not resumed its bridging operations at the time of writing this story. It also did not respond to ISMG's request for comments. Cross-chain bridges perform a vital cryptocurrency service by allowing users to exchange digital assets, such as crypto tokens, between multiple, otherwise siloed blockchains.
The company advertises itself as a "security-first cross-chain messaging protocol" and raised $22 million on a $225 million valuation earlier this year. Only days ago, it revealed its investors include Coinbase and OpenSea.
The total number of victims is "quite hard" to determine, PeckShield told ISMG at the time. Among them appear to be Cardano's decentralized oracle Charli3; Evmos, an interconnected community of blockchains; and blockchain data aggregator Covalent.
One of the thieves, who stolen $3 million, appears to be the exploiter behind the Rari Capital attack (see: A $10 Million 'Bounty' for an $80 Million DeFi Attack).