The sheriff of the Nomad decentralized finance project has plastered the walls of the internet with wanted posters over a recent $190 million hack of the company’s systems. Nomad is attempting to play nice about the heist, and it’s asking the dozens of ne’er do wells to voluntarily hand in their share of the ill-gotten gains. If you do so, Nomad will let you keep 10% of your ill gotten gains, and company leaders promise they won’t sic the dogs on you.
On Monday, the Nomad token bridge experienced what was initially a $2.3 million hack, but reports from crypto security companies showed that the breach allowed users to skip the verification messages normally needed to access the platform. Users simply copy and pasted the original hacker’s transaction number and replaced it with their own, letting them in on the fun. A crypto bridge essentially links multiple blockchain networks together, and the biggest portion of the $190 million stolen was $84 million in USD, according to Wednesday reports.
Nomad said in a statement late Thursday that anybody who returns 90% of their funds stolen from the bridge will get to keep the remaining 10% and will be considered a “white hat hacker” for all intents and purposes of not pursuing any legal action. The company said that these supposed good actors can return their stolen ETH/ERC-20s to the Anchorage Digital wallet found here.
The company said that $20 million had already been returned thanks to a few of these “white hats” though a number of those may have been users walking back to the bridge with their heads held in shame for exploiting the security flaw. There are cases where hackers turn around and return their stolen crypto. The most famous case was a hacker going by “Mr. White Hat” who robbed the DeFi Poly Network of over $600 million, then turned around and gave it all back a few weeks later. The hacker said he was just trying to “contribute to the security of the Poly project.”
Though it becomes a much harder task when there are a multitude of hackers involved. Nomad CEO Pranay Mohan said in a statement that the company’s main goal was to restore bridged user funds, but it also wanted to “pursue all other malicious actors to the fullest extent under the law.”
Gizmodo reached out to Nomad asking if the company knew the total number of wallets who committed the hacks and the number of “white hats” who returned their crypto, but we did not immediately hear back Friday morning.
Nomad’s statement also said it was working with blockchain security company TRM Labs to try and identify the wallets of those who stole the funds. It might be a tall order, considering that fellow crypto security company Elliptic identified over 40 exploiters’ wallets involved. The biggest breach was apparently $42 million. Elliptic further reported there are wallets associated with other past crypto thefts who dug into Nomad’s exposed flank this week.
It’s not easy to connect a real-life person to their wallet, though it has been done using old-school detective work. Other renowned hacking groups responsible for other, multi-million dollar bridge heists like the North Korea-affiliated Lazarus Group have gotten away with much bigger heists, and are still on the loose. Crypto thieves are also known to put their stolen funds into mixers to help conceal where they got their assets from.
The Nomad hack was big, but it was only the eighth biggest one this year, according to Elliptic. These hacks have proved a major drain on the crypto industry that’s still dealing with the turmoil of a downturn in major coin prices. A separate hack of the Solana network drained over $5.2 million from individual wallets earlier this week.