Nomad Entices Thieves of $190M Hack With Offer to Keep 10%
'Give Us Back 90% and We'll Say You're a Good Guy,' Says Cryptocurrency BridgeNomad has a proposal for anyone who participated in the $190 million pillage of wallets connected to the cryptocurrency bridge: Keep 10% but give us back the rest - and we won't pursue legal action.
See Also: Securing Hybrid Infrastructures
Attackers converged on the cross-chain exchange earlier this week after spotting a flaw in Nomad's smart contracts that made it easy to spoof transactions. One observer described what ensued as a "frenzied free-for-all" (see: Crypto Bridge Nomad Loses $190M in Free-For-All Attack).
The funds, Nomad says, must be returned in ETH or ERC-20 tokens to this recovery wallet address: 0x94a84433101a10aeda762968f6995c574d1bf154. At the time of writing, multiple individuals had returned $21.7 million to the address, a significant increase from $11 million on Wednesday.
Asking hackers to return stolen digital assets is an increasingly common go-to for looted platforms and sometimes it even works.
A hacker dubbed "Mr. White Hat" in 2021 returned $600 million taken from decentralized finance platform Poly Network after the company offered a $500,000 bounty. The hacker spurned the offer, but Poly Network transferred it anyway. More recently, cross-chain Horizon Bridge offered $10 million for the return of a stolen $100 million, an offer that appears to have had less success, especially given that the hackers are suspected to come from cryptocurrency-hungry North Korea.
As part of its offer, Nomad says it will also identify any returner of funds as a benevolent hacker to any third parties who may be considering legal action. Nothing stops individuals from returning the full amount taken, it adds.
The "unprecedented" number of decentralized parties involved delayed the bounty announcement, the company says. "We wanted to make sure we put the bounty out in the right way, so we took some additional time to make sure we considered the complexities due to the nature of the hack," it says.
It also warns that bad actors are taking advantage of the fund recovery process to dupe hackers into returning the funds to the wrong wallet.
The company says, "Many bad actors are trying to take advantage of people in these challenging times," sharing a list of Twitter accounts that were presumably doing so. "Please be wary of impersonators and other scams," it says.