88% of Nomad Bridge exploiters were ‘copycats’ — Report

Nearly 90% of the addresses that took part in Nomad Bridge’s $186 million hack last week were identified as “copycats” and made off with $88 million worth tokens on August 1, according to a new report.

An Aug. 10 Coinbase blog was written by Peter Kacherginsky (Coinbase’s principal threat intelligence researcher on blockchain) and Heidi Wilder (a senior associate of special investigations team). The pair confirmed what many suspected during the Aug. 1 bridge hack — that hundreds of “copycats”, once the initial hackers had figured out how they could extract funds, joined the party.

Source: Coinbase

Security researchers claim that the “copycat” exploit was a variant of the original exploit. It used a loophole within Nomad’s smart contracts, allowing users access to funds from bridges that weren’t theirs.

The code was then copied by the copycats, but the token amount, target token and recipient addresses were modified.

Although the hackers who were first to exploit the hacker technique were the most successful in terms of the total amount of funds they extracted, once it was made public to others, everyone became involved in the race to get as much money as possible.

Coinbase analysts noted that the Bridge’s wrapped Bitcoin (wBTC) was the first target, followed by USD Coins (USDC), and wrapped-ETH(wETH).

Source: Coinbase

It made sense that the original hackers would first extract the wBTC and USDC tokens, as they were found in the highest concentrations at the Nomad Bridge.

White-hat efforts

Surprisingly Nomad Bridge’s request to steal funds resulted in a 17% return (as at Aug. 9, with most tokens being USDC (30.2%), USDT (15.5%), or wBTC (14.0%).

Source: Coinbase

The fact that most of the money returned was in USDC and USDT indicates that white-hat “copycats” were responsible for the majority of the funds.

As of August 9, approximately 49% (or 49%) of the exploited money had been transferred from each recipient’s address to another.

Similar: Chainalysis: 2Billion in crypto stolen this year from cross-chain bridges: Chainalysis

Coinbase also pointed out that the first three addresses were funded from Tornado Cash, an Ethereum protocol that allows anonymous transactions. All USDC and ETH addresses that were linked to the protocol were sanctioned by the U.S Treasury on Monday.

After the hacks of Wormhole Bridge and Ronin Bridge, which cost $250 million each, and $540 million in March, the Nomad Bridge hack is now the fourth-largest DeFi hack. These cross-chain bridges have been accused being too centralized, making them an easy target for attackers.

2021's Most Anticipated Growth & Wealth-Building Opportunity

Join Thousands of Early Adopters Just Like You Who Want to Grow Capital and Truly Understand Cryptocurrency Together

Jason Basler

Jason Basler– Financial Updates My Name is Jason Basler and I am also the main source from the ‘Topnewsscoop.com’ of all the exclusive and most delicate visualization of the activities in the business sector. My first step towards this journey was taken in the very early years of my life. I started with an independent financial consultant. However, I only had almost 4 years of skills and experience in this market. I have always been a free personality and like to fly one place to another, to explore more and more. Moreover, this passion and craze of traveling gave me a chance to report a section for best news associations. Last but not least, I am presently working full-time as an editor. Address: 4830 Crim Lane Dayton, OH 45402, United States of America Phone Number:  +1 937 727 7917 Email: [email protected]

2021's Most Anticipated Growth & Wealth-Building Opportunity

Join Thousands of Early Adopters Just Like You Who Want to Grow Capital and Truly Understand Cryptocurrency Together

Close Bitnami banner