US-based cryptocurrency firm Nomad has confirmed that US$190m worth of cryptocurrency has been stolen via a hack of the Nomad token bridge.
The theft was confirmed in a tweet by Nomad on 1 August. In a tweet on 2 August, Nomad said it was “working around the clock to address the situation” and has “notified law enforcement and retained leading firms for blockchain intelligence and forensics”. It added its goal was to “identify the accounts involved and to trace and recover the funds”.
Nomad went on to say in a further tweet: “Thank you to our many white hat friends who acted proactively and are safeguarding funds. Please continue to hold them until we provide further instructions on this thread.”
The company then announced via Twitter on 4 August that it was offering a 10 percent bounty to the Nomad bridge hackers. The company said: “Nomad will consider any party who returns at least 90 percent of the total funds they hacked to be a white hat”. The company followed this by saying that it will “not pursue legal action against white hats”.
Update: Nomad Bridge Hack Bounty
(see below for details)
Please send the funds to the official Nomad recovery wallet address on Ethereum: 0x94A84433101A10aEda762968f6995c574D1bF154 https://t.co/8gO1xVl5IC pic.twitter.com/8D7SvbDQlO
— Nomad (⤭⛓🏛) (@nomadxyz_) August 4, 2022
Blockchain bridges allow users to transfer cryptocurrency between different blockchains, depositing the assets as ‘wrapped’ tokens across the bridge. By wrapping the token, this allows it to function on the blockchain it is being transferred to. Unfortunately, this makes bridges more susceptible to attacks as they have vulnerabilities on each end.