- Nomad is considering a 10% bounty for hackers who return most of their stolen funds
- The largest return to date has been 100 ETH ($160,000)
Nomad created a recovery wallet address in a plea to the “white hat hackers and ethical researcher friends who have been safeguarding ETH/ERC-20 tokens” to return the lost digital assets.
The wallet was set up in association with custodian bank Anchorage Digital. Nomad has since taken to Twitter to thank some of its contributors.
Nomad’s hack resulted from an issue in the code itself, 1KX Research told Blockworks. Nomad developers had accidentally enabled a code setting which automatically verified any transaction script sent to the protocol, as long as they had a default “root” of “0x00.”
The result was a free-for-all involving onlookers rushing to submit illicit transactions, quickly draining the token bridge of all user funds kept inside its associated smart contract.
Nomad has acknowledged that some users wanted “more consistent communications” and apologized for not having “provided that up to this point.”
The firm announced via Twitter that hackers who return at least 90% of the total funds they hacked may be considered for a bounty of up to 10%.
This incident is the third-biggest cryptocurrency hack this year after the Solana-to-Ethereum Wormhole bridge and the Axie Infinity Ronin bridge exploits, which lost $325 million and $625 million, respectively, valued at the time of the exploits.
Get the day’s top crypto news and insights delivered to your inbox every evening. Subscribe to Blockworks’ free newsletter now.