Nomad’s tweet on Thursday included an address to its recovery crypto wallet, and said that those who return at least 90% of the funds they siphoned would be considered a “white hat” - someone who cooperates with companies and hacks into their computer systems to test its safety systems and identify flaws. Nomad said these people would not be pursued legally.
However, the firm reiterated that if hackers do not cooperate, they will resort to other means, including law enforcement and other blockchain analysis firms, to make sure the funds are retrieved.
The start-up firm is what’s called a cross-chain crypto bridge, meaning it links different blockchain networks together and allows users to transfer cryptocurrency tokens from one blockchain to another.
However, this bridge model makes the operations vulnerable to attacks on both sides, according to Vitalik Buterin, the co-founder of Ethereum.
It posed a security hole in Nomad’s code, which was exploited by hackers last week, whose $190 million robbery constituted the third-biggest crypto heist of 2022, and the ninth largest of all time, according to CompariTech.
The largest hack of all time saw $620 million stolen from Axie Infinity’s Ronin bridge in March 2022.
According to an analysis from blockchain auditing firm Certik’s security experts, “the exploit occured when a routine upgrade allowed verification messages to be bypassed on Nomad. Attackers abused this to copy/paste transactions and were able to drain the bridge of nearly all funds before it could be stopped.”
According to a tweet by the firm on Saturday, over $32 million of the stolen funds have been returned to their recovery wallet from 86 wallet addresses.
“Thank you to all the white hats who have returned funds,” said the post.