Over USD 36m has so far been returned to the official fund recovery address shared by Nomad Bridge, a cross-chain messaging protocol that was drained of USD 190m worth of funds last week in what many called “the first decentralized robbery.”
According to Etherscan transactions, the recovery wallet currently holds crypto assets worth USD 36.4m.
The wallet, marked as the “official Nomad funds recovery address” by Etherscan, has received ETH 2,179.5 (worth around USD 3.9m), USDC 9.77m, USDT 5m, WBTC 196 (USD 4.7m), DAI 3.7m, and varying amounts of other ERC-20 tokens.
The fund recovery wallet was shared by the Nomad team on August 3. However, the return of stolen funds ostensibly gained traction after the team announced an up to 10% bounty, saying that those who return at least 90% of stolen funds would be considered white hat hackers and Nomad won’t pursue legal actions against them.
In that same announcement, the team said that more than USD 20m had been returned by that point.
On Monday, the team announced that they have “created the Nomad Official Communication Key to send on-chain messages to outstanding wallet addresses” in a bid to reach more “white hat hackers” and recover more funds.
2/ If you’re a white hat that wants to chat on-chain, please send a message to 0xc2cad8f49cf18475b6893acb209ee4884e7fc2a8.
If you’re a part of the community, share this to folks that might want to chat. We’re making it easy to open a line of communication with the Nomad team.
— Nomad (⤭⛓🏛) (@nomadxyz_) August 8, 2022
As reported, the Nomad Bridge fell victim to a ‘chaotic’ hack earlier this month. The bridge had USD 190m in total value locked (TVL) before the exploit but saw the funds drained in a couple of hours.
In a post-mortem, the Nomad team said a bug “caused the Replica contract to fail to authenticate messages properly,” allowing everyone to join the attack by copy-pasting the initial hack transaction, which was akin to a “decentralized robbery.”
“As a result, contracts relying on the Replica for authentication of inbound messages suffered security failures. This authentication failure resulted in fraudulent messages being passed to the Nomad Bridge Router contract,” the team said.
As of now, the project has a total value locked (TVL) of USD 95,366, according to DeFi Llama.