Whitehat hackers have returned around $9 million of the stolen $190 million from Nomad Bridge, Peckshield revealed.
#PeckShieldAlert PeckShield has detected ~$9m has returned into @nomadxyz_ Funds Recovery Address, including 100 $ETH (~$164k) from address with ENS name bitliq.eth, ~3.78m $USDC, ~2m $USDT, ~15.8m $CQT (~$1.38m), ~1.2m $FRAX (~$1.2m), 200 $WETH (~328k), ~150k $DAI and etc. pic.twitter.com/Bpyjt7jnek
— PeckShieldAlert (@PeckShieldAlert) August 3, 2022
According to the blockchain security firm, the returned amount is roughly 4.8% of the total loss incurred by the bridge.
A breakdown of the returned funds showed that the majority of them were stablecoins. Around $2 million USDT, $3.8 million USDC, $1.2 million FRAX and $150,000 DAI have been returned.
Other tokens that were returned include SUSHI, WETH, Ethereum (ETH), and others.
The Nomad team had urged the white hat hackers to refund the funds to a designated wallet.
Nomad Bridge Funds Recovery Process
Dear white hat hackers and ethical researcher friends who have been safeguarding ETH/ERC-20 tokens,
Please send the funds to the following wallet address on Ethereum: 0x94A84433101A10aEda762968f6995c574D1bF154 pic.twitter.com/UF623JSZ8u
— Nomad (⤭⛓🏛) (@nomadxyz_) August 3, 2022
A statement from Nomad also revealed that the firm was “working with TRM Labs, a leading chain analysis/intelligence firm and law enforcement to trace stolen funds, identify recipient wallets, and coordinate the return of funds.”
The crypto bridge protocol also revealed that it was working with custodial firm Anchorage Digital to “accept and safeguard” the retrieved funds.
Nomad refute claims of being warned about the attack
Nomad refuted claims that a Quantstamp’s audit had warned it about the possibility of the hack.
According to the team, the identified issue in the audit was unrelated to the hack.
4/ Contrary to misinformation that has spread within the community, this issue was not disclosed as part of Quantstamp’s audit of the Nomad contracts. The issue identified by Quantstamp was related to prove(), an entirely different function.
— Connext | ✖chain composability 🧱 (@ConnextNetwork) August 3, 2022
There had been increased chatter within the crypto community that the Nomad team was warned about a security vulnerability in its code but did nothing about it.