Last week’s Nomad Bridge $186 million hack has been identified as copycats, says a new report. The incident saw Nomad Bridge suffer the fourth largest DeFi hack on August 1.
Peter Kacherginsky, Threat Intelligence, and Heidi Wilder, Special Investigations, believe it’s no coincidence that DeFi bridges constitute some of the most costly incidents in the crypto industry. The Nomad Bridge hack is considered “unique” because of the simplicity of the exploit and the number of individuals taking advantage of it to empty all stored assets piece by piece. It should be noted that Nomad’s bridging protocol is built using on-chain and off-chain components.
The report says the copycat method was a variation of the original exploit. It used a loophole in Nomad’s smart contract which allowed users to extract funds from the bridge that wasn’t theirs. The hackers copied the same code but modified the target token, token amount, and recipient addresses. When this became apparent to the copycats, the incident emerged as a race for all involved to extract as many funds as possible. The researchers pointed out that the original hackers first targeted the Bridge’s Wrapped Bitcoin (wBTC), followed by USD Coin (USDC) and Wrapped Ether (wETH). These tokens were present in the largest concentrations in the Nomad Bridge. And it made sense for the original hackers to first extract these tokens.
The original hackers, as per the report, mainly exploited wBTC and wETH. The majority of the funds returned were from white-hat copycats as the returned funds came in the form of USDC and USDT. But 49% of the exploited funds have been transferred elsewhere from each of the recipient’s addresses.