Cryptocurrency Startup Nomad Offers 10% Bonus After $190 Million Hack

Cryptocurrency company Nomad says it offers hackers a bonus of up to 10% for users’ funds after losing nearly $200 million in a devastating security exploit.

Nomad pleaded with the thieves to return any funds to his crypto wallet. In a statement late Thursday, the company said it has recovered more than $20 million to date.

“Bounties are for those who return now and for those who have already paid back,” Nomad said.

Nomad said it will not take legal action against any hackers who return 90% of the assets it took, as it will consider these individuals “white hat” hackers. White hat is likened to “ethical hacker” in the world of cyber security. They partner with organizations to alert them to problems in their software.

It comes after a flaw in Nomad’s code allowed hackers to gain about $190 million worth of tokens. Users can enter any value into the system and then withdraw funds, even if there are not enough assets when depositing.

The nature of the bug means that users don’t need any programming skills to exploit it. Once the others grasped what was happening, they cornered and carried out the same attack.

Nomad said it is working with blockchain analytics firm TRM Labs and law enforcement to track down the stolen funds and identify the perpetrators behind the attack. It is also working with Anchorage Digital, a US licensed bank focused on the safekeeping of cryptocurrencies, to store any returned funds.

Nomad is known as a cryptocurrency “bridge”, a tool that links different blockchain networks together. A bridge is a simple way for users to transfer tokens from one blockchain to another – for example, from ethereum arrive solana.

What happens is that the user sends some token and the bridge then generates an equivalent amount in “wrap” on the other end. The wrapped tokens represent a claim on the original, which users can trade on platforms other than the one they were built on.

Given the sheer amount of assets locked inside bridges – plus bugs that make them vulnerable – they are known to be attractive targets for hackers.

Adrian Hetman, chief technology officer at crypto security firm Immunefi, told CNBC: “Those bridges are accumulating a lot of money right now.

“When there’s a lot of money in certain places, it’s easier for hackers to find vulnerabilities there and steal that money.”

Nomad’s attack is the eighth biggest crypto hack all time, according to blockchain analytics firm Elliptic. There were more than 40 hackers involved, one of which raised just under $42 million, Elliptic said.

According to crypto security firm Chainalysis, the mining brings the total amount stolen from cross-chain bridges this year to more than $2 billion. Of the 13 separate hacks, the largest was the $615 million attack on Ronin, a network linked to the controversial cryptocurrency game Axie Infinity.

In one separate hacks Third, approximately $5.2 million in digital currency was stolen from nearly 8,000 wallets connected to the solana blockchain.