Nomad, a cross-bridge protocol established in 2021, has been recently affected by a huge fund exploit, which as the new research reveals, has been mainly committed by “copycats”. 

According to the new study conducted by Heidi Wilder, a senior associate of the special investigations team, and Peter Kacherginsky, Coinbase’s principal blockchain threat intelligence researcher, the “copycats” gathered around $88 million worth of crypto from the theft. 

Did you know?

Want to get smarter & wealthier with crypto?

Subscribe – We publish new crypto explainer videos every week!

Based on the research, “copycats” made up 88% of all hackers.

The researchers state that everything started from the initial hack. The first hacker noticed a gap in the security exploit and used it to steal funds. Afterward, “copycats” caught on to this scheme and used it for their own benefit. The thieves changed the token type, its amount, and recipient’s address. 

It seems that the most popular cryptocurrencies exploited during the hack were wrapped-Bitcoin (wBTC), USD Coin (USDC), and wrapped-ETH (wETH). However, it is not surprising, as the hacked Nomad Bridge contained large quantities of these cryptocurrencies.

After the exploit, Nomad took to Twitter to ask hackers to return their funds, offering a 10% bounty. According to the tweet shared by Nomad, “white hat” hackers have returned $36,2 million. 

The report showed that the majority of returned funds were USDC (30.2%), USDT (15.5%), and wBTC (14.0%). 

Wilder and Kacherginsky assumed that it is likely that the majority of thieves who returned their funds were “copycats”. The researchers made these assumptions based on what type of coins were returned. According to researchers, the main hackers were mainly exploiting wBTC and wETh. Whereas the returned funds mainly consisted of USDC and USDT. 

Nomad used Twitter to share its approval for such studies. The cross-bridge protocol didn’t mention Coinbase researchers directly, however, praised such initiatives:

The researchers also noted that the first three hackers “were funded by Tornado Cash”. This finding makes it another stone thrown into Tornado Cash’s garden, as on August 8th, the U.S. Treasury sanctioned 44 Tornado Cash addresses. 

by Aaron S. – Expert Reviewer, BitDegree