$88 Million Stolen From Nomad Were "CopyCats"

Two weeks ago, the crypto bridge Nomad was victim to a $190 million hack, now it's reported that 88% of those who participated were copycats.

The report comes from Coinbase's claims that all these hackers had to do, was copy the critical attacker's code and engage in their own attack.

The Coinbase report details how 88% of participants in the exploit were given “the copycat” moniker as all together they stole around $88 million in coin from the bridge.

“The majority of copycats used a variation of the original exploit by simply modifying targeted tokens, amounts, and recipient addresses,” Coinbase researchers said.

“While the majority of valuable tokens were claimed by just two of the original exploiters’ addresses, hundreds of others were able to claim part of the bridge’s holdings,” the researchers added.

Paradigm researcher @samczsun took to Twitter to explain how a simple update to Nomad smart contract led to users being able to copy code and fake transactions.

“... [Y]ou didn't need to know about Solidity, Merkle Trees, or anything like that. All you had to do was find a transaction that worked, find/replace the other person's address with yours, and then re-broadcast it,” @samczsun said in a tweet in early August.

This enabled people to withdraw funds initially not designated for them. In contrast, usually, one individual executes most bridge attacks, the ease of access led to a cavalcade of people joining in this one.

Backing up these reports, the blockchain security firm Certik reported that all hackers had to do copy and paste transactions, to take part in the exploit. Further explaining “by copying the original hacker's transaction call data and replacing the original address with a personal one.”

As of this writing, Nomad has been working with white hat hackers and security agencies to obtain the stolen funds, with $25 million being recovered as of August 10th.