Nomad Bridge, a cross-chain messaging protocol, which recently faced a staggering loss of USD 190m in an event termed by many as “the first decentralized heist,” has seen over USD 36m restored to its designated recovery address.
As indicated by Etherscan transaction records, the recovery wallet currently encompasses cryptocurrency assets valued at USD 36.4m.
Labeled as the “official Nomad funds recovery address” by Etherscan, the wallet has registered deposits including ETH 2,179.5 (approximated at USD 3.9m), USDC 9.77m, USDT 5m, WBTC 196 (equivalent to USD 4.7m), DAI 3.7m, along with assorted quantities of other ERC-20 tokens.
This recovery address was publicized by the Nomad team on August 3. The momentum to reimburse stolen assets seemingly picked up after the team declared a bounty of up to 10%. They communicated that contributors returning a minimum of 90% of the pilfered funds would be recognized as ethical hackers, and in turn, Nomad would abstain from initiating legal proceedings against them.
In their statement, the team disclosed that by the time of their announcement, over USD 20m had already been restored.
On Monday, further developments were shared by the team. They unveiled that they’ve established the “Nomad Official Communication Key” designed to transmit on-chain messages directly to the remaining wallet addresses. This move aims to engage more ethical hackers, or “white hat hackers,” in the hopes of retrieving additional funds.
Previously, as noted, Nomad Bridge experienced a significant breach earlier in the month. Before this unfortunate event, the bridge boasted a total value locked (TVL) of USD 190m. However, this amount was siphoned off within just a few hours due to the exploit.
After analyzing the breach, the Nomad team identified the root cause in a post-mortem analysis. They pointed out a glitch which “led the Replica contract to inadequately verify messages.” This loophole essentially enabled anyone to mimic the original illicit transaction and participate in the exploit, creating a scenario reminiscent of a “decentralized heist.”
The team elaborated, “Due to this, contracts that depended on the Replica for verification of incoming messages experienced security breaches. The flaw in verification meant that deceptive messages were relayed to the Nomad Bridge Router contract.”
Based on current figures from DeFi Llama, the project’s total value locked (TVL) stands at a diminished USD 95,366.