Study Shows That 88% Of Hackers Involved in Nomad Attack Were "Copycats"

Nomad, a cross-bridge protocol established in 2021, has been recently affected by a huge fund exploit, which as the new research reveals, has been mainly committed by “copycats”. 

According to the new study conducted by Heidi Wilder, a senior associate of the special investigations team, and Peter Kacherginsky, Coinbase's principal blockchain threat intelligence researcher, the “copycats” gathered around $88 million worth of crypto from the theft. 

Did you know?

Want to get smarter & wealthier with crypto?

Subscribe - We publish new crypto explainer videos every week!

What is NEO in Crypto? Chinese Ethereum Explained (ANIMATED)

SUBSCRIBE

ON YOUTUBE

Based on the research, "copycats" made up 88% of all hackers.

The researchers state that everything started from the initial hack. The first hacker noticed a gap in the security exploit and used it to steal funds. Afterward, "copycats" caught on to this scheme and used it for their own benefit. The thieves changed the token type, its amount, and recipient's address. 

It seems that the most popular cryptocurrencies exploited during the hack were wrapped-Bitcoin (wBTC), USD Coin (USDC), and wrapped-ETH (wETH). However, it is not surprising, as the hacked Nomad Bridge contained large quantities of these cryptocurrencies.

After the exploit, Nomad took to Twitter to ask hackers to return their funds, offering a 10% bounty. According to the tweet shared by Nomad, “white hat” hackers have returned $36,2 million. 

The report showed that the majority of returned funds were USDC (30.2%), USDT (15.5%), and wBTC (14.0%). 

Wilder and Kacherginsky assumed that it is likely that the majority of thieves who returned their funds were “copycats”. The researchers made these assumptions based on what type of coins were returned. According to researchers, the main hackers were mainly exploiting wBTC and wETh. Whereas the returned funds mainly consisted of USDC and USDT. 

Nomad used Twitter to share its approval for such studies. The cross-bridge protocol didn’t mention Coinbase researchers directly, however, praised such initiatives:

The researchers also noted that the first three hackers “were funded by Tornado Cash”. This finding makes it another stone thrown into Tornado Cash’s garden, as on August 8th, the U.S. Treasury sanctioned 44 Tornado Cash addresses. 

Gile K., Market Sentiment Analyst

Gile is a Market Sentiment Analyst who understands what public events may form what emotions. Her experience researching Web3 news and public market messages – including cryptocurrency news reports, PRs, and social network streams – is critical to her role in helping lead the Crypto News Editorial Team.
As an intelligent professional in public relations, together with the team, she aims to determine real VS fake news patterns, and bring her findings to anyone searching for unbiased news and events happening in the FinTech markets. Her expertise is uncovering the latest trustworthy & informative Web3 announcements to the masses.
When she's not researching the trustworthiness of mainstream stories, she spends time enjoying her terrace view and taking meticulous care of her outdoor environment.

Full Bio

All Expert Contributors & Analysts