Tag: Hack

‘Ethical’ Hacker Returns $9 Million of the $190 Million Nomad Exploit

Post author By Lauren Claxton
Post date August 5, 2022

After cryptocurrency bridge Nomad was exploited by hackers to the tune of US$190 million earlier this week, those responsible have sent back US$9 million.

Since then, a recovery wallet has been set up for the safe return of any other funds they may wish to reimburse:

#PeckShieldAlert PeckShield has detected ～$9m has returned into @nomadxyz_ Funds Recovery Address, including 100 $ETH (~$164k) from address with ENS name bitliq.eth, ~3.78m $USDC, ~2m $USDT, ~15.8m $CQT (~$1.38m), ~1.2m $FRAX (~$1.2m), 200 $WETH (~328k), ~150k $DAI and etc. pic.twitter.com/Bpyjt7jnek
— PeckShieldAlert (@PeckShieldAlert) August 3, 2022

An Attack of Ethics, or Hackers’ Remorse?

Blockchain security and data analytics company PeckShield detected the initial return of stolen funds to Nomad, primarily in the form of USDC alongside USDT and other altcoins.

Then, on August 3, Nomad posted a tweet requesting the return of the remainder of the funds:

Nomad Bridge Funds Recovery Process

Dear white hat hackers and ethical researcher friends who have been safeguarding ETH/ERC-20 tokens,

Please send the funds to the following wallet address on Ethereum: 0x94A84433101A10aEda762968f6995c574D1bF154 pic.twitter.com/UF623JSZ8u
— Nomad (⤭⛓🏛) (@nomadxyz_) August 3, 2022

Nomad is a protocol that allows users to transfer tokens from Ethereum to other chains. The August 1 exploit appeared to be the outcome of a flaw in its smart contract. This means a multitude of users, with no technical knowledge, were able to find a transaction that worked, modify the target address with their own, and rebroadcast it.

Some of the users who raked in the stolen funds were, in fact, trying to assist the project by preventing the crypto from falling into the wrong hands. Nomad is appealing to these “ethical researchers” and “white hat hackers”, and has provided a crypto custodian (Anchorage Digital) to handle and safeguard the returned assets.

The Kindness of (Some) Hackers

In February this year, one white hat hacker chose a mere US$2 million bug bounty over the option of “printing unlimited ETH”. The hacker reportedly decided to warn the Optimism team of an issue rather than take the opportunity to print the ETH.

In June, another vigilante hacker was paid US$6 million for preventing a US$330 million hack. Two months earlier, the bug had been reported to Aurora via ImmuneFi, a leading Web3 bug bounty platform. All that is known about this hacker is their Ethereum domain name: pwning.eth.

Tags Hack, hackers, Nomad, white hat hackers

DeFi Hackers

DeFi Platform Warp Finance Recovers 75 % Of $5.85M Stolen Funds

Post author By José Oramas
Post date December 21, 2020

Warp Finance announced the recovery of $5.85M, 75% of funds stolen on December 17 — when an attacker withdrew a $7.76m through a flash loan exploit.

The DeFi platform said the distribution and compensation of the stolen funds for the affected users will begin on December 21. The compensation is proportional to the number of W-DAI (DAI stablecoin) and W-USD (U.S. Dollar) held at the moment of the snapshot.

On December 20th, 2020 at 0216 UTC we successfully recovered the loan collateral from the exploit, in the form of ETH/DAI-LP tokens. The value is approximately $5.85m, which is ~75% of the $7.76m lost funds.

Full statement: https://t.co/SzrE3irylJ
— warp.finance (@warpfinance) December 20, 2020

While the hacker got away with nearly $8M, the DeFi firm managed to retrieve the loan collateral. White Hat hackers, which is slang for ethical hackers — helped to locate and secure the funds. Approximately 75% of users will get a reimbursement.

The attacker managed to hack Warp Finance by using several flash attacks, like multiple flash loans through dYdX protocols, flash swaps via Uniswap, and flash liquidity.

IOU Tokens For Compensation

Warp Finance plans to compensate for the remaining 25% loss with IOU tokens. According to the firm, the Portal IOU tokens will refund users in a near future, and even giving them a profit on their initial deposits.

While we are relieved that lost funds have been partially recovered, we see this only as a first step to making Warp Finance users whole. For this reason, we will issue Portal IOU tokens to every affected user. The end goal of the IOU token is to fully refund users and potentially even giving them a profit on what they initially deposited.
Stated the firm .

Cyber-crimes have seen a surge in 2020, with more than $100M stolen including recently 8M stolen from DeFi insurer CEO Ciphertrace, a cryptocurrency forensics and blockchain threat intelligence firm, reported on November 11 that 45% of all thefts in the first six months of 2020 were Defi hacks, equating to about $51.5M — 40% of volume for that period.

Tags Hack

DeFi Ethereum

CEO of DeFi Insurer, Nexus Mutual, Loses US$ 8M In A Targeted Attack

Post author By José Oramas
Post date December 15, 2020

An unknown attacker drained 370,000 NMX tokens from Hugh Karp, CEO and founder of the DeFi insurance firm Nexus Mutual. The amount stolen is equivalent to US$ 8M.

The firm announced the attack on Monday 14 UTC. The subject gained remote access to Karp’s personal computer and modified the Metamask extension, which facilitates web applications to communicate with the Ethereum blockchain.

Immediately, the attacker, who apparently is also a member of the firm, drained an amount equivalent to $8 million by implementing a different extension — tricking Karp into signing a different transaction, and sending the funds to the attacker’s address.

Initial investigation:
A targeted personal attack on Hugh.
Hugh's using a hardware wallet. The attacker gained remote access to his computer & modified the metamask extension, tricking him into signing a different transaction which transferred funds to the attacker’s own address.
— Nexus Mutual 🐢 (@NexusMutual) December 14, 2020

According to the investigations, the attacker is a member of the firm, and only Mutual members can receive NMX. But the firm hasn’t “completely identified” the subject. Although, weeks ago, the attacker completed a KYC (Know Your Customer) — a process that financial institutions do to verify their client’s identity.

The personal address from Hugh Karp, taken from Etherscam.io

The attacker has already converted some of the stolen 370,000 NMX tokens into 334ETH — which is equivalent to US$ 200,000.

Besides, according to data from Coinmarketcap, the price for the NMX token fell a considerable amount since the announcement was made, now at -18,40% by the time of writing.

Tags Hack