Nomad happy to forgive hackers if they return 90% of $190 million that was stolen

A hacker against a red background
(Image credit: Getty Images)

The crypto bridge Nomad Bridge is offering hackers a 10% bounty after the company was hit by a cyber attack earlier this week in which it lost $190 million.

Nomad Bridge will consider any party who returns at least 90% of the total funds stolen to be an ethical or white hat hacker, it revealed today. The organisation will, therefore, drop any intent to pursue legal action against the perpetrators, who they'll deem to have conducted the hacking operation on reasonable grounds.

The company added it’s continuing to work with its community, law enforcement, and blockchain analysis firms to ensure all funds are returned.

Nomad said that although it won’t pursue legal action against to-be determined white hat hackers, it'll identify them to any third parties who may be considering legal action. It's also working closely with law enforcement and will advocate for no criminal charges when the so-called ethical hackers return the funds.

They need to be returned in Ethereum or ERC-20 to the official Nomad recovery wallet address, which is being run along with Anchorage Digital, a nationally regulated custodian bank.

“Given the unprecedented number of decentralised parties involved, coordinating amongst everyone was a complex process,” said the company. “We wanted to make sure we put the bounty out in the right way, so we took some additional time to make sure we considered the complexities due to the nature of the hack.”

Some white hats have already returned money to the crypto bridge. Paladin Blockchain Security and returned funds worth $1 million to the recovery wallet, stated Nomad. A total of $11.2 million was also returned by five white hats including darkfi-eth, anime.eth, and returner-of-beans.eth. The total returned seems to be around $17 million.

Cross-chain token bridge Nomad was hit with an exploit earlier this week which saw attackers drain it of nearly $200 million. Following a routing upgrade on the platform, messages were allowed to be spoofed which meant that attackers could abuse this to copy and paste transactions. This quickly drained the bridge in a “frenzied free-for-all” said the Paradigm researcher known as samczsun.

At the time, the company thanked many of its white hat friends who acted proactively and were safeguarding some of the funds. It instructed them to continue to hold them until it provided further instructions through Twitter.

Zach Marzouk

Zach Marzouk is a former ITPro, CloudPro, and ChannelPro staff writer, covering topics like security, privacy, worker rights, and startups, primarily in the Asia Pacific and the US regions. Zach joined ITPro in 2017 where he was introduced to the world of B2B technology as a junior staff writer, before he returned to Argentina in 2018, working in communications and as a copywriter. In 2021, he made his way back to ITPro as a staff writer during the pandemic, before joining the world of freelance in 2022.