Reports by Coinbase have shown that 88% of the Nomad heist which happened a few days ago was carried out by ‘copycats’. These copycats are users who copied the code that was used to initiate the first attack, then replicated it to execute their own attack.
Altogether, the funds stolen from the Nomad bridge were $190 million in crypto. They were particularly stablecoins like USD Coin (USDC), Tether (USDT), and Frax. Comparatively, the fund hijacked by these copycats amounted to about $88 million in cryptocurrencies.
The exploit on the Nomad bridge was announced on 2nd August stating that $190 million had been redirected from the bridge. According to the news, the theft cleared almost all the funds on the network. Many wallet addresses involved in the heist were suspected to be owned by unidentified entities and whitehats hackers.
From analysis, it was discovered that the actors did not need any technical knowledge of programming to perpetrate the attack. Instead, they just had to initiate a simple copy and paste instruction of the code used for the first attack. Thereafter, small deposits were approved in exchange for huge withdrawals that later cleared the Nomad’s account.
Copycats Exploit Nomad Bridge Vulnerability
Coinbase’s investigation into the heist was borne out of the need to check the nature of the vulnerability, and the method of exploitation.
The on-chain analysis of hackers’ behavior during the Nomad Bridge incident was also considered. In all of the several hacks carried out including the breach on the Ronin bridge which led to a loss of $625 million, decentralized finance (DeFi) hacks are more prevalent.
Connecting the links on the network’s vulnerability, the replica contract that stores and validates messages in a Merkle tree structure was exploited. Taking advantage of the vulnerability, a tricky message was designed and sent by the copycats to the Nomad bridge. this tricky message prompted the transfer of tokens without appropriate authorization.
So far, about 17% of the funds have been returned by whitehat hackers who joined the pool to save some of the funds from the actual thieves. A sum of $32.6 million was returned after Nomad pleaded and promised 10% of the stolen fund as a reward.