{"id":483312,"date":"2022-08-11T07:43:18","date_gmt":"2022-08-11T04:43:18","guid":{"rendered":"https:\/\/en.buradabiliyorum.com\/88-of-nomad-bridge-exploiters-were-copycats-report\/"},"modified":"2022-08-11T07:43:18","modified_gmt":"2022-08-11T04:43:18","slug":"88-of-nomad-bridge-exploiters-were-copycats-report","status":"publish","type":"post","link":"https:\/\/buradabiliyorum.com\/en\/88-of-nomad-bridge-exploiters-were-copycats-report\/","title":{"rendered":"# 88% of Nomad Bridge exploiters were &#8216;copycats&#8217; \u2014 Report"},"content":{"rendered":"<div id=\"ez-toc-container\" class=\"ez-toc-v2_0_85 counter-hierarchy ez-toc-counter ez-toc-custom ez-toc-container-direction\">\n<p class=\"ez-toc-title\" style=\"cursor:inherit\">Table of Contents<\/p>\n<label for=\"ez-toc-cssicon-toggle-item-6a33785ec5a80\" class=\"ez-toc-cssicon-toggle-label\"><span class=\"\"><span class=\"eztoc-hide\" style=\"display:none;\">Toggle<\/span><span class=\"ez-toc-icon-toggle-span\"><svg style=\"fill: #dd3333;color:#dd3333\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" class=\"list-377408\" width=\"20px\" height=\"20px\" viewBox=\"0 0 24 24\" fill=\"none\"><path d=\"M6 6H4v2h2V6zm14 0H8v2h12V6zM4 11h2v2H4v-2zm16 0H8v2h12v-2zM4 16h2v2H4v-2zm16 0H8v2h12v-2z\" fill=\"currentColor\"><\/path><\/svg><svg style=\"fill: #dd3333;color:#dd3333\" class=\"arrow-unsorted-368013\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"10px\" height=\"10px\" viewBox=\"0 0 24 24\" version=\"1.2\" baseProfile=\"tiny\"><path d=\"M18.2 9.3l-6.2-6.3-6.2 6.3c-.2.2-.3.4-.3.7s.1.5.3.7c.2.2.4.3.7.3h11c.3 0 .5-.1.7-.3.2-.2.3-.5.3-.7s-.1-.5-.3-.7zM5.8 14.7l6.2 6.3 6.2-6.3c.2-.2.3-.5.3-.7s-.1-.5-.3-.7c-.2-.2-.4-.3-.7-.3h-11c-.3 0-.5.1-.7.3-.2.2-.3.5-.3.7s.1.5.3.7z\"\/><\/svg><\/span><\/span><\/label><input type=\"checkbox\"  id=\"ez-toc-cssicon-toggle-item-6a33785ec5a80\" checked aria-label=\"Toggle\" \/><nav><ul class='ez-toc-list ez-toc-list-level-1 ' ><li class='ez-toc-page-1 ez-toc-heading-level-1'><a class=\"ez-toc-link ez-toc-heading-1\" href=\"https:\/\/buradabiliyorum.com\/en\/88-of-nomad-bridge-exploiters-were-copycats-report\/#%E2%80%9D_88_of_Nomad_Bridge_exploiters_were_%E2%80%98copycats_%E2%80%94_Report_%E2%80%9C\" >&#8221; 88% of Nomad Bridge exploiters were &#8216;copycats&#8217; \u2014 Report  &#8220;<\/a><ul class='ez-toc-list-level-3' ><li class='ez-toc-heading-level-3'><ul class='ez-toc-list-level-3' ><li class='ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-2\" href=\"https:\/\/buradabiliyorum.com\/en\/88-of-nomad-bridge-exploiters-were-copycats-report\/#White-hat_efforts\" >White-hat efforts<\/a><\/li><\/ul><\/li><\/ul><\/li><\/ul><\/nav><\/div>\n<h1><span class=\"ez-toc-section\" id=\"%E2%80%9D_88_of_Nomad_Bridge_exploiters_were_%E2%80%98copycats_%E2%80%94_Report_%E2%80%9C\"><\/span>&#8221; 88% of Nomad Bridge exploiters were &#8216;copycats&#8217; \u2014 Report  &#8220;<span class=\"ez-toc-section-end\"><\/span><\/h1>\n<div class=\"post-content\" data-v-28d77a7a>Close to 90% of addresses taking part in the $186 million Nomad Bridge hack last week have been identified as \u201ccopycats,\u201d making off with a total of $88 million worth of tokens on Aug. 1, a new report has revealed.<\/p>\n<p>In an Aug. 10 Coinbase blog, <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/blog.coinbase.com\/nomad-bridge-incident-analysis-899b425b0f34\">authored<\/a> by Peter Kacherginsky, Coinbase&#8217;s principal blockchain threat intelligence researcher, and Heidi Wilder, a senior associate of the special investigations team, the pair confirmed what many had suspected during the bridge hack on Aug. 1 \u2014 that once the initial hackers figured out how to extract funds, hundreds of \u201ccopycats\u201d joined the party.<\/p>\n<figure><img decoding=\"async\" src=\"https:\/\/s3.cointelegraph.com\/uploads\/2022-08\/3a253d00-2b65-43e7-9159-3400f4069910.PNG\" alt=\"\" title=\"\"><figcaption style=\"text-align: center;\"><em>Source: Coinbase<\/em><\/figcaption><\/figure>\n<p>According to the security researchers, the \u201ccopycat\u201d method was a variation of the original exploit, which used a loophole in Nomad&#8217;s smart contract, allowing users to extract funds from the bridge that wasn&#8217;t theirs. <\/p>\n<p>The copycats then copied the same code but modified the target token, token amount, and recipient addresses. <\/p>\n<p>But while the first two hackers were the most successful (in terms of total funds extracted), once the method became <a href=\"https:\/\/buradabiliyorum.com\/en\/category\/download-scripts-themes-apps\/\" data-internallinksmanager029f6b8e52c=\"9\" title=\"Download Scripts &amp; Themes &amp; Apps\" target=\"_blank\" rel=\"noopener\">app<\/a>arent to the copycats, it became a race for all involved to extract as many funds as possible.<\/p>\n<p>The Coinbase analysts also noted that the original hackers first targeted the Bridge\u2019s wrapped-Bitcoin (wBTC), followed by USD Coin (USDC) and wrapped-ETH (wETH).<\/p>\n<figure><img decoding=\"async\" src=\"https:\/\/s3.cointelegraph.com\/uploads\/2022-08\/36e3d84f-952f-4f41-bbc1-48b1f218adb2.PNG\" alt=\"\" title=\"\"><figcaption style=\"text-align: center;\">Source: Coinbase<\/figcaption><\/figure>\n<p>As the wBTC, USDC and wETH tokens were present in the largest concentrations in the Nomad Bridge, it made sense for the original hackers to first extract these tokens.<\/p>\n<h3><span class=\"ez-toc-section\" id=\"White-hat_efforts\"><\/span>White-hat efforts<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>Surprisingly, Nomad Bridge\u2019s request for stolen funds yielded a 17% return (as of Aug. 9), with the majority of those tokens being in the form of USDC (30.2%), Tether (USDT) (15.5%), and wBTC (14.0%). <\/p>\n<figure><img decoding=\"async\" src=\"https:\/\/s3.cointelegraph.com\/uploads\/2022-08\/5081dd08-d6f7-4893-b0c6-fe4e42d5975b.JPG\" alt=\"\" title=\"\"><figcaption style=\"text-align: center;\"><em>Source: Coinbase<\/em><\/figcaption><\/figure>\n<p>Because the original hackers mostly exploited wBTC and wETH, the fact that most of the returned funds came in the form of USDC and USDT suggests that the majority of the funds returned were from white-hat \u201ccopycats.\u201d<\/p>\n<p>Meanwhile, approximately 49% of the exploited funds (as of Aug. 9) have been transferred elsewhere from each of the recipient\u2019s addresses.<\/p>\n<p><strong><em>Related: $2B in crypto stolen from cross-chain bridges this year: Chainalysis<\/em><\/strong><\/p>\n<p>Coinbase also noted that the first three recipient addresses were funded by Tornado Cash, an Ethereum-based protocol that allows users to transact anonymously. On Monday, the U.S. Treasury sanctioned all USDC and ETH addresses linked to the protocol. <\/p>\n<p>The Nomad Bridge hack has become the fourth largest DeFi hack ever and the third biggest in 2022, following the $250 million Wormhole Bridge hack in February and the $540 million Ronin Bridge hack in March. Cross-chain bridges of these kinds have been accused of being too centralized, making it an ideal site for attackers to exploit. <\/p>\n<p><template data-name=\"subscription_form\" data-type=\"law_decoded\"><\/template><\/div>\n<blockquote><p><strong><span style=\"color: #ff6600;\">If you liked the article, do not forget to share it with your friends. Follow us on\u00a0<span style=\"color: #ff0000;\"><a style=\"color: #ff0000;\" href=\"https:\/\/news.google.com\/publications\/CAAqBwgKMLG0nwswvr63Aw\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">Google News<\/a><\/span>\u00a0too, click on the star and choose us from your favorites.<\/span><\/strong><\/p><\/blockquote>\n<blockquote>\n<p style=\"text-align: center;\">For forums sites go to <span style=\"color: #ff9900;\"><a style=\"color: #ff9900;\" href=\"https:\/\/forum.buradabiliyorum.com\/\" target=\"_blank\" rel=\"noopener\">Forum.BuradaBiliyorum.Com<\/a><\/span><\/strong>\n<\/p><\/blockquote>\n<blockquote>\n<p style=\"text-align: center;\"><strong>If you want to read more <a href=\"https:\/\/buradabiliyorum.com\/en\/category\/news\/\" data-internallinksmanager029f6b8e52c=\"2\" title=\"News\" target=\"_blank\" rel=\"noopener\">News<\/a> articles, you can visit our <span style=\"color: #ff9900;\"><a style=\"color: #ff9900;\" href=\"https:\/\/en.buradabiliyorum.com\/general\/\" target=\"_blank\" rel=\"noopener\">General category.<\/a><\/span><\/strong><\/p>\n<\/blockquote>\n<p><span style=\"color: black;\"><a style=\"color: #ff9900;\" href=\"https:\/\/cointelegraph.com\/news\/88-of-nomad-bridge-exploiters-were-copycats-report\" target=\"_blank\" rel=\"noopener\">Source<\/a><\/span><\/p>\n","protected":false},"excerpt":{"rendered":"<p>&#8221; 88% of Nomad Bridge exploiters were &#8216;copycats&#8217; \u2014 Report &#8220; Close to 90% of addresses taking part in the $186 million Nomad Bridge hack last week have been identified as \u201ccopycats,\u201d making off with a total of $88 million worth of tokens on Aug. 1, a new report has revealed. In an Aug. 10&#8230;<\/p>\n","protected":false},"author":1,"featured_media":483313,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/images.cointelegraph.com\/images\/1200_aHR0cHM6Ly9zMy5jb2ludGVsZWdyYXBoLmNvbS91cGxvYWRzLzIwMjItMDgvYWQ3ZjZmMWYtNWY0Mi00YzU1LWI2ZTEtMDc5ZmE1ZWEyNmQ3LmpwZw==.jpg","fifu_image_alt":"","footnotes":""},"categories":[1],"tags":[74894,74882,72287],"class_list":["post-483312","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-general","tag-blockchain","tag-hacks","tag-security"],"_links":{"self":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/posts\/483312","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/comments?post=483312"}],"version-history":[{"count":0,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/posts\/483312\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/media\/483313"}],"wp:attachment":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/media?parent=483312"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/categories?post=483312"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/tags?post=483312"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}