88% of Nomad Bridge exploiters were 'copycats' — Report
Close to 90% of addresses taking part in the $186 million Nomad Bridge hack last week have been identified as “copycats,” making off with a total of $88 million worth of tokens on Aug. 1, a new report has revealed.
In an Aug. 10 Coinbase blog, authored by Peter Kacherginsky, Coinbase's principal blockchain threat intelligence researcher, and Heidi Wilder, a senior associate of the special investigations team, the pair confirmed what many had suspected during the bridge hack on Aug. 1 — that once the initial hackers figured out how to extract funds, hundreds of “copycats” joined the party.
According to the security researchers, the “copycat” method was a variation of the original exploit, which used a loophole in Nomad's smart contract, allowing users to extract funds from the bridge that wasn't theirs.
The copycats then copied the same code but modified the target token, token amount, and recipient addresses.
But while the first two hackers were the most successful (in terms of total funds extracted), once the method became apparent to the copycats, it became a race for all involved to extract as many funds as possible.
The Coinbase analysts also noted that the original hackers first targeted the Bridge’s wrapped-Bitcoin (wBTC), followed by USD Coin (USDC) and wrapped-ETH (wETH).
As the wBTC, USDC and wETH tokens were present in the largest concentrations in the Nomad Bridge, it made sense for the original hackers to first extract these tokens.
Surprisingly, Nomad Bridge’s request for stolen funds yielded a 17% return (as of Aug. 9), with the majority of those tokens being in the form of USDC (30.2%), Tether (USDT) (15.5%), and wBTC (14.0%).
Because the original hackers mostly exploited wBTC and wETH, the fact that most of
Read more on cointelegraph.com
