Hacked crypto startup Nomad offers a 10% bounty for return of funds after $190 million attack

cnbc.com:

Crypto company Nomad said it's offering hackers a bounty of up to 10% to retrieve user funds after losing nearly $200 million in a devastating security exploit.

Nomad pleaded with the thieves to return any funds to its crypto wallet. In a statement late Thursday, the company said it has so far recouped more than $20 million of the haul.

«The bounty is for those who come forward now, and for those who have already returned funds,» Nomad said.

Nomad said it won't take legal action against any hackers who return 90% of the assets they took, as it will consider these individuals to be «white hat» hackers. White hats are like the «ethical hackers» in the cybersecurity world. They cooperate with organizations to alert them to issues in their software.

It comes after a vulnerability in Nomad's code allowed hackers to make off with around $190 million worth of tokens. Users were able to enter any value into the system and then withdraw the funds, even if there weren't enough assets available on deposit.

The nature of the bug meant users didn't need any programming skills to exploit it. Once others caught on to what was going on, they piled in and carried out the same attack.

Nomad said it is working with blockchain analysis firm TRM Labs and law enforcement to trace the stolen funds and identify the perpetrators behind the attack. It is also working with Anchorage Digital, a licensed U.S. bank focused on the safekeeping of cryptocurrencies, to store any funds that get returned.

Nomad is what's called a crypto «bridge,» a tool that links different blockchain networks together. Bridges are a simple way for users to transfer tokens from one blockchain to another — say, from ethereum to solana.

What happens is users deposit some