Cross-chain messaging protocol Nomad announced a bounty of up to 10% for the return of the (majority of the) USD 190m stolen from the Nomad bridge on August 1.
Per the press release shared with Cryptonews.com,
“The bounty is for those who come forward now, and for those who have already returned funds.”
The team further said that they consider anyone who returns at least 90% of the total funds they stole to be a white hat hacker – and that they will not pursue legal action against any white hat hackers.
The team has decided to phrase their request in a more reconciliatory manner, continuing to refer to “white hats” and stating that those well-meaning hackers who are “looking to return funds that they have been safeguarding” [emphasis added by editor], can send the ETH/ERC-20 coins to the official Nomad recovery wallet address.
Related to this, they partnered with crypto platform Anchorage Digital to accept and safeguard retrievable funds from the bridge attack.
The announcement also confirmed that “more than [USD] 20 million [has been] recovered to date” – meaning that the team is in search of some USD 170m more.
The Nomad team added that they are currently working with blockchain intelligence company TRM Labs and law enforcement to identify the thieves, saying that they “will take all necessary action to ensure all stolen funds are returned.”
According to Pranay Mohan, Co-founder and CEO of Nomad, their “number one goal is restoring bridged user funds,” and while Nomad “will not prosecute white hats,” they “will continue to work with our partners, intelligence firms, and law enforcement to pursue all other malicious actors to the fullest extent under the law.”
As for why it took “so long” to put out the bounty, a blog post stated that,
“Given the unprecedented number of decentralized parties involved, coordinating amongst everyone was a complex process. We wanted to make sure we put the bounty out in the right way, so we took some additional time to make sure we considered the complexities due to the nature of the hack.”
As reported, Nomad was drained four days ago after experiencing a security exploit that allowed bad actors to spoof messages. It was only the latest in a series of attacks targeting bridges, and it would not be the last DeFi attack in the first days of August, as just a couple of days later, a Solana (SOL) exploit saw thousands of wallets affected and drained.