88% of Nomad Bridge exploiters were "copycats" - Report
Copiers used the same code as the original hackers, but changed the target token, token amount, and recipient addresses.
New
Nearly 90% of addresses participating in the $186 million Nomad Bridge hack last week were identified as "imitators", landing a total of $88 million in tokens on August 1, according to a new report.
In a Wednesday Coinbase blog, written by Peter Kacherginsky, Coinbase's Senior Blockchain Threat Intelligence Researcher, and Heidi Wilder, Senior Special Investigations Team Associate, the pair confirmed what many had suspected in the August 1 bridge hack — that once the initial hackers figured out how to mine funds, hundreds of "copycats" joined the party.
Source : CoinbaseAccording to security researchers, the "copycat" method was a variant of the original exploit, which used a flaw in Nomad's smart contract, allowing users to mine funds from the bridge that was not theirs.
Copiers then copied the same code but changed the target token, token amount, and recipient addresses.
But, while the first two hackers were the most successful (in terms of total funds mined), once the method became obvious to copycats, it became a race for everyone involved to extract as much funds as possible.
Coinbase analysts also noted that the original hackers targeted Bridge's Wrapped Bitcoin (wBTC) first, followed by USD Coin (USDC) and Wrapped Ether (wETH).
Source: Coinbase< /figure>Since wBTC, USDC, and wETH tokens were present in the largest concentrations of the Nomad Bridge, it made sense that the original hackers would mine these tokens first.
White Hat EffortsSurprisingly, demand for stolen funds from Nomad Bridge returned 17% (Tuesday), with the majority of those tokens being in the form of USDC (30.2%), Tether (
Copiers used the same code as the original hackers, but changed the target token, token amount, and recipient addresses.
New
Nearly 90% of addresses participating in the $186 million Nomad Bridge hack last week were identified as "imitators", landing a total of $88 million in tokens on August 1, according to a new report.
In a Wednesday Coinbase blog, written by Peter Kacherginsky, Coinbase's Senior Blockchain Threat Intelligence Researcher, and Heidi Wilder, Senior Special Investigations Team Associate, the pair confirmed what many had suspected in the August 1 bridge hack — that once the initial hackers figured out how to mine funds, hundreds of "copycats" joined the party.
Source : CoinbaseAccording to security researchers, the "copycat" method was a variant of the original exploit, which used a flaw in Nomad's smart contract, allowing users to mine funds from the bridge that was not theirs.
Copiers then copied the same code but changed the target token, token amount, and recipient addresses.
But, while the first two hackers were the most successful (in terms of total funds mined), once the method became obvious to copycats, it became a race for everyone involved to extract as much funds as possible.
Coinbase analysts also noted that the original hackers targeted Bridge's Wrapped Bitcoin (wBTC) first, followed by USD Coin (USDC) and Wrapped Ether (wETH).
Source: Coinbase< /figure>Since wBTC, USDC, and wETH tokens were present in the largest concentrations of the Nomad Bridge, it made sense that the original hackers would mine these tokens first.
White Hat EffortsSurprisingly, demand for stolen funds from Nomad Bridge returned 17% (Tuesday), with the majority of those tokens being in the form of USDC (30.2%), Tether (
What's Your Reaction?
