284 total views
The two crypto projects that were attacked this week, Nomad and Slope, both pledged not to criminally prosecute the hacker if the money was returned.
As Cointelegraph reported, the cryptocurrency sector this past week recorded two serious security incidents, resulting in enormous losses.
First, on August 2, the Nomad cross-chain bridge was attacked by hackers because of a previously discovered vulnerability that was not completely fixed. Many people have discovered the way that the attacker used and copied it, leading to a bluff of “stink”. According to some estimates, the entire amount of about 175-190 million USD was withdrawn from Nomad in a few hours.
Just a day later, on August 3, the Solana network was frantic at the news that a series of wallets had been withdrawn for unknown reasons, causing extreme panic. After hours of struggling to determine the source, the vulnerability was discovered in the crypto wallet application Slope, which accidentally transmitted the user’s private key and seed phrase information to 3rd party servers. In total, approx. 8,000 crypto wallets on Solana that have interacted with Slope in the past are affected, the damage is in the range of 4-6 million USD.
Nomad then posted a wallet address and asked those who “spoiled” from this bridge to voluntarily return the money. By the evening of August 3, the project had received $ 9.1 million from white hat hackers.
However, because of the slow speed of refund, Nomad decided to give in and allow those who pay to keep 10% as a bug bounty and pledge not to prosecute criminally. .
Update: Nomad Bridge Hack Bounty
(see below for details)
— Nomad (⤭⛓🏛) (@nomadxyz_) August 4, 2022
Since then, the amount returned to the project has steadily increased and reached $ 32 million at 12:00 AM on August 6, mainly consisting of USDT, USDC, WBTC, DAI and FRAX tokens. Notably, one address returned up to $9.4 million without a bug bounty. This is the largest individual refund since the attack.
Thank you to 0x56178a0d5F301bAf6CF3e1Cd53d9863437345Bf9 for returning the largest single recovery of $9.4m without taking a bounty to our recovery address!
We’ve recovered a total of $31.8m so far.https://t.co/McFXqyR21l
— Nomad (⤭⛓🏛) (@nomadxyz_) August 5, 2022
Similarly, Slope on the morning of August 6 also posted a notice to reward the hacker 10% of the amount if he agrees to refund the project. However, Slope only has 48 hours for hackers to consider options, after this deadline the project will pursue legal action to unmask the attacker.
Hackers – please see below for our bounty offer in return for the safe return of our users’ assets.
Wallet address: DyQ96GwjkHkGSzYEB4NaPk2NxsXyRTMNHKJQd3fziABf pic.twitter.com/pePeWfaB7m
— Slope (@slope_finance) August 5, 2022
Until 12:00 PM on August 6, 2022, Slope’s receiving wallet address is still empty, which means that the hacker has not returned the money.
However, another question is that if the hacker pays, how will Slope compensate users when the old addresses cannot be reused.
Maybe you are interested:
#Nomad #Slope #begged #hacker #pay #bug #bounty