Nomad and Slope “begged” the hacker to pay with bug bounty

 284 total views


2022-08-08 19:56:43

The two crypto projects that were attacked this week, Nomad and Slope, both pledged not to criminally prosecute the hacker if the money was returned.

Nomad and Slope “begged” the hacker to pay with bug bounty

As Cointelegraph reported, the cryptocurrency sector this past week recorded two serious security incidents, resulting in enormous losses.

First, on August 2, the Nomad cross-chain bridge was attacked by hackers because of a previously discovered vulnerability that was not completely fixed. Many people have discovered the way that the attacker used and copied it, leading to a bluff of “stink”. According to some estimates, the entire amount of about 175-190 million USD was withdrawn from Nomad in a few hours.

Just a day later, on August 3, the Solana network was frantic at the news that a series of wallets had been withdrawn for unknown reasons, causing extreme panic. After hours of struggling to determine the source, the vulnerability was discovered in the crypto wallet application Slope, which accidentally transmitted the user’s private key and seed phrase information to 3rd party servers. In total, approx. 8,000 crypto wallets on Solana that have interacted with Slope in the past are affected, the damage is in the range of 4-6 million USD.

Nomad then posted a wallet address and asked those who “spoiled” from this bridge to voluntarily return the money. By the evening of August 3, the project had received $ 9.1 million from white hat hackers.

However, because of the slow speed of refund, Nomad decided to give in and allow those who pay to keep 10% as a bug bounty and pledge not to prosecute criminally. .

Since then, the amount returned to the project has steadily increased and reached $ 32 million at 12:00 AM on August 6, mainly consisting of USDT, USDC, WBTC, DAI and FRAX tokens. Notably, one address returned up to $9.4 million without a bug bounty. This is the largest individual refund since the attack.

Surplus Nomad . withdrawal wallet address at 12:00 PM on August 6, 2022. Source: Etherscan

Similarly, Slope on the morning of August 6 also posted a notice to reward the hacker 10% of the amount if he agrees to refund the project. However, Slope only has 48 hours for hackers to consider options, after this deadline the project will pursue legal action to unmask the attacker.

Until 12:00 PM on August 6, 2022, Slope’s receiving wallet address is still empty, which means that the hacker has not returned the money.

However, another question is that if the hacker pays, how will Slope compensate users when the old addresses cannot be reused.

Synthetic CHK

Maybe you are interested:

Maybe you are interested:



#Nomad #Slope #begged #hacker #pay #bug #bounty

Related Posts

Leave a Reply

Your email address will not be published.

Close Bitnami banner
Bitnami