You are currently viewing The wallet connected to the hack of Nomad Bridge: an explosive vulnerability

Recently, a wallet connected to the hack of Nomad Bridge transferred 36 million dollars of ether to Tornado Cash, fueled three days before the transfers. What is happening? Let’s see all the details in this article. 

Hack: Nomad Bridge transfers $36 million in ether to a wallet at Tornado Cash

As anticipated, a wallet connected to the $200 million attack on the cross-chain bridge Nomad in 2022 has recently moved 14,500 ether (ETH), equivalent to $35.5 million at the current value, to the mixing service Tornado Cash. 

Reporting it is PeckShield, a company specialized in blockchain security.

According to data from Arkham Intelligence, the wallet was recharged last Monday with 39.75 million dollars in stablecoin dai (DAI), coming from an address identified as “Nomad Bridge Exploiter”. 

These DAI were subsequently converted into ETH using the CoW trading protocol, in tranches of 2 million dollars each.

Thursday, a series of transactions saw the transfer of ETH to Tornado Cash, a well-known tool for transaction obfuscation.

Tornado Cash allows the anonymization of cryptocurrency movements by fragmenting transactions across different wallets over time. This service was sanctioned in 2022 by the Office of Foreign Assets Control (OFAC) of the United States Treasury.

The Nomad bridge was compromised in 2022, with cybercriminals managing to falsify transactions, convincing the system to allow unauthorized asset withdrawals. 

This event highlighted how bridges, which allow the transfer of assets between different blockchains, have become a prime target for hackers, especially due to the use of emerging technologies. 

The same year, the Ronin bridge experienced an even larger exploit, with a theft of $625 million.

Fight for Security: the Challenges for Nomad Bridge

The primary objective of Nomad has been from the outset to recover the stolen assets and strengthen its security protocols. However, this recent development underscores the persistent difficulties in this area. 

The transaction highlights the existing vulnerabilities and the flaws in the security measures adopted by many companies in the digital asset sector.

According to a report by CertiK, the recent transfer of funds to a new address suggests that the hacker is trying to erase traces and prepare for the laundering of the funds. 

The blockchain experts continue to emphasize the importance of more rigorous security practices and constant monitoring of suspicious activities. 

The transfer and conversion of such large sums demonstrate that the malicious actors are well aware of the complexities of the cryptographic world. 

Therefore, it is crucial that bridge protocols like Nomad not only improve their audits, but also adopt even more stringent security measures.

The USA sanctions on Tornado Cash

As mentioned, the United States Department of the Treasury has imposed a ban on all American citizens from using Tornado Cash. 

The Office of Foreign Assets Control (OFAC), the agency responsible for preventing sanctions violations, has added Tornado Cash to its list of Specially Designated Nationals

That is, an updated list of people, entities, and criptovaluta addresses subject to sanctions. Consequently, all US persons and entities cannot interact with Tornado Cash or with the Ethereum wallet addresses associated with the protocol, under penalty of criminal sanctions.

According to the Treasury, Tornado Cash was a crucial element for the Lazarus Group. That is, a North Korean hacker group involved in the 625 million dollar attack on the Ronin network of Axie Infinity.

The analysis of the blockchain revealed that tens of millions of dollars in cryptocurrencies stolen from Ronin were transferred through Tornado Cash, designed to hide the origin of the funds. 

Previously, the OFAC had already sanctioned Blender.io, another mixing service. This was accused of being used to launder the proceeds of ransomware attacks and about 20.5 million dollars in cryptocurrencies stolen from Ronin.