In early August, the cross-chain token bridge Nomad was drained of nearly $200 million in an exploit. The cause of the exploit was clear, but not as many users know how the exploit was used for white hat purposes. Here’s what happened to Nomad Bridge and how RugDoc’s team successfully saved users’ funds.
What Happened to Nomad?
Nomad is a token bridge service. Essentially, they take users’ tokens and lock them in a smart contract. New tokens are then “wrapped” and issued out in return on another chain.
With Nomad’s exploit, the wrapped tokens were rendered worthless as exploiters were able to spoof transactions. You can read more about the exploit in the Twitter thread below:
What is a White Hat Hack?
A white hat hack is an ethical method of finding vulnerabilities in smart contracts. Hackers identify and may execute on the vulnerabilities, and may report these vulnerabilities or return the funds that were exploited.
In Nomad’s case, a bounty was called forth for hackers to return at least 90% of the exploited funds—and, if they did, the hack would be considered as a white hat hack, and legal action would not be pursued.
What did RugDoc Do?
RugDoc was able to get involved in the same white hat hack exploit Nomad bridge was affected by to rescue some tokens and return them to the affected teams. Among the funds returned was over 170 million IAGON tokens, which, at the time of writing, totals nearly $1 million.
https://twitter.com/IagonOfficial/status/1554260157001093122
If you’d like to look at the Nomad bridge wallet yourself, you can find it here.
The White Hacking Continues…
If you’re interested in white hacking yourself, we highly recommend going over HackenProof’s list of ongoing bug bounty programs. Familiarize yourself with the ins-and-outs of bug bounties, and even teach yourself some coding by watching this video: