Nomad hacker buys the dip, scooping up $40M of ETH two years later

Against the backdrop of a crypto market in freefall, ETH has found itself an unlikely bidder to the tune of $40 million.

Crypto positions worth well over a billion dollars have been liquidated in the last 24 hours, per Coinglass’ dashboard, though some suspect the true figure could be much higher.

However, one enterprising hacker saw an opportunity in the bloodbath, scooping up ETH shortly before the token bottomed out at around $2,200, according to data from CoinMarketCap.

Hackers bought $ETH at the bottom after the market dropped!

The #Nomad Bridge Exploiter spent 39.75M $DAI to buy 16,892 $ETH an hour ago and is depositing $ETH to https://t.co/11PfRBP2j2.https://t.co/8pwhTFSnLw

Crypto bridge #Nomad was exploited for ~$200M on Aug 2, 2022.… pic.twitter.com/9id6bxBR14

— Lookonchain (@lookonchain) August 5, 2024

Read more: Cross-blockchain bridges keep breaking as crypto startup Nomad hacked for $190M

Blockchain monitor Lookonchain noted on X (formerly Twitter) that the Nomad Bridge exploiter had spent 39.75 million of Maker’s DAI stablecoin for 16,892 ETH, an average execution price of approximately $2,350 per ETH.

The proceeds were then sent on to sanctioned crypto mixing service Tornado Cash in order to obscure their onward trail.

Nomad Bridge free-for-all

Just over two years have passed since the Nomad Bridge was drained in a free-for-all that saw copycats and white hats alike duplicating the original exploiter’s actions.

A routine upgrade to the bridge’s smart contracts introduced a bug that treated all ‘process’ calls as valid, bypassing any proof that withdrawals were being requested by genuine depositors.

Losses eventually reached a total of $150 million, with the top three addresses grabbing over $95 million between them, according to crypto security firm Peckshield’s analysis.

Easy come, easy go

The Nomad hacker wasn’t the only shady figure making moves amongst the chaos, however.

Rather less successfully, another hacker attempted to make use of their loot from 2021’s $45 million exploit of Binance Smart Chain-based yield farm Pancake Bunny.

The hacker was labelled ‘On-chain clown of the day’ by blockchain sleuth ZachXBT who noted a costly error in sending $3.6 million worth of DAI directly to the token’s contract address, from which it is unrecoverable.

Got a tip? Send us an email or ProtonMail. For more informed news, follow us on X, Instagram, Bluesky, and Google News, or subscribe to our YouTube channel.