Cryptocurrency firm Nomad offers 10% bounty to hackers who stole $190 million

Photo (c) dem10 - Getty Images

The company says the cyberthieves have a limited time to take its offer

Hackers recently stole $190 million from cryptocurrency cross-chain token platform Nomad, and now the company says it will pay a bounty to the thieves if they return those assets. 

Nomad says it will pay the hackers an amount that is worth up to 10% of the stolen funds and call off its lawyers after the money is returned to an official "recovery wallet." It will also consider the cyberthieves to be ethical -- or "white hat" -- hackers.

The initial theft happened earlier this week when Nomad’s routing systems were being upgraded, which allowed attackers to spoof messages and copy and paste transactions. Nomad’s bridge was zapped quickly in what one researcher called a ““frenzied free-for-all.”

​​The exploit is the seventh major incident to target a bridge in 2022, and it is the eighth largest cryptocurrency theft of all time, according to blockchain analysis firm Elliptic. Added together, over a dozen unique hacks have occurred in 2022, with more than $2 billion stolen from cross-chain bridges like Nomad.

Nomad’s willingness to work with the intruders

Elliptic said there were 40 hackers involved in the Nomad incident, and the company appears to want to make the return of its money as much of a win-win as possible.

For anyone to qualify for the bounty, the only caveats Nomad has is that the hackers have to return at least 90% of the total funds they hacked, use Ethereum as the currency, use Anchorage Digital (a nationally regulated custodian bank), and do it in a “timely” fashion. The company didn’t give a specific number of days or weeks as a deadline, but it said it will continue to work with its online community, blockchain analysis firms, and law enforcement to guarantee that all funds are returned.

“Given the unprecedented number of decentralized parties involved, coordinating amongst everyone was a complex process,” said the company. “We wanted to make sure we put the bounty out in the right way, so we took some additional time to make sure we considered the complexities due to the nature of the hack.”

In a tweet, Nomad said a few white hats have already responded by returning nearly $16.6 million to the crypto bridge as of early Friday afternoon.

Take an Identity Theft Quiz. Get matched with an Authorized Partner.