After a devastating hacking attack this week, crypto company Nomad said it’s offering hackers a bounty of up to 10% to retrieve user funds worth nearly $200 million.
Nomad pleaded with the thieves to return any funds to its crypto wallet. In a statement late Thursday, the company said it has so far redeemed more than $20 million.
The bounty is for those who come forward now, and for those who have already returned funds,
Nomad promises not to take legal action against those hackers who return 90% of the assets they took, as it will consider these individuals to be “white hat” hackers, or "ethical hackers" who cooperate with organizations to alert them to issues in their software.
A vulnerability in Nomad’s code allowed hackers to make off with around $190 million worth of tokens. Users were able to enter any value into the system and then withdraw the funds, even if there weren’t enough assets available on deposit.
However, the nature of the bug meant users didn’t need any programming skills to exploit it. Once the information of the bug became public, others caught on and piled in and carried out the same attack.
Nomad said it is working with blockchain analysis firm TRM Labs and law enforcement to trace the stolen funds and identify the perpetrators behind the attack.