88% of the addresses involved in the hack of the Nomad cryptocurrency project may belong to amateur hackers

According to a new report by Coinbase, almost 90% of the addresses involved in last week’s $ 186 million Nomad Bridge hack were identified as «follower» addresses. On August 1 alone, tokens totaling $ 88 million were stolen.

A Coinbase blog post on August 10 confirmed what many had realized during the August 1 hack: as soon as the first hackers were able to extract funds, hundreds of «copycats» joined the process.

According to security researchers, the method of cryptocurrency theft by most of the «followers» was a variation of the original exploit, which exploited a loophole in the Nomad smart contract, allowing users to pull funds from a bridge that did not belong to them.

Although the first two hackers were the most successful in terms of the total amount of funds withdrawn, once the hacking method became obvious to imitators, all participants began to compete to get as much money as possible.
Coinbase analysts noted that the hackers first targeted the wrapped bitcoin (wBTC) Bridge, then the USDC and wETH coin.

As of August 9, approximately 49% of the funds used were transferred to other locations from each of the recipients' addresses.

The Nomad Bridge hack was the fourth largest DeFi hack of 2022 and the third largest after the $ 250 million Wormhole Bridge hack in February and the $ 620 million Ronin Bridge hack in March.