The Road to Recovery

Where we are today

On August 1st, the Nomad token bridge was hacked for more than $186M. Though the Nomad bridge hack is not the largest bridge hack to-date, the sheer number of hackers–over 300 unique addresses participated in the exploit–makes it unprecedented in scale.

In the days and weeks since, the Nomad team has worked tirelessly to handle this difficult situation. We’ve published an official root cause analysis and open-sourced the data set of addresses and transactions involved in the exploit. We’ve partnered with TRM Labs to assist in the investigation and support law enforcement in tracing the funds and identifying the hackers.

We’ve also set up a recovery wallet for white hat hackers to return funds, and announced a Bridge Hack Bounty to further incentivize hackers to return funds. About 20% of funds (over $37M) has been recovered to-date, a testament to the number of white hats who have come forward to do the right thing.

We expect this progress to continue as additional white hats come forward to return funds and claim bounties over the coming weeks and months. TRM Labs and other partners will also continue to identify wallet holders connected to the exploit who have not yet come forward, enabling law enforcement to take action against those who don’t do the right thing and return funds.

That said, we also understand that some users and community members have expressed a desire to unbridge on a short time horizon, so the Nomad team has concurrently been working on a more expedient path forward.

What’s been done before

Unfortunately, the Nomad bridge hack is not the first bridge hack. We are able to look at what’s been done in response to previous hacks in order to make an informed decision about the best course of action. Thus far, there have been 5 major public bridge hacks not including the Nomad bridge incident. The reported facts of each incident are summarized in the table below:

A summary of bridge hacks to-date (references listed below).

The Poly Network and Wormhole both saw funds restored quickly, according to the available reporting. With Poly Network, the sole white hat hacker returned the full sum of $610M within two weeks. With Wormhole, Jump Crypto backstopped the $320M the next day. In both cases, the bridge was resumed with full collateral in short order.

Since the Ronin Bridge hack, details about the amount of funds recovered have not been publicly shared (it has been reported that progress has been made, via statements from exchanges). The bridge was restarted after three months and assets were re-pegged via funds from an additional round of fund-raising for Sky Mavis and a loan from Axie DAO with a two-year payback timeline.

About a month after the Horizon bridge hack, Harmony released a proposed plan to reimburse the $100M hack via issuing more ONE tokens, but this proposal was rejected by the community. According to an update, Harmony is currently working on a revamped proposal, though no updated proposal has been released yet.

The Qubit QBridge was reportedly hacked for $80M, but after failed attempts to get the hacker(s) to return funds, the company had to downsize and reorganize its structure.

While all of these hacks had some of their own unique qualities, some general observations are:

1. Each of these hacks reportedly had a single hacker.
2. If funds were recovered, they were redistributed through the bridge after a reboot.
3. Rebooting bridges after a hack typically took months to complete.
4. Extraordinary measures (such as raising funds or being backstopped) were required to re-collateralize the bridge so it could be restarted (though it was not always possible).

What we need to consider

While we can apply relevant lessons learned from prior bridge hacks where possible, there are also a few things about the Nomad bridge hack that are unique and inform the roadmap for moving forward.

1. Hacker communications — Many hackers participated in the Nomad Bridge hack. The unique nature of the hack presents a distinct set of challenges not present in previous bridge hacks. The primary challenges with so many hackers have been outreach and the operational overhead associated with unwinding complex transactions. Additionally, since the bounty program was announced after we shared the recovery address, some white hats followed up to ask for a 10% bounty. We are honoring those requests.
2. Time horizons — Despite our optimism that funds recovery work will continue to progress over the next 3–6 months, there are concerns with waiting this long and we want to find a more expedient solution that allows users to unbridge regardless of how much of the funds have been recovered.
3. Post-hack slippage and asset composition — As the hack was happening, many of the hackers immediately swapped the exploited funds via liquidity pools on DEXs. In some cases, this led to funds being irrecoverably lost due to high slippage swaps, limiting the total amount of recoverable funds; in other cases it led to white hats returning different tokens than what they took, creating an accounting challenge for returning and distributing recovered funds.
4. Valid transactions post-hack — Due to the optimistic mechanism of the Nomad bridge, there are several in-flight transactions that are in a pending state. These are valid transactions and need to be considered in any solution. Furthermore, although the Nomad token bridge has been shut down, Nomad bridged assets are not frozen on Moonbeam, Evmos, Avalanche, and Milkomeda, and have since been market traded. This fluidity makes it difficult to take a snapshot of addresses and distribute recovered funds directly from the funds recovery account. The only way to account for who currently holds a Nomad bridged asset is by utilizing the existing bridge contracts.

Looking forward: The Road to Recovery

Given these considerations and complexities, and the desire from the community for a faster solution, the Nomad team is designing a reboot of the token bridge to distribute recovered funds–regardless of the amount recovered–and allow users to “unbridge” in a fair and orderly way.

With this in mind, we are confident that the road to recovery needs to be achieved in three phases: funds recovery, bridge upgrades and bridge restart/recovered funds distribution.

Phase 1: Funds Recovery (Status: Ongoing, ETA: Over the coming months)

• Create secure recovery wallet to receive recovered funds (Complete)
• Announce bounty for hacked funds (Complete)
• Work with blockchain forensics firms to identify and trace all hackers and aid in funds recovery (Ongoing)
• Cooperate with law enforcement to aid in funds recovery (Ongoing)

Phase 2: Bridge Upgrades (Status: In Design, ETA: Mid-Late September)

• Design mechanism to ensure fair distribution of recovered funds (Ongoing)
• Implement fund distribution mechanism into bridge (Not started)
• Complete a new protocol audit including an audit of any mechanism for distribution of recovered funds (Not started)

Phase 3: Bridge Restart and Recovered Funds Distribution (Status: Not started, ETA: Pending Phase 2)

• Relaunch Nomad Bridge (Not started)
• Enable users to “unbridge” locked funds (Not started)

We are optimistic that we will be able to complete the three phases as outlined above, and will continue to do everything we can to maximize funds recovery and move forward together.

This has been an unprecedented event not only for the Nomad community, but crypto as a whole. Through this incident and recovery process, we are hopeful that Nomad will grow stronger, and that we can contribute our learnings back to the industry. We sincerely thank all of our friends and partners who have supported us through this difficult time.

References (for table graphic above)

1. https://www.coindesk.com/business/2022/06/28/axie-infinity-restarts-ronin-bridge-months-after-625m-exploit/
2. https://twitter.com/AxieInfinity/status/1541764201735241735
3. https://www.coindesk.com/business/2022/06/28/axie-infinity-restarts-ronin-bridge-months-after-625m-exploit/
4. https://cointelegraph.com/news/axie-infinity-creator-raises-150m-led-by-binance-to-reimburse-stolen-funds
5. https://cointelegraph.com/news/the-aftermath-of-axie-infinity-s-650m-ronin-bridge-hack
6. https://peckshield.medium.com/polynetwork-bug-review-and-patch-analysis-88bde8441297
7. https://medium.com/immunefi/poly-network-joins-immunefi-with-100-000-bug-bounty-after-hack-d349e1192853
8. https://medium.com/poly-network/honour-exploit-and-code-how-we-lost-610m-dollar-and-got-it-back-c4a7d0606267
9. https://medium.com/poly-network/poly-network-asset-recovery-complete-a7ba33c2f2e4
10. https://cointelegraph.com/news/poly-network-hacker-returns-nearly-all-funds-refuses-500k-white-hat-bounty
11. https://twitter.com/wormholecrypto/status/1489233259808571401
12. https://immunefi.com/bounty/wormhole/
13. https://twitter.com/wormholecrypto/status/1489232008521859079
14. https://cointelegraph.com/news/jump-crypto-replenishes-funds-from-320m-wormhole-hack-in-largest-ever-defi-bailout
15. https://medium.com/harmony-one/harmonys-horizon-bridge-hack-1e8d283b6d66
16. https://talk.harmony.one/t/reimbursement-proposal-horizon-incident/20665
17. https://medium.com/@QubitFin/qubit-markets-reopening-d1d25f4fbfc4
18. https://medium.com/@QubitFin/our-compensation-plan-1-63e7c64738ed
19. https://medium.com/@QubitFin/qubit-markets-reopening-d1d25f4fbfc4
20. https://medium.com/@QubitFin/our-compensation-plan-1-63e7c64738ed