Cyber thieves took advantage of the crash in the cryptocurrency market on Monday to purchase a significant amount of Ethereum (ETH), likely aiming to maximize their gains from the stolen funds.
The Nomad Hacker’s Ethereum Purchase and Recent Developments
On August 5, hackers behind the Nomad bridge exploit used 39.75 million stolen Dai (DAI) tokens to acquire 16,892 (ETH), as reported by blockchain analytics firm Lookonchain.
This strategic move by the hackers coincided with a sharp decline in Ether’s value, which plummeted over 20% within 12 hours, dropping from approximately $2,760 to $2,172.
Shortly after acquiring the Ether, the hackers began transferring the assets to the crypto mixer Tornado Cash.
As reported by PeckShield, the Nomad exploiter initially transferred a small amount (17.75 Ether) to an intermediary address, followed by a larger transfer of approximately 2,400 Ether, valued at around $7 million, to Tornado Cash for further obfuscation.
#PeckShieldAlert #NomadBridge Exploiter-labeled address has transferred 39.75M $DAI & 17.75 $ETH to an intermediary address 0x663a…f448
The $DAI was swapped for 16.89K $ETH, & 2.4K $ETH (worth ~ $7M) was transferred to #Tornadocash. pic.twitter.com/cPFOpE9tSF— PeckShieldAlert (@PeckShieldAlert) August 5, 2024
Recall that the original Nomad bridge hack occurred on August 2, 2022, resulting in the theft of around $200 million as it became one of the most notable blockchain bridging hacks.
Paradigm researcher Sam CZ Sun explained that the breach was due to a flaw in the bridge’s smart contract, allowing hackers to systematically drain the bridge’s funds across multiple transactions.
1/ Nomad just got drained for over $150M in one of the most chaotic hacks that Web3 has ever seen. How exactly did this happen, and what was the root cause? Allow me to take you behind the scenes 👇 pic.twitter.com/Y7Q3fZ7ezm
— samczsun (@samczsun) August 1, 2022
The use of crypto-mixing services like Tornado Cash presents significant challenges for law enforcement and regulatory bodies in their efforts to combat money laundering and other cryptocurrency-related crimes.
While these services offer privacy to legitimate users, they have become a double-edged sword, frequently utilized by hackers to launder stolen funds. The difficulty in tracking mixed funds hampers efforts to recover stolen assets and hold perpetrators accountable.
In a similar incident, funds connected to the 2021 Pancake Bunny hack were also used to purchase Ether during the market drawdown.
#PeckShieldAlert Our community contributor has detected that the #PancakeBunny exploiter-labeled address aped into $ETH when the market dropped.
The exploiter swapped 7.8M $DAI for 2.922K $ETH.
On May 19, 2021, PancakeBunny’s Bunny Protocol fell victim to a flash loan attack,… pic.twitter.com/wACNvYk0Rn— PeckShieldAlert (@PeckShieldAlert) August 5, 2024
Recall that the Pancake Bunny hacker also recently used Tornado Cash to siphon $2.9 million worth of Ether. The Pancake Bunny protocol, a decentralized finance platform on the BNB Smart Chain, had previously fallen victim to a flash loan attack.
In this instance, 3.6 million DAI connected to the Pancake Bunny exploit was mistakenly sent to a DAI stablecoin address, emphasizing the potential for errors when handling stolen or misdirected funds in cryptocurrency transactions.