At this point I am sure many of you have heard of the nomad bridge exploit. Unlike previous exploits, this wasnt a flashloan or even carried out by a single group of attackers. After an initial attacker struck, hundreds of separate accounts figured out the trick and copy pasted their way into grabbing stolen funds. The bridge went from having $190,740,000 to $1,000 in a matter of hours.
A perplexing aspect of this vulnerability was that all users had to do to hack bridge funds was copy the original hacker's transaction calldata, replace the original address with a personal one, and the tx would succeed! Easy as CTRL-C, CTRL-V!
However, not all of the thieves were bad. Some of them exploited the contract so other wouldnt be able to and planned to return the money back to nomad. For example, leadingscientist.eth
So all in all it was a messed up exploit but there were some nice people who plan to return the money. Faith in humanity restored maybe?
Credit:
https://twitter.com/0xfoobar/status/1554234268884389888
- 0xfoobar