TL;DR: On August 1st, 2022, the Nomad bridge was exploited and over $190M in various assets were withdrawn to the Ethereum network. These assets included 113.55M (11.3%) of the total Covalent Network ($CQT) supply on the Ethereum network contributed from 255 unique wallet addresses.
The Covalent Network is actively monitoring the aftermath of this hack and working with Nomad to formulate a recovery plan. This post highlights our response, the recovery efforts, and the actionable roadmap ahead.
8-1-2022 incident update pic.twitter.com/EX8r4Ybvre— Nomad (⤭⛓🏛) (@nomadxyz_) August 2, 2022 <script async src="https://platform.twitter.com/widgets.js" charset="utf-8"></script>
Recovery Efforts
The immediate priority following the hack was collaborating with Nomad to establish a recovery plan.
The established plan includes:
- A bounty of 10% to white hat hackers returning funds
- Nomad to not pursue legal action against white hat hackers
- Nomad to direct returned funds to Nomad recovery wallet address: 0x94a84433101a10aeda762968f6995c574d1bf154
- Covalent to support with data and analytics
Details related to the bounty, white hat hackers, and related FAQs can be found on Nomad’s blog.
During the hack, CQT was withdrawn into 113 wallets. The recovery process is ongoing, and at the time of writing we can see 41 wallet addresses have returned a total of $32.6M to the Nomad recovery wallet so far. Of all the assets returned, the total number of CQT returned is 37.04M.
Hack Analysis by Covalent Research Team
Our research team collaborated to better understand what is happening with the stolen funds. The team's efforts focused on two priorities:
Tracking stolen CQT funds
Leveraging available data to uncover patterns that will aid recovery
We have visibility on the CQT that was drained from the funds, where it was moved to, and what it was converted into.
Many hackers behaved in a similar manner following the incident, and helping pinpoint those behaviors will allow us to understand who has current custody of funds and aid in the overall recovery effort.
- Out of the 113 hackers identified, 31 have returned their entire CQT, 13 have returned at-least 90%, and 5 have returned less than 90%
- A total of 43,098,040 CQT is currently held in the hacker accounts
- 47 have sold/exchanged all of the CQT on some type of DEX (although some who exchanged their CQT are now buying it back to take advantage of the bounty)
- We are at 32.84% of stolen CQT recovered (36.05M)
The Plan Ahead
- Covalent Network continues to operate staking on Moonbeam, including paying out rewards of CQT (mad-CQT on Moonbeam) to Operators for running Network infrastructure;
- Though additional CQT cannot currently be bridged between Ethereum and Moonbeam, Covalent Network Treasury previously bridged across sufficient CQT to cover rewards for over 2 months of staking;
- Covalent will pause Network parameter updates temporarily, specifically increasing or decreasing max stake per Operator, or the staking multiple - which determines the amount of permitted delegated staking; we will pause onboarding new Operators temporarily;
- Covalent will revisit the staking mechanics once Nomad announces its plan to restart the bridge (including sufficient technical details);
- The current working assumption is that the Nomad bridge will be restarted, and we are working with Nomad to get a timeframe on this. The new smart contracts will have to be audited and the bridge will have to be **tested, which will **likely take 1 - 3 months. A confirmed timeframe will be announced in the coming days;
- Covalent’s focus is on recovery and assisting Nomad with this effort. Answers to important questions of 1) the amount of funds returned to victims and 2) when the funds will be returned will depend on recovery progress. Nomad, Covalent, and other affected ecosystems are exploring options for making victims whole. The initial return of funds likely will take place when the bridge restarts;
- Covalent Network is evaluating the best way to involve governance processes in material decisions related to the redistribution of CQT, to the extent that Nomad does not control the process, and/or restitution efforts by the Network; This process may require the exclusion of some CQT (e.g. in black hat wallets) from snapshot voting, if that is the mechanism ultimately used;
- Covalent will conduct independent testing and review Nomad’s restarted bridge before we conclude whether to continue using it. We are also evaluating alternative bridging solutions, should they be required. Our goal is to shorten the time it takes to bridge CQT between Ethereum and Moonbeam, where our Network staking rewards are currently settled, and ensure users can safely move CQT;
- There are currently no changes to the network and API roadmap - we will continue shipping according to the previously designed plan.
We acknowledge that there are unanswered questions regarding the plan ahead. We are happy to answer questions from the community to the extent possible, but will only share confirmed aspects of the plan to avoid confusion.
We are grateful to the white hat hackers who have sent the funds back to the Nomad recovery address, and we encourage those who have not yet returned the funds to do so. Please note that the 10% bounty for white hat hackers is time sensitive and not indefinite.
Over and above, we are appreciative of the support and encouragement we have received from our partners and the community during this time.
The Covalent team remains committed to updating the community transparently and will do everything in our purview to expedite the recovery process.