The Crypto Bridge Nomad was Robbed of About $200 Million in Exploits

Cross-chain token bridges’ security has been called into question again again by this vulnerability. Attackers hacked the Nomad cross-chain token bridge Monday, emptying the protocol of nearly all of its cash. It’s estimated that almost $200 million worth of cryptocurrencies was lost in the hacking attack.

Tokens can be sent and received between multiple blockchains using Nomad or another cross-chain bridge. The attack on Monday is the latest in a series of high-profile instances that have raised concerns about the safety of cross-chain bridges.

In a statement to CoinDesk, the Nomad team recognized the vulnerability. They added that “an investigation is currently underway and premier organizations for blockchain intelligence and forensics have been recruited.” “As soon as we became aware of the situation, we contacted law enforcement and began working around the clock to resolve it. We’re looking for the accounts that are holding the funds, so we can track them down and get them back.”

We are aware of the incident involving the Nomad token bridge. We are currently investigating and will provide updates when we have them.

— Nomad (⤭⛓🏛) (@nomadxyz_) August 1, 2022

What’s Going on?

On one chain, tokens are often locked in a smart contract before being released as “wrapped” new tokens on another chain.

A smart contract’s initial deposit of tokens can be corrupted, resulting in tokens that are encased in the contract being rendered useless.

According to a Paradigm analyst, a recent change to one of Nomad’s smart contracts has made it easier for users who want to counterfeit transactions to do so. As a result, money that did not belong to the user might be withdrawn from the Nomad bridge.

1/ Nomad just got drained for over $150M in one of the most chaotic hacks that Web3 has ever seen. How exactly did this happen, and what was the root cause? Allow me to take you behind the scenes 👇 pic.twitter.com/Y7Q3fZ7ezm

— @samczsun.com (@samczsun) August 1, 2022

The Nomad attack was a free-for-all, unlike some bridge attacks when a single offender is responsible for the entire vulnerability.

There was no need for you to be familiar with Merkle Trees or Solidity.” It was as simple as finding an existing transaction, locating the other person’s address, and then re-broadcasting it, as detailed by @samczsun.

 

Download App for Android

Download App for iOS

Is Nomad a More “Secure” Option?

In recent months, crypto users have shown an increased desire for shifting assets between multiple blockchains, leading to a rise in the frequency of bridge attacks.

Smaller chains that rely on cross-chain bridges for a considerable portion of their total liquidity are vulnerable to bridge failures, which can have a disastrous effect.

“Brainstorming community solutions” is what Evmos, one of the newer blockchains supported by Nomad, tweeted since it “seriously impacts original Evmos [total value locked].”

During April’s Ronin bridge attack, nearly $600 million worth of cryptocurrency was drained from the bridge that runs Axie Infinity, a blockchain-based game.

Over $300 million had just been stolen from the Wormhole bridge a few months prior, causing turmoil throughout the Solana blockchain network and the broader decentralized banking industry.

Investors were sold on the idea that Nomad would be a more secure platform overall.
Coinbase Ventures and OpenSea were among the investors who participated in the business’s April seed round, which valued the company at $225 million, just last week.