Nomad bridge gets exploited, leads to crypto frenzy, and $190 million loss


The Trust Project is a worldwide group of news organizations working to establish transparency standards.

Another cryptocurrency-related attack just shook the DeFi world: The Nomad bridge is the latest crypto project to get hacked, with almost all of the funds emptied—a $190.7 million loss. 

The first illegal transaction happened at 11:30 p.m. CET, with 100 wrapped Bitcoin worth $2.3 million suddenly removed from Nomad. Two hours later, Nomad confirmed via Twitter that hackers had exploited the bridge. Apart from wrapped Bitcoin, other stolen assets included wrapped Ether (wETH), USDC, and DAI.  

The strange aspect of this exploit is that during the attack, hundreds of wallets were receiving funds from the bridge in amounts of over one million USDC systematically. According to sources, some of the users were ‘whitehats,’ As soon as they discovered the attack, they took out funds to rescue and returned them once the situation stabilized. However, users who took the funds after the system was breached could likely keep the stolen assets.

Nomad is a cross-chain bridge protocol that enables users to transfer tokens between blockchains that aren’t compatible. For example, the company allows transfers between ETH, AVAX, EVMOS, and GLMR. 

Bridges lock up tokens in smart contracts and ‘wrap’ them on other chains. If these smart contracts with the original tokens get hacked, they leave the wrapped tokens with no backing, meaning no value or worth. This is what happened with Nomad. 

The exploit comes at a rather unlucky time for Nomad. Last week, the company revealed it participated in a seed fund with the following investors: Coinbase Ventures, OpenSea, Polygon, Crypto.com, Wintermute, and Gnosis. As a result, the company reached a valuation of $225 million. 

DeFi protocols, especially bridges, hold large sums of liquidity, making them an ideal target for hackers. For example, in March, the Ronin Network, in charge of powering the P2E game Axie Infinity, suffered a security breach. A hacker drained 173,600 ETH and 25.5 million USDC from the Ronin bridge. In June, Harmony’s horizon bridge was hacked for over $100 million. 

Dr. Dimitry Mihaylov, Chief Scientific Officer of Farcana, explained to Metaverse Post what leads to breaches in crypto bridges:

“The first reason for the blockchain bridges vulnerability is the huge number of developers and other staff of these projects. And the shortage of skilled human resources, in turn, leads to the recruitment of underqualified programmers. 

“The second reason, which outflows from the first one, is the insider’s problem – not even about hacking but bribing the person who leaks the information. It’s not always about handing over passwords to someone. It is often about common code bugs, even if the project has effective cybersecurity policies.

“Thirdly, there is no overall practice of the blockchain bridges certification. In case of overall adoption, it would solve the problem of revealing bugs in code. Passing the certification in stable jurisdictions can imply obligations to insurance losses, which would provide the losses coverage painless.”

Read related posts:

Disclaimer

Any data, text, or other content on this page is provided as general market information and not as investment advice. Past performance is not necessarily an indicator of future results.

Agne Cimermanaite

Agne is a journalist and writer with a background in literature, culture, and arts. She entered the Web3 space in 2021 and began writing about cryptocurrency and NFTs. Agne is passionate about technology and storytelling and is always on the lookout for exciting stories.

Follow Author

More Articles