Nomad bridge gets exploited, leads to crypto frenzy, and $190 million loss
To improve your local-language experience, sometimes we employ an auto-translation plugin. Please note auto-translation may not be accurate, so read original article for precise information.
Another cryptocurrency-related attack just shook the DeFi world: The Nomad bridge is the latest crypto project to get hacked, with almost all of the funds emptied—a $190.7 million loss.
The first illegal transaction happened at 11:30 p.m. CET, with 100 wrapped Bitcoin worth $2.3 million suddenly removed from Nomad. Two hours later, Nomad confirmed via Twitter that hackers had exploited the bridge. Apart from wrapped Bitcoin, other stolen assets included wrapped Ether (wETH), USDC, and DAI.
The strange aspect of this exploit is that during the attack, hundreds of wallets were receiving funds from the bridge in amounts of over one million USDC systematically. According to sources, some of the users were ‘whitehats,’ As soon as they discovered the attack, they took out funds to rescue and returned them once the situation stabilized. However, users who took the funds after the system was breached could likely keep the stolen assets.
Nomad is a cross-chain bridge protocol that enables users to transfer tokens between blockchains that aren’t compatible. For example, the company allows transfers between ETH, AVAX, EVMOS, and GLMR.
Bridges lock up tokens in smart contracts and ‘wrap’ them on other chains. If these smart contracts with the original tokens get hacked, they leave the wrapped tokens with no backing, meaning no value or worth. This is what happened with Nomad.
The exploit comes at a rather unlucky time for Nomad. Last week, the company revealed it participated in a seed fund with the following investors: Coinbase Ventures, OpenSea, Polygon, Crypto.com, Wintermute, and Gnosis. As a result, the company reached a valuation of $225 million.
DeFi protocols, especially bridges, hold large sums of liquidity, making them an ideal target for hackers. For example, in March, the Ronin Network, in charge of powering the P2E game Axie Infinity, suffered a security breach. A hacker drained 173,600 ETH and 25.5 million USDC from the Ronin bridge. In June, Harmony’s horizon bridge was hacked for over $100 million.
“The first reason for the blockchain bridges vulnerability is the huge number of developers and other staff of these projects. And the shortage of skilled human resources, in turn, leads to the recruitment of underqualified programmers.
“The second reason, which outflows from the first one, is the insider’s problem – not even about hacking but bribing the person who leaks the information. It’s not always about handing over passwords to someone. It is often about common code bugs, even if the project has effective cybersecurity policies.
“Thirdly, there is no overall practice of the blockchain bridges certification. In case of overall adoption, it would solve the problem of revealing bugs in code. Passing the certification in stable jurisdictions can imply obligations to insurance losses, which would provide the losses coverage painless.”
Read related posts:
In line with the Trust Project guidelines, please note that the information provided on this page is not intended to be and should not be interpreted as legal, tax, investment, financial, or any other form of advice. It is important to only invest what you can afford to lose and to seek independent financial advice if you have any doubts. For further information, we suggest referring to the terms and conditions as well as the help and support pages provided by the issuer or advertiser. MetaversePost is committed to accurate, unbiased reporting, but market conditions are subject to change without notice.