Saturday, October 8, 2022

Nomad Bridge Exploited for $190 million by Hundreds of Addresses

Nomad token bridge is the latest victim of exploitation that saw many addresses drain almost all of the network’s funds. A group of thieves and white hat hackers made away with almost $190 million in digital assets from the bridge.

The attack was first announced on Twitter by a crypto researcher with the handle samczsun. It was later confirmed by Nomad in a separate tweet earlier.

Although there are no post-mortem results about the attack yet, the bridge acknowledged the attack. It also said investigations are underway as it has contracted leading blockchain and forensics firms. It has also informed law enforcement.

How the exploit happened

The Nomad exploit is different from other exploits as it was just a simple copy/paste exercise. It required no technical expertise, unlike other exploits where in-depth knowledge of programming were needed.

According to the reporter, the exploit was possible due to an error in the Bridge’s replica contract. An error during a routine upgrade allowed every message to be approved by default. 

Essentially, this flaw approved small deposits in exchange for large withdrawals.

The first attack happened at 9:32 pm UTC. Not long after, several users replicated the first transaction and changed the address, draining hundreds of millions from the bridge.

All might not be lost for the bridge as some of the funds are in the possession of whitehat hackers. 

The white hacker joined in the free for all looting party to preserve some of the funds from the thieves. Many of the white hackers have come forward and promised to return the funds in their possession after the team gets in touch.

Nomad, a cross-chain bridge, allows users to easily transfer cryptocurrency tokens from one blockchain to another. It also lets users bridge assets securely with the mindset that anyone watching can detect fraud as well as protect the system.

Other exploits in the cryptosphere

While the Nomad exploit is unique in a way, other major attacks have been recorded this year.

Earlier in the year, Singapore-based digital currency trading platform, Crypto.com also suffered a hack. About 483 of its customers were affected, and as much as $34.5 million was also lost.

In May, the popular Play-to-Earn Non-fungible Token (NFTs) game Axie Infinity also experienced an attack on its Discord Server. The Ronin Network in March also lost a total of $625 million to hackers. The hack was recorded as the largest Decentralized Finance (Defi) hack ever.

Joyce Onose
A Blockchain enthusiast and growing writer in the space with an understanding of the importance in creating quality content for readers in the industry. Also, keen on using her skills in improving Blockchain journalism.

Related Articles

Stay Connected

0FansLike
0FollowersFollow
2,038FollowersFollow

Latest Articles

%d bloggers like this: