Another bridge exploit has rocked the crypto community as Nomad lost almost $200 million on Tuesday.
On August 2, cross-chain bridging platform Nomad alerted users of an ongoing exploit. In the hours that followed, more than $190 million was drained from the protocol.
Nomad is a Layer 2 cross-chain token bridge for transfers between Ethereum, Avalanche, Milkomeda, and Moonbeam.
Security firm PeckShield reported that “an investigation is ongoing and leading firms for blockchain intelligence and forensics have been retained.”
#PeckShieldAlert PeckShield has detected ~41 addresses grabbed ~$152M (~80%) in the @nomadxyz_ bridge exploit, including ~7 MEV Bots (~$7.1M), @RariCapital Arbitrum exploiter (~$3.4M), and 6 White Hat (~$8.2M).
~10% of these addresses with ENS names getting $6.1M pic.twitter.com/UUjk7ZiiKE— PeckShieldAlert (@PeckShieldAlert) August 2, 2022
How Did It Happen?
White hat hacker and crypto programmer “samczsun” broke down the attack, commenting that it was “one of the most chaotic hacks that Web3 has ever seen.”
PeckShield reported that 41 addresses grabbed around $152 million in the exploit. However, DeFiLlama revealed that the entire TVL of $190 million was drained. In addition to individuals, MEV bots and flashbots were among the attackers.
Samczsun said that the transactions were parsed without being proved first. Once one was successful, “attackers abused this to copy/paste transactions,” rapidly draining funds in a “frenzied free-for-all.”
He said that the attack was chaotic because the exploiters did not need to have any technical knowledge. They just found a transaction that worked, replaced the target address with their own, and rebroadcasted.
The exploit was due to a vulnerability in one of Nomad’s smart contracts following a routine upgrade, he added.
On August 3, Nomad posted that it was working with blockchain intelligence firm TRM Labs. It provided an address for ethical hackers to return funds. However, there was just 1.8 ETH in it at the time of writing.
Nomad Bridge Funds Recovery Process
Dear white hat hackers and ethical researcher friends who have been safeguarding ETH/ERC-20 tokens,
Please send the funds to the following wallet address on Ethereum: 0x94A84433101A10aEda762968f6995c574D1bF154 pic.twitter.com/UF623JSZ8u
— Nomad (⤭⛓🏛) (@nomadxyz_) August 3, 2022
Another Bridge Exploit
Nomad conducted a $22 million seed round in April 2021. Investors included Polychain Capital, Ethereal Ventures, Hack VC, Coinbase Ventures, and Crypto.com.
It is the latest token bridge attack victim this year. The exploit follows high-profile hacks of the Ronin Bridge, Wormhole, and Harmony.
Mudit Gupta, the chief information security officer at Polygon, said that the complexity of bridge software can lead to errors and make them vulnerable to exploitation.
Nomad is not alone this week. At the time of writing, PeckShield was reporting that the Solana ecosystem was under attack.
#PeckShieldAlert The widespread hack on Solana wallets is likely due to the supply chain issue exploited to steal/uncover user private keys behind affects wallets. So far, the loss is estimated to be $8M, excluding one illiquid shitcoin (only has 30 holds & maybe misvalued $570M) pic.twitter.com/aTGNsTc6d8
— PeckShieldAlert (@PeckShieldAlert) August 3, 2022
⬆️For more cryptocurrency news, check out the Altcoin Buzz YouTube channel.
⬆️Find the most undervalued gems, up-to-date research, and NFT buys with Altcoin Buzz Access. Join us for $99 per month now.
