Connect with us

Global News

Token bridge Nomad drained of <$200M after latest exploit

Published

on

Source: Pixabay

On Monday, the Nomad cross-chain token bridge was attacked, and the attackers practically drained the protocol of all its cash. Nearly $200 million worth of cryptocurrencies were lost as a result of the hack.

Like other cross-chain bridges, Nomad enables users to transfer tokens back and forth between several blockchains. The attack on Monday is the most recent in a line of widely reported instances that have raised concerns about the safety of cross-chain bridges.

According to DeFi tracking platform DeFi Llama, almost all of the bridge’s $200 million in cryptocurrencies has been taken, leaving only $651.54 in the wallet.

Nomad then later claimed that some of the money had been taken out by “white hat pals” who did it to protect them.

So, how did this happen?

Bridges typically function by reissuing tokens in “wrapped” form on a different chain after locking them up in a smart contract on one network. The wrapped tokens lose their backing if the smart contract where they were initially deposited is compromised. This is what happened in Nomad’s case, making them worthless.

A researcher at the cryptocurrency investment company Paradigm, @samczsun, explained on Twitter that a recent change to one of Nomad’s smart contracts made it simple for users to counterfeit transactions. The Nomad bridge may thus be used by users to withdraw money that did not genuinely belong to them.

The Nomad attack was free for all, unlike some bridge attacks where a single perpetrator is responsible for the entire vulnerability.

 

The incident saw WBTC, Wrapped Ether (WETH), USD Coin (USDC), Frax (FRAX), Covalent Query Token (CQT), Hummingbird Governance Token (HBOT), IAGON (IAG), Dai (DAI), GeroWallet (GERO), Card Starter (CARDS), Saddle DAO (SDL), and Charli3 (C3) tokens being drained out from the bridge.

Beware of Impersonators!

After learning about the issue, Nomad informed its users about it. Additionally, the business warned users to watch out for imposters. Nomad tweeted,

“We’re aware of impersonators posing as Nomad and providing fraudulent addresses to collect funds. We aren’t yet providing instructions to return bridge funds. Disregard comms from all channels other than Nomad’s official channel.”

The MoonBeam network has essentially been put on hold while the team investigates. As a result, interactions between smart contracts and normal transactions using MoonBeam will no longer be possible.

At least one person has publicly stated their intention to pose as a white hat hacker who will restore the money taken from the bridge so far. In fact, Nomad was contacted by one user who tweeted,

“It’s a white hack, I guess. I’m going to give the money back.”

More and more bridge attacks

Bridge attacks have increased in frequency in recent months as cryptocurrency users have shown a greater desire to transfer funds between various blockchains.

While cross-chain bridges have enabled the spread of fledgling blockchains, bridge failures can be disastrous for smaller chains that depend on them for a significant portion of their overall liquidity.

One of Nomad’s more recent blockchains, Evmos, tweeted reacted to the incident too. It claimed that the Nomad episode “seriously damages initial Evmos [total value locked],” and it would be “brainstorming community solutions.”

Read the best crypto stories of the day in less than 5 minutes

Subscribe to get it daily in your inbox.


Please select your Email Preferences.

Jibin is a news editor at AMBCrypto. With over three years of experience as a political writer, he primarily focuses on the political impact of crypto developments. A graduate in Law and International Relations, his writing is by and large focused on cryptocurrencies from the political and financial perspective. A Liverpool FC fan. YNWA

Click to comment

Leave a Reply

Your email address will not be published.

Disclaimer: AMBCrypto's content is meant to be informational in nature and should not be interpreted as investment advice. Trading, buying or selling cryptocurrencies should be considered a high-risk investment and every reader is advised to do their own research before making any decisions.