The Nomad cross-chain bridge has suffered an attack that has resulted in the loss of $190M worth of collateral. The exploit resulted in a large number of criminal “copy and paste” actors draining all of the protocol’s collateral on the chain.
In the early hours of the morning on August 2, 2022, Nomad cross-chain bridge posted an alert that it was aware of an ongoing malicious exploit. In the following hours, the exploiters drained the protocol’s entire funds worth more than $190 million.
A crypto community developer and white hat hacker, ‘samczsun’, broke down the chain of events in the attack explaining what happened while also describing the attack as one of the most chaotic hacks in the Web 3.0. Nomad is a bridge for cross-chain transfers between Ethereum, Avalanche, Moonbeam and Milkomeda.
In the Ethereum Security Telegram Channel, researchers shared a tweet which showed multiple transactions with funds leaving the bridge. At a glance, it looked like a misconfiguration in decimals but samczsun discovered that while the Moonbeam transactions bridged out 0.1 WBTC, somehow the Ethereum transaction bridged in 100 WBTC.
What makes this particular attack dangerous is that the transactions were not executed or proved directly. All the exploiter had to do was to find a transaction that worked, replace the receiving address with their own and rebroadcast it. Samczsun did some more investigation and found a flaw in a smart contract initialized during a routine Nomad system upgrade.
Nomad even discovered fraud addresses that were impersonating them and attempting to collect funds on their behalf. They asked the public to disregard any communications from any channel that is not Nomad’s official channel as they haven’t provided any instructions to return their bridge’s funds yet.
Nomad’s total locked value has crashed to $5,336 from $190.38 million to $5,336 as reported by DefiLama over the past few hours. This attack is the latest in the wave of Blockchain bridge attacks on high profile bridges this year like Wormhole, Ronin Bridge and Harmony.
Featured Image Source: www.cryptopotato.com
