Tuesday, August 16, 2022

Security Exploit on Nomad Token Bridge Leads to $200M Crypto Hack

The Takeaway:

The Nomad protocol, which enables users to transfer digital assets between various blockchains, experienced a security flaw on Monday night. The exploit caused the bridge to lose around $200 million in cryptocurrency.

Defi Llama, an analytics expert, reports that the bridge shut off in July with a TVL of almost $190 million.

Soon after numerous users on crypto Twitter started to see the bridge get hacked, raising worries about unusual transactions, the security issue came to light. The Nomad quickly sent a tweet admitting the hack after that.

The “event involving the Nomad token bridge” was acknowledged by the nomad team, who added that they are “currently examining the incident.”

The Polkadot network’s Moonbeam smart contract platform, whose native GLMR currency was one of those targeted by the Nomad hack, entered maintenance mode in the midst of this to “examine a security situation.”

Because the Nomad token bridge enables token transfers between Avalanche (AVAX), Ethereum (ETH), Evmos (EVMOS), Milkomeda C1, and Moonbeam, this is noteworthy (GLMR).

Around 9:00 pm UTC, 100 Wrapped Bitcoin (WBTC) tokens worth $2.3 million were successfully removed from the bridge in what is reportedly the first suspicious transaction cited as the origin of the ongoing exploit.

Since the hackers began withdrawing tokens with almost identical denominations, suspicions about a potential exploit have increased. The community looked more closely at the transactions as a result of the token’s decimal configuration error.

“I confirmed that while the Moonbeam transaction did bridge out 0.01 WBTC, somehow the Ethereum transaction spanned in 100 WBTC,” said Twitter user Samczsun. After that, he discovered that the bridge transaction in the WBTC had not demonstrated anything that indicated the possibility of a hack.

Simply said, to ensure that every communication on the bridge was valid, a user altered code that was discovered during the audit of the bridge. Evmos claims that the Nomad bridge contract had a flaw that allowed it to accept any root hash, allowing many entities to withdraw substantial sums of money.

Numerous individuals attempted to replicate the attack once the exploit made headlines in an effort to steal some cryptocurrency.

A large number of tokens, including WBTC, WETH, USDC, FRAX, CQT, Hummingbird Governance Token (HBOT), IAGON (IAG), and Dai (DAI), among others, have been drained from the platform as a result of the vulnerability attack.


Nomad Had Recently Disclosed New Funding

The most recent exploit comes just four days after Nomad disclosed the whole list of investors that took part in its $22 million seed round in April, which featured well-known companies including Coinbase Ventures, Wintermute, 1kx, and Polychain Capital.

This event has once more highlighted the growing weaknesses of cross-chain bridges, which are currently a favored target of cryptocurrency hackers. Bridge exploits are still a major worry for the entire Defi ecosystem and have a devastating effect on user finances.

One of the biggest cryptocurrency exploits in history cost Ronin Network, the Ethereum-powered sidechain for Axie Infinity, a whopping $625 million.

Disclaimer: The article reflects the opinions of the author and is not representative of Chaintimes’ views.
The article does not offer any investment advice. User discretion is advised when investing in or trading with cryptocurrency. Extensive and diligent research should be carried out by the reader before making a decision.

Vivekanandan Tiwari
Vivekanandan Tiwari
Vivekanandan is an IT graduate, He loves to write about blockchain-related techs. He is enthusiastic about Financial markets and is always eager to learn.

Leave A Reply

Please enter your comment!
Please enter your name here