Nomad, a cross-chain bridge lost $200 million (roughly Rs. 1,570 crore) in what security researchers are calling a ‘free for all' exploit. Unlike conventional attacks, where one culprit is responsible for the exploit, Nomad's case was different. Sam Sun, a Paradigm researcher has explained that a recent update to a Nomad smart contract made it convenient for users to spoof transactions and withdraw funds from the bridge, which originally did not belong to them. As per Sun, this is one of the most chaotic exploits to have happened in the Web3 sector so far.
Nomad allows users to send and receive cryptocurrencies between different blockchains. Cross chain bridges like Nomad, typically lock tokens in a smart contract on one chain and reissue these tokens in ‘wrapped' form on another chain.
In Nomad's case, a smart contract where tokens were initially deposited was sabotaged making way for exploiters to act.
“This is why the hack was so chaotic — you didn't need to know about Solidity or Merkle Trees or anything like that. All you had to do was find a transaction that worked, find/replace the other person's address with yours, and then re-broadcast it,” Sun wrote as part of his Twitter thread, decoding the dynamics of the exploit on Nomad.
While the cross-chain bridge has not issued media statements on the incident, it has posted a tweet acknowledging that it is aware of the case.
Nomad's detailed response on the incident remains awaited.
Bridges have become a popular element of the cryptosphere now that more people have begun swapping assets between different blockchains.
These blockchain bridges have caught the attention of hackers, who are constantly looking at ways to exploit them.
In March, a hack attack on Axie Infinity's Ronin bridge depleted a whopping $625 million (roughly Rs. 4,729 crore) from the Sky Mavis gaming company. The Ronin Network, designed by Axie Infinity developer Sky Mavis, acts as a bridge between the video game and the blockchain, allowing cryptocurrencies to be transferred in and out of the game.
Back in February, the Wormhole Portal, that allows people to switch from one cryptocurrency to another, also suffered a breach and lost $322 million (roughly Rs. 2,410 crore) worth of Ether.
Affiliate links may be automatically generated - see our ethics statement for details.