Nomad Cross-Chain Bridge Lost Nearly $200 Million in ‘Chaotic, Free For All’ Exploit
Nomad allows users to send and get cryptocurrencies between different blockchains.
Advertisement
Highlights
- Nomad team yet to disclose its response around this attack
- Nomad team has acknowledged the attack
- The exploit happened on August 1
Repeated attacks on on-chain bridges have put their security under question
Photo Credit: Website/ Nomad
Nomad, a cross-chain bridge lost $200 million (roughly Rs. 1,570 crore) in what security researchers are calling a ‘free for all' exploit. Unlike conventional attacks, where one culprit is responsible for the exploit, Nomad's case was different. Sam Sun, a Paradigm researcher has explained that a recent update to a Nomad smart contract made it convenient for users to spoof transactions and withdraw funds from the bridge, which originally did not belong to them. As per Sun, this is one of the most chaotic exploits to have happened in the Web3 sector so far.
Nomad allows users to send and receive cryptocurrencies between different blockchains. Cross chain bridges like Nomad, typically lock tokens in a smart contract on one chain and reissue these tokens in ‘wrapped' form on another chain.
In Nomad's case, a smart contract where tokens were initially deposited was sabotaged making way for exploiters to act.
“This is why the hack was so chaotic — you didn't need to know about Solidity or Merkle Trees or anything like that. All you had to do was find a transaction that worked, find/replace the other person's address with yours, and then re-broadcast it,” Sun wrote as part of his Twitter thread, decoding the dynamics of the exploit on Nomad.
Advertisement
While the cross-chain bridge has not issued media statements on the incident, it has posted a tweet acknowledging that it is aware of the case.
Nomad's detailed response on the incident remains awaited.
Advertisement
Bridges have become a popular element of the cryptosphere now that more people have begun swapping assets between different blockchains.
These blockchain bridges have caught the attention of hackers, who are constantly looking at ways to exploit them.
Advertisement
In March, a hack attack on Axie Infinity's Ronin bridge depleted a whopping $625 million (roughly Rs. 4,729 crore) from the Sky Mavis gaming company. The Ronin Network, designed by Axie Infinity developer Sky Mavis, acts as a bridge between the video game and the blockchain, allowing cryptocurrencies to be transferred in and out of the game.
Back in February, the Wormhole Portal, that allows people to switch from one cryptocurrency to another, also suffered a breach and lost $322 million (roughly Rs. 2,410 crore) worth of Ether.
Why is Oppo making strange choices with its flagship Reno series? We discuss this on Orbital, the Gadgets 360 podcast. Orbital is available on Spotify, Gaana, JioSaavn, Google Podcasts, Apple Podcasts, Amazon Music and wherever you get your podcasts.
Affiliate links may be automatically generated - see our ethics statement for details.
For the latest tech news and reviews, follow Gadgets 360 on X, Facebook, WhatsApp, Threads and Google News. For the latest videos on gadgets and tech, subscribe to our YouTube channel. If you want to know everything about top influencers, follow our in-house Who'sThat360 on Instagram and YouTube.
Advertisement