Nomad, a protocol for transferring cryptocurrency from one blockchain to another, has been hacked. By exploiting a security flaw that appeared after an update, hackers managed to steal $190 million. This new incident highlights the fragility of certain decentralized finance tools.
The crypto ecosystem has just suffered a new hack. On the night of August 1 to 2, 2022, Nomada bridge for cryptocurrencies, lost over $190 million. Apparently, attackers suddenly exploited a security flaw in the protocol.
In the digital currency industry, a bridge allows connect two blockchains different. Users can then transfer cryptocurrencies from one network to another, for a transfer fee. With the proliferation of blockchains, bridges have become indispensable tools for investors. Colossal sums pass through these protocols daily.
On the same theme: Are cryptocurrencies in danger? A study lists the flaws of blockchains
A serious security flaw at the origin of the hack
Almost all the funds deposited on the bridge have been siphoned during the attack by Nomad. Only $651 remained as a result of the offensive, shows data from DefiLlama, a decentralized finance (DeFi) tracking platform. Alerted by users, Nomad teams quickly launched an investigation.
1/ Nomad just got drained for over $150M in one of the most chaotic hacks that Web3 has ever seen. How exactly did this happen, and what was the root cause? Allow me to take you behind the scenes 👇 pic.twitter.com/Y7Q3fZ7ezm
— samczsun (@samczsun) August 1, 2022
The breach would have appeared following updating smart contracts from the bridge. According to Sam Sun, one of the researchers at Paradigm, an investment firm specializing in digital assets, the flaw allowed hackers to appropriate cryptocurrencies that belong to others. The attackers obviously rushed to transfer the funds to their digital wallets.
“All you had to do was find a transaction that worked, replace the other person’s address with your own, and then repost”details Sam Sun on his Twitter account.
To exploit this breach, it was not even necessary to have advanced knowledge in programming. Some Internet users then took advantage of the ambient chaos to imitate the pirates. As Victor Young, founder of start-up Analog, explained to our colleagues at CNBC, ” any user could simply copy the original attackers’ transaction data and replace the address with their own”.
After learning about the flaw, some hackers have recovered the funds in order to protect them. Some of the missing cryptocurrencies have thus been returned. Currently, the bridge holds around $15,000, a far cry from the amount in transit with the hack.
On its social networks, Nomad explains that it is doing everything possible to trace the hackers behind the attack. Obviously, the developers in charge of the project hope recover money by analyzing blockchains. Most blockchains keep track of all transactions. Some firms in the sector are also specialized in the monitoring of blockchains. This is particularly the case with Chainalysis, the industry leader.
“We are working around the clock to remedy the situation and have notified law enforcement and contracted the services of leading companies in blockchain intelligence and forensics. Our goal is to identify the affected accounts, trace and recover the funds.”explains Nomad.
Update: We are working around the clock to address the situation and have notified law enforcement and retained leading firms for blockchain intelligence and forensics. Our goal is to identify the accounts involved and to trace and recover the funds.
— Nomad (⤭⛓🏛) (@nomadxyz_) August 2, 2022
The fragility of cryptocurrency bridges
This is the third biggest hack of the yearbehind the hack of Ronin Network ($624 million missing) and wormhole ($324 million flew away). Let’s also mention the recent hack ofSkyline Bridge in June, which resulted in the disappearance of 98 million dollars.
Note that all the hacks concern bridges. This was already the case last year. In August 2021, Poly Network, another bridge between blockchains, lost over $600 million in an attack orchestrated by a seasoned hacker. This is the second biggest hack in the entire industry across all platforms. More than a billion dollars were stolen through cryptocurrency bridges in 2022, reveals Elliptic, a blockchain analysis firm.