Token bridge Nomad drained of $200M after latest exploit
On Monday, the Nomad cross-chain token bridge was attacked, and the attackers practically drained the protocol of all its cash. Nearly $200 million worth of cryptocurrencies were lost as a result of the hack.
Like other cross-chain bridges, Nomad enables users to transfer tokens back and forth between several blockchains. The attack on Monday is the most recent in a line of widely reported instances that have raised concerns about the safety of cross-chain bridges.
According to DeFi tracking platform DeFi Llama, almost all of the bridge’s $200 million in cryptocurrencies has been taken, leaving only $651.54 in the wallet.
Nomad then later claimed that some of the money had been taken out by “white hat pals” who did it to protect them.
Bridges typically function by reissuing tokens in “wrapped” form on a different chain after locking them up in a smart contract on one network. The wrapped tokens lose their backing if the smart contract where they were initially deposited is compromised. This is what happened in Nomad’s case, making them worthless.
A researcher at the cryptocurrency investment company Paradigm, @samczsun, explained on Twitter that a recent change to one of Nomad’s smart contracts made it simple for users to counterfeit transactions. The Nomad bridge may thus be used by users to withdraw money that did not genuinely belong to them.
The Nomad attack was free for all, unlike some bridge attacks where a single perpetrator is responsible for the entire vulnerability.
<p lang=«en» dir=«ltr» xml:lang=«en»>11/ This is why the hack was so chaotic – you didn't need to know about Solidity or Merkle Trees or anything like that. All you had to do was find a transaction that worked, find/replace the other person's address Read more on ambcrypto.com
