Business News/ News / World/ Nomad token bridge hacked in nearly $200 million exploit. Here's what happened

Back

Nomad token bridge hacked in nearly $200 million exploit. Here's what happened

1 min read 02 Aug 2022, 11:53 AM IST Livemint

Nomad bridge is the latest crypto project that has been the victim of a hack

Nomad bridge is the crypto project that has been the latest victim of a hack as the hackers made away with nearly all of the funds in the wallet. As per a report by CoinDesk, the total value of cryptocurrency lost to the attack has totaled near $200 million.

Confirming the incident, Nomad tweeted, “We are aware of the incident involving the Nomad token bridge. We are currently investigating and will provide updates when we have them."

“We are aware of impersonators posing as Nomad and providing fraudulent addresses to collect funds. We are not yet providing instructions to return bridge funds. Disregard comms from all channels other than Nomad’s official channel: @nomadxyz_," it added in a series of tweets.

We’re aware of impersonators posing as Nomad and providing fraudulent addresses to collect funds. We aren’t yet providing instructions to return bridge funds. Disregard comms from all channels other than Nomad’s official channel: @nomadxyz_
— Nomad (⤭⛓🏛) (@nomadxyz_) August 2, 2022

Nomad is a cross-chain communication standard that enables cheap and secure transfers of tokens and data between chains, and allows users to send and receive digital tokens between different blockchains.

Explaining how the Nomad bridge hack took place, @samczsun, a researcher at crypto investment firm Paradigm, explained that a recent update to one of Nomad’s smart contracts made it easy for users to spoof transactions. This meant users were able to withdraw money from the Nomad bridge that didn’t actually belong to them.

“This is why the hack was so chaotic - you didn't need to know about Solidity or Merkle Trees or anything like that. All you had to do was find a transaction that worked, find/replace the other person's address with yours, and then re-broadcast it. A routine upgrade marked the zero hash as a valid root, which had the effect of allowing messages to be spoofed on Nomad. Attackers abused this to copy/paste transactions and quickly drained the bridge in a frenzied free-for-all," he explained in a series of tweets.

1/ Nomad just got drained for over $150M in one of the most chaotic hacks that Web3 has ever seen. How exactly did this happen, and what was the root cause? Allow me to take you behind the scenes 👇 pic.twitter.com/Y7Q3fZ7ezm
— samczsun (@samczsun) August 1, 2022

Bridges are software that enable different types of blockchains and their respective tokens to interoperate, rather than work in silos. Bridge attacks have become more frequent in recent months as crypto-users have demonstrated an increased appetite for swapping assets between different blockchains.

The hack comes days after Nomad announced the full list of investors in its $22 million seed round, which was led by Polychain Capital, with participation from backers including Ethereal Ventures, Hack VC, Coinbase Ventures and Crypto.com Capital.

(With inputs from agencies)

Catch all the Business News, Market News, Breaking News Events and Latest News Updates on Live Mint. Download The Mint News App to get Daily Market Updates.

More Less

Updated: 02 Aug 2022, 01:35 PM IST