The exploit calls the security of cross-chain token bridges into question once again.
The cross-chain token bridge Nomad was exploited Monday, with attackers draining the protocol of virtually all of its funds. The total value of cryptocurrency lost to the attack totaled near $200 million.
Nomad, like other cross-chain bridges, allows users to send and receive tokens between different blockchains. Monday’s attack is the latest in a string of highly-publicized incidents which have drawn the security of cross-chain bridges into question.
CoinDesk has reached out to Nomad for comment but hadn’t heard back at the time of writing. In a tweet, the team said it was investigating the incident.
We are aware of the incident involving the Nomad token bridge. We are currently investigating and will provide updates when we have them.
— Nomad (⤭⛓) (@nomadxyz_) August 1, 2022
What Happened?
Bridges typically work by locking up tokens in a smart contract on one chain and then reissuing those tokens in “wrapped” form on another chain.
If the smart contract where tokens are initially deposited gets sabotaged – as happened in Nomad’s case – the wrapped tokens no longer have any backing, which can render them worthless.
Sam Sun, a researcher at crypto investment firm Paradigm, explained on Twitter that a recent update to one of Nomad’s smart contracts made it easy for users to spoof transactions, meaning people could withdraw money from the bridge that didn’t actually belong to them.
1/ Nomad just got drained for over $150M in one of the most chaotic hacks that Web3 has ever seen. How exactly did this happen, and what was the root cause? Allow me to take you behind the scenes pic.twitter.com/Y7Q3fZ7ezm
— samczsun (@samczsun) August 1, 2022
Unlike some bridge attacks, where a single culprit is behind the entire exploit, the Nomad attack was a free for all.
“... you didn't need to know about Solidity or Merkle Trees or anything like that. All you had to do was find a transaction that worked, find/replace the other person's address with yours, and then re-broadcast it,” Sun explained.
Nomad: A 'Secure' Alternative?
Bridge attacks have become more frequent in recent months as crypto-users have demonstrated an increased appetite for swapping assets between different blockchains.
While cross-chain bridges have made it possible for upstart blockchains to proliferate, bridge failures can be devastating for smaller chains that rely on them for a large amount of their total liquidity.
Evmos, one of the newer blockchains serviced by Nomad, tweeted that it would be “brainstorming community solutions” to the Nomad attack given that it “significantly impacts initial Evmos [total value locked].”
The largest decentralized finance (DeFi) attack in history, April’s Ronin bridge attack, saw over $600 million worth of crypto siphoned out of the bridge that powers the blockchain-based game Axie Infinity.
Just a few months before that, over $300 million was drained from the Wormhole bridge, wreaking havoc across the Solana blockchain community and the wider decentralized finance (DeFi) ecosystem.
Nomad sold investors on the vision that it would be fundamentally more secure than alternative platforms.
Just last week, it revealed that crypto heavyweights Coinbase Ventures and OpenSea were among those who participated in an April seed round which valued the company at $225 million.
All writers’ opinions are their own and do not constitute financial advice in any way whatsoever. Nothing published by CoinDesk constitutes an investment recommendation, nor should any data or Content published by CoinDesk be relied upon for any investment activities. CoinDesk strongly recommends that you perform your own independent research and/or speak with a qualified investment professional before making any financial decisions.
Recommended Content
Editors’ Picks
Polygon joins forces with WSPN to expand stablecoin adoption
WSPN, a stablecoin infrastructure company based in Singapore, has teamed up with Polygon Labs to make its stablecoin, WUSD, more useful in payment and decentralized finance.
Coinbase envisages listing of more meme coins amid regulatory optimism
Donald Trump's expected return to the White House creates excitement in the cryptocurrency sector, especially at Coinbase, the largest US-based crypto exchange. The platform is optimistic that the new administration will focus on regulatory clarity, which could lead to more token listings, including popular meme coins.
Cardano's ADA leaps to 2.5-year high of 90 cents as whale holdings exceed $12B
As Bitcoin (BTC) gets closer to the $100,000 mark for the first time — it crossed $99,000 earlier Friday — capital is rotating into alternative cryptocurrencies, creating a buzz in the broader crypto market.
Shiba Inu holders withdraw 1.67 trillion SHIB tokens from exchange
Shiba Inu trades slightly higher, around $0.000024, on Thursday after declining more than 5% the previous week. SHIB’s on-chain metrics project a bullish outlook as holders accumulate recent dips, and dormant wallets are on the move, all pointing to a recovery in the cards.
Bitcoin: Rally expected to continue as BTC nears $100K
Bitcoin (BTC) reached a new all-time high of $99,419, just inches away from the $100K milestone and has rallied over 9% so far this week. This bullish momentum was supported by the rising Bitcoin spot Exchange Traded Funds (ETF), which accounted for over $2.8 billion inflow until Thursday. BlackRock and Grayscale’s recent launch of the Bitcoin ETF options also fueled the rally this week.
Best Forex Brokers with Low Spreads
VERIFIED Low spreads are crucial for reducing trading costs. Explore top Forex brokers offering competitive spreads and high leverage. Compare options for EUR/USD, GBP/USD, USD/JPY, and Gold.