Nomad Blockchain Bridge Looted for $190 Million by Crypto Users
0
0
The Nomad cross-chain bridge was hacked, but the hack was so simple that hundreds of users copied it and looted the rest of the $190 million in assets.
Another cryptocurrency bridge between chains, the nomad bridge, used up almost all of its assets, but this time it wasn’t just the hackers who were involved. In a first for the blockchain industry, not just one hacker, or even a few hackers, committed a 9-figure hack, but hundreds of real users in what can only be described as to “frantic looting“.
Cross-chain bridges are a system of smart contracts and messaging scripts that connect one blockchain to another to allow cryptocurrencies and NFTs to be transferred between them. They (usually) work by storing the tokens in a smart contract in their “native“chain and then coin a”wrapped up” of the tokens deposited on the other chain. Users can also withdraw their native tokens by depositing the wrapped tokens back into the bridge, where they are burned. A common example is Wrapped Bitcoin, or WBTC, which allows users to send their BTC on the Bitcoin blockchain on the Ethereum blockchain where it can be used in decentralized finance (or “DeFi“). Bridges can wrap any type of blockchain token, including non-fungible tokens (or “NFT“) and stablecoins (stable cryptocurrencies to the dollar). Because they act as massive pools of locked cryptocurrencies and digital assets, bridges are the most attractive targets for hackers and present the greatest security risk to the blockchain ecosystem .
yesterday, TechCrunch i Gizmodo reported that the Nomad blockchain bridge was hacked, but the hack was so simple that hundreds of additional users copied the transaction and drained the $190 million bridge in which blockchain developer and Twitter user @0xfoobar is calling”the first decentralized mass looting of a 9-figure bridge in history.“The Nomad bridge connected Ethereum, Avalanche, Evmos, Moonbeam and Milkomeda together and had almost $200 million in their system before the hack. After the hack was over, only approximately $1,700 of assets remained within the smart contracts of the bridge. Many users have come forward and admitted to participating in the looting and promised to return the assets once a secure address can be provided. Others have claimed to be white hat hackers who intentionally exploited the bridge to protect the crypto assets that are held.this.
Blockchain bridges are rich targets
Bridges are vital pieces of infrastructure for a multi-chain future, where many blockchains work together and share assets as a single unit. Just as the early Internet was once a jumble of different protocols that eventually settled into a single protocol, blockchain is also a jumble of protocols trying to connect to each other. For Web3 to be secure, privacy and asset custody issues need to be resolved, rock-solid development standards are needed for cross-chain bridges, and better regulations are needed to protect users. Right now, blockchain is too hard to use, crypto wallets don’t have human-readable names, users don’t know how to avoid phishing attacks, and hacks happen on what seems like a weekly basis. Bridges are the richest of these targets, containing hundreds of millions of dollars worth of assets inside, and the absence of safety standards means they are all built and managed differently.
As long as the damage is done, many honest users will return what they took. However, dishonest users will likely keep what they stole and will have to find a way to launder and cash out their cryptocurrency, as all stolen cryptocurrency from the Nomad bridge is now associated with the hack and any attempt to deposit it into one the exchange account will alert the authorities. Blockchain security and analytics companies will monitor the addresses that participated in the Nomad looting and nomad will probably call for honest participants to return the assets they stole.
Source: TechCrunch, Gizmodo, 0xfoobar/Twitter
About the author
