Crypto MarketEditorial office

Grand theft crypto: How Nomad bridge lost $190 million in the world’s first decentralized heist

Tanja Nechet

News editor

03.08.2022 at 07:09

The burning bridge

Web3 won’t be the same after the mass Nomad bridge exploit. Unlike previous exploits, this one was not perpetrated by a group of attackers. It was a mass robbery. First, one attacker struck, and hundreds of different accounts used his trick to steal funds. The bridge had $1,000 of the $190,740,000 left in just a few hours. Unknown people took out almost all of ETH, USDC, BTC, and other less popular tokens. Blockchain security firm Peckshield pointed out that more than 41 addresses drained $152M — or 80% of the stolen funds.

Now there is a significant message on the Nomad bridge site asking a white hat hackerThis is a person who uses their skills to identify security vulnerabilities in hardware, software, or networks. and his friends to return the money: “Please return ETH or ERC-20 tokens to this wallet address: 0x94A84433101A10aEda762968f6995c574D1bF154.”

Nomad bridge tearfully asks for a refund. Photo: screenshot

The attack came days after Nomad reported that prominent crypto investors like Coinbase Ventures, OpenSea, Polygon, and Crypto.com Capital, participated in an April $22M seed round. The company was then valued at $225M (how ironic!).

What is the Nomad bridge?

It is a cross-chain bridge between Ethereum, Moonbeam, Avalanche, Evmos, and Milkomeda. A blockchain bridge is a protocol that connects blockchains to communicate. For example, you can transfer your bitcoin to WBTC on the Ethereum (ETH) network.

How to beat the Nomad?

The attacker used a wrong initialization of a critical parameter in the smart contracts simply a program stored on a blockchain that runs when predetermined conditions are met., which allowed him to bypass security checks and drain tokens from the bridge. The user must go through an approval process on the chain to verify that the asset transfer request from the bridge is valid. The approval process verifies that the message has valid Merkle proof and has been approved by the privileged user (or management). That is, when a user transferred funds from one blockchain to another, the Nomad could not check the transaction amount, which allowed the user to withdraw extra funds. And this turned into the grand theft crypto and the 5th largest DeFi hack of all time, according to blockchain audit company Zellic.

The smart contract was initialized to approve any message with an unknown hashHashing is simply passing some data through a formula that produces a result.. And so, the attacker created an altered message that sent millions of dollars in crypto moss assets to their wallets. For example, you can send 1 ETH and manually invoke a smart contract on another blockchain and end up with 100 ETH.

What is impressive: other users only had to copy the hacker’s transaction data, replace the original address with a personal one, and that’s it – the money was rolling in! Not everyone turned out to be so bad. Some used the data they received in a way that others failed to do — to give the money back to Nomad later. For example, leadingscientist.eth.

A Reddit user under the nickname Saoibh pointed out an interesting thing. According to him, the flaw was previously detected by an external audit. But the Nomad team assured us that hacking through this bug (№19) would never happen. And didn’t fix it.

Nomad is not the only bridge that got hacked

  • 29 January — Qubit bridge hacked for 15.7K ETH, 767 BTC, and $9.5M stablecoins
  • 2 February — Wormhole bridge hacked for 93K ETH 
  • 23 March — Ronin bridge hacked for 174K ETH and 25.5M USDC
  • 24 June — Horizon bridge hacked for 86K ETH 

All information provided on this website is for educational and informational purposes only. Please consult with our Disclaimer.

Home » Crypto Market » Grand theft crypto: How Nomad bridge lost 0 million in the world’s first decentralized heist

Your complaint has been sent to a moderator