After Wormhole, Ronin and Harmony: Cross-Chain Token Bridge Nomad falls victim to bridge hack

• Cross-chain token bridge Nomad exploit
• Virtually all funds are withdrawn from the protocol
• Whole series of attacks on “bridges”

Nomad is a cross-chain messaging protocol that allows users to send and receive tokens between different blockchains. By using an optimistic mechanism, Nomad says it only needs one honest actor to protect the entire system. “Nomad allows off-chain observers to dispute messages about fraud evidence without having to rely on administrators or auditors,” the company explains on its website. In addition, Nomad “reduces gas fees by a factor of 10 compared to conventional header relay systems while remaining decentralized.” Nomad smart contracts can also be “quickly deployed in any smart contract chain without the need for custom logic,” according to the company.

advertising

Trade Bitcoin and other cryptos with leverage (long and short)

Bitcoin and other cryptocurrencies have recently corrected significantly. Trade cryptos such as Bitcoin or Ethereum with leverage at Germany’s No. 1 CFD provider and participate in rising and falling prices.

Plus500: Please note the Hints5 to this advertisement.

Attackers exploit security flaws in Nomad

In early August, however, the cross-chain messaging protocol, which claims to put security first, was exploited. According to CoinDesk, the attackers withdrew practically all of its funds from the protocol. The total value of cryptocurrency lost in the attack was nearly $200 million. Blockchain security firm BlockSec estimated the damage at around $150 million, according to Cryptonews, which may indicate users siphoned off the remaining $40 million themselves.

The Nomad team confirmed the exploit on Twitter on August 2: “We are aware of the Nomad Token Bridge incident. We are investigating [ihn] currently and will provide updates as soon as we have them.” The company also said it has “notified law enforcement and engaged leading blockchain intelligence and forensics companies.” “Our goal is to identify the accounts involved and trace the funds.” and regain it,” says Nomad.

Nomad announces bonus for white hats

Meanwhile, Nomad has announced a bounty of up to 10 percent for Nomad Bridge hackers, “with Nomad considering any party that returns at least 90% of the total funds they hack as white hat,” the company said in a blog Posting on medium.com stating, “Nomad will not take legal action against white hats.” In the notice, Nomad also advises that funds must be returned to the official address of the Nomad Recovery Wallet and warns of impersonators and other scams.

This is how the exploit happened

In another blog post, Nomad compiled its root cause analysis of the bridge hack to explain how the exploit could have happened. As the company writes, an implementation error resulted in “the replica contract not properly authenticating messages.” This problem made it possible to forge any message as long as it had not yet been processed. “As a result, contracts that relied on the replica to authenticate incoming messages suffered security failures. This authentication failure resulted in fraudulent messages being forwarded to the Nomad BridgeRouter contract.”

Attacks on “Bridges” are increasing

The Nomad Bridge hack is just one of a series of attacks targeting so-called “bridges” that allow transactions between different blockchains. At the end of June, hackers exploited a vulnerability in Harmony’s Horizon Bridge and stole around 100 million US dollars. Previously, the Ronin Bridge of the popular NFT game Axie Infinity was the victim of a hacking attack in which around 600 million US dollars were stolen. In February, DeFi platform Wormhole lost about $320 million to hackers.

White hats return funds

“To date, $35.8 million has been returned to the Nomad Recovery wallet from 39 wallet addresses.” Nomad explained on Twitter on August 7th and thanked all the so-called white hats, i.e. hackers with good intentions, who paid Nomad back the money they had withdrawn.

It remains to be seen how many will follow this example and return funds to Nomad – and how much damage will ultimately be caused.

Editorial office finanzen.net

Image Sources: Alexander Yakimov / Shutterstock, dencg / Shutterstock.com



ttn-28