• Cross-chain token bridge Nomad exploit
• Virtually all funds are withdrawn from the protocol
• Whole series of attacks on “bridges”
Nomad is a cross-chain messaging protocol that allows users to send and receive tokens between different blockchains. By using an optimistic mechanism, Nomad says it only needs one honest actor to protect the entire system. “Nomad allows off-chain observers to dispute messages about fraud evidence without having to rely on administrators or auditors,” the company explains on its website. In addition, Nomad “reduces gas fees by a factor of 10 compared to conventional header relay systems while remaining decentralized.” Nomad smart contracts can also be “quickly deployed in any smart contract chain without the need for custom logic,” according to the company.
advertising
Trade Bitcoin and other cryptos with leverage (long and short)
Bitcoin and other cryptocurrencies have recently corrected significantly. Trade cryptos such as Bitcoin or Ethereum with leverage at Germany’s No. 1 CFD provider and participate in rising and falling prices.
Attackers exploit security flaws in Nomad
In early August, however, the cross-chain messaging protocol, which claims to put security first, was exploited. According to CoinDesk, the attackers withdrew practically all of its funds from the protocol. The total value of cryptocurrency lost in the attack was nearly $200 million. Blockchain security firm BlockSec estimated the damage at around $150 million, according to Cryptonews, which may indicate users siphoned off the remaining $40 million themselves.
The Nomad team confirmed the exploit on Twitter on August 2: “We are aware of the Nomad Token Bridge incident. We are investigating [ihn] currently and will provide updates as soon as we have them.” The company also said it has “notified law enforcement and engaged leading blockchain intelligence and forensics companies.” “Our goal is to identify the accounts involved and trace the funds.” and regain it,” says Nomad.
We are aware of the incident involving the Nomad token bridge. We are currently investigating and will provide updates when we have them.
– Nomad (⤭⛓?) (@nomadxyz_) August 1, 2022
Nomad announces bonus for white hats
Meanwhile, Nomad has announced a bounty of up to 10 percent for Nomad Bridge hackers, “with Nomad considering any party that returns at least 90% of the total funds they hack as white hat,” the company said in a blog Posting on medium.com stating, “Nomad will not take legal action against white hats.” In the notice, Nomad also advises that funds must be returned to the official address of the Nomad Recovery Wallet and warns of impersonators and other scams.
Update: Nomad Bridge Hack Bounty
(see below for details)
Please send the funds to the official Nomad recovery wallet address on Ethereum: 0x94A84433101A10aEda762968f6995c574D1bF154 https://t.co/8gO1xVl5IC pic.twitter.com/8D7SvbDQlO
– Nomad (⤭⛓?) (@nomadxyz_) August 4, 2022
This is how the exploit happened
In another blog post, Nomad compiled its root cause analysis of the bridge hack to explain how the exploit could have happened. As the company writes, an implementation error resulted in “the replica contract not properly authenticating messages.” This problem made it possible to forge any message as long as it had not yet been processed. “As a result, contracts that relied on the replica to authenticate incoming messages suffered security failures. This authentication failure resulted in fraudulent messages being forwarded to the Nomad BridgeRouter contract.”
1/ Nomad has compiled its Root Cause Analysis of the Bridge hack to serve as a technical source of truth that will help inform the path going forward: https://t.co/6s28VbSX7T
– Nomad (⤭⛓?) (@nomadxyz_) August 5, 2022
Attacks on “Bridges” are increasing
The Nomad Bridge hack is just one of a series of attacks targeting so-called “bridges” that allow transactions between different blockchains. At the end of June, hackers exploited a vulnerability in Harmony’s Horizon Bridge and stole around 100 million US dollars. Previously, the Ronin Bridge of the popular NFT game Axie Infinity was the victim of a hacking attack in which around 600 million US dollars were stolen. In February, DeFi platform Wormhole lost about $320 million to hackers.
White hats return funds
“To date, $35.8 million has been returned to the Nomad Recovery wallet from 39 wallet addresses.” Nomad explained on Twitter on August 7th and thanked all the so-called white hats, i.e. hackers with good intentions, who paid Nomad back the money they had withdrawn.
To-date, $35.8m has been returned to the Nomad recovery wallet from 39 wallet addresses.
Thank you to all the white hats who have returned funds.
– Nomad (⤭⛓?) (@nomadxyz_) August 7, 2022
It remains to be seen how many will follow this example and return funds to Nomad – and how much damage will ultimately be caused.
Editorial office finanzen.net
Image Sources: Alexander Yakimov / Shutterstock, dencg / Shutterstock.com