Nomad, a protocol for transferring cryptocurrency from one blockchain to another, has been hacked. By exploiting a security flaw that appeared after an update, hackers managed to steal $190 million. This new incident has highlighted the fragility of certain decentralized finance tools.
The crypto ecosystem has just suffered a new hack. On the night of August 1 to 2, 2022, Nomadica cryptocurrency bridge, lost over $190 million. Apparently, attackers exploited a security flaw in the protocol.
In the digital device sector, a bridge makes it possible to connect two blockchains different. Users can then transfer cryptocurrencies from one network to another, cancel transfer fees. With the proliferation of blockchains, bridges have become indispensable tools for investors. Colossal sums pass through these protocols daily.
On the same theme: Are cryptocurrencies in danger? A study lists the flaws of blockchains
A serious security flaw at the origin of the hack
Almost all the funds deposited on the bridge have been siphoned during the attack of Nomad. Just $651 remained as a result of the offensive, data from DefiLlama, a decentralized finance (DeFi) tracking platform, showed. Alerted by users, Nomad teams quickly launched an investigation.
1/ Nomad just sold out for over $150 million in one of the most chaotic hacks Web3 has ever seen. How exactly did this happen and what was the root cause? Let me take you behind the scenes 👇 pic.twitter.com/Y7Q3fZ7ezm
— samczsun (@samczsun) August 1, 2022
The breach would have appeared following updating smart contracts from the bridge. According to Sam Sun, one of the researchers at Paradigm, an investment firm specializing in digital assets, the flaw allowed hackers to appropriate cryptocurrencies that belong to others. The attackers obviously rushed to transfer the funds to their digital wallets.
“All you thought about doing was finding a transaction that worked, replacing the other person’s address with your own, then rebroadcasting it”details Sam Sun on his Twitter account.
To exploit this breach, it was not even necessary to have advanced knowledge in programming. Some Internet users then took advantage of the ambient chaos to imitate the pirates. As Victor Young, founder of start-up Analog, explained to our colleagues at CNBC, ” any user could simply copy the transaction data from the original attackers and replace the address with their own”.
After learning about the flaw, some hackers have recovered the funds in order to protect them. Some of the missing cryptocurrencies have thus been returned. Currently, the bridge held around $15,000, a far cry from the amount in transit with the hack.
On its social networks, Nomad explains that it is doing everything possible to trace the hackers behind the attack. Obviously, the developers in charge of the project hope recover money by analyzing blockchains. Most blockchains keep track of all transactions. Some firms in the sector are also specialized in the monitoring of blockchains. This is particularly the case with Chainalysis, the industry leader.
“We are working around the clock to deal with the situation and have notified law enforcement and contracted the services of leading companies in blockchain intelligence and forensics. Our goal is to identify the affected accounts, trace and recover the funds.”explains Nomad.
Update: We are working around the clock to remedy the situation and have notified law enforcement and retained the services of leading companies for blockchain intelligence and forensics. Our goal is to identify the affected accounts and trace and recover the funds.
— Nomad (⤭⛓🏛) (@nomadxyz_) August 2, 2022
The fragility of cryptocurrency bridges
This is the third biggest hack of the yearbehind the hack Ronin Network ($624 million missing) and Wormhole ($324 million flew away). Let’s also mention the recent hack ofHorizon Bridge in June, which sold for a vanishing $98 million.
Note that all the hacks concern bridges. This was already the case last year. In August 2021, poly network, another bridge between blockchains, lost over $600 million in an attack orchestrated by a seasoned hacker. This is the second largest hack in the entire industry across all platforms. More than a billion dollars were stolen through cryptocurrency bridges in 2022, reveals Elliptic, a blockchain analysis firm.