The Nomad bridge, which allows interconnection between different networks such as Moonbeam or Covalent and the Ethereum blockchain, was hacked a few hours ago, resulting in a misappropriation of 190 million dollars.
land of the nomads
This will be the picture of the day, a snapshot via the Defillama tracking site of the TVL (total liquidity locked) of the bridge Nomadic. A TVL went from $ 190 million in ether, USDC and other “wrapped” tokens in just a few hours to… $ 1,794.
In question, an exploit of the aforementioned bridge around one in the morning, French time, which allowed its authors to steal almost all the funds.
And as maddening as this observation is, from the first investigations carried out by the developer community, it seems that the flaw exploited concerned a particularly primary vulnerability.
“Nomad works in 2 steps:
The user sends the token from the X string
The user processes the token withdrawal on the Y string
During step 2, the bridge appears to allow the user to transfer an arbitrary amount. “
A vulnerability so wide open, that in addition to the initial siphon of the hackers, anyone was literally able to come and exploit it as long as the funds were available on the bridge. The situation has also allowed some whitehats of good will to recover part of the funds, in view of a subsequent return (a manipulation so simple that it can also be performed … from a simple smartphone).
“I was crossing town in my pajamas to go to the office, while I was playing the feat to save money. All on my phone with little or no battery. “
This hack demonstrates once again how bridges represent weaknesses in the DeFi ecosystem. An observation that Vitalik Buterin had prophesied. Furthermore, the interdependence of his actors is likely to cause potentially devastating domino effects. A risk that the recent events around the collapse of LUNA have sadly illustrated. New demonstration this evening with the Covalent project which already indicates that almost 13% of the supply of $ CQT tokens has been affected by the bridge hack.
We will quickly return to the Journal du Coin on the details of this new episode. An episode that once again highlights the flaws and shortcomings of the decentralized finance sector.
>> Play it safe, register the cryptocurrency exchange reference on FTX (trade link) <