Nomad, a protocol for transferring cryptocurrency from one blockchain to another, has been breached. By exploiting a security flaw that appeared after an update, the hackers managed to steal $ 190 million. This new incident highlights the fragility of some decentralized finance tools.
The crypto ecosystem has just undergone a new hack. On the night from 1st to 2nd August 2022, Nomadica bridge to cryptocurrencies, lost over $ 190 million. Apparently, the attackers suddenly exploited a security flaw in the protocol.
In the digital currency industry, a bridge allows for this connect two blockchains different. Users can then transfer cryptocurrencies from one network to another, paying a transfer fee. With the proliferation of blockchains, bridges have become indispensable tools for investors. Colossal sums go through these protocols every day.
On the same theme: are cryptocurrencies in danger? A study lists the flaws of blockchains
A serious security flaw at the origin of the hacking
Almost all of the funds deposited on the bridge were subtracted during the attack by Nomade. There are only $ 651 left following the offensive, shows data from DefiLlama, a decentralized finance monitoring platform (DeFi). Alerted by users, the Nomad teams quickly launched an investigation.
1 / Nomad has just been drained for over $ 150 million in one of the most chaotic hacks Web3 has ever seen. How exactly did this happen and what was the main cause? Let me take you behind the scenes 👇 pic.twitter.com/Y7Q3fZ7ezm
– samczsun (@samczsun) 1 August 2022
The violation would appear later update of smart contracts from the bridge. According to Sam Sun, one of the researchers at Paradigm, an investment firm specializing in digital assets, the flaw allowed hackers to steal cryptocurrencies that belong to others. The attackers obviously rushed to transfer the funds to their digital wallets.
“All you had to do was find a transaction that worked, replace the other person’s address with yours, and then repost.”Sam Sun details on his Twitter account.
To exploit this breach, it was not even necessary to have advanced programming knowledge. Some Internet users then took advantage of the environmental chaos to imitate pirates. As Victor Young, founder of start-up Analog, explained to CNBC colleagues, ” any user could simply copy the transaction data from the original attackers and replace the address with their own “.
After learning about the defect, some hackers recovered the funds to protect them. Some of the missing cryptocurrencies were thus returned. Currently, the bridge holds around $ 15,000, a far cry from the amount in transit with hacking.
On his social media, Nomad explains that he is doing everything possible to track down the pirates behind the attack. Obviously, the developers responsible for the project are hoping recover money by analyzing blockchains. Most blockchains keep track of all transactions. Some companies in the sector also specialize in monitoring blockchains. This is particularly the case with Chainalysis, the industry leader.
“We are working around the clock to remedy the situation and have notified law enforcement and contracted the services of leading companies in blockchain intelligence and forensics. Our goal is to identify affected accounts, track and recover funds. “Nomad explains.
Update: We are working around the clock to address the situation and have notified law enforcement and retained leading blockchain intelligence and forensics companies. Our goal is to identify the accounts involved and to track and recover the funds.
– Nomad (⤭⛓🏛) (@nomadxyz_) 2 August 2022
The fragility of cryptocurrency bridges
This is the third biggest hack of the yearbehind the hack of Ronin Network ($ 624 million missing) e wormhole (324 million dollars flew away). We also mention the recent hack ofHorizon bridge in June, which resulted in the disappearance of $ 98 million.
Note that all hacks are about bridges. This was already the case last year. As of August 2021, Poli Network, another blockchain bridge, lost over $ 600 million in an orchestrated attack by an experienced hacker. It is the second largest hack in the entire industry across all platforms. More than a billion dollars was stolen across cryptocurrency bridges in 2022, reveals Elliptic, a blockchain analytics firm.