Recently, attackers have exploited the Nomad Protocol, a cross-chain blockchain bridge. According to different reports, Over $200Million Has Been Hacked From The Nomad Cross-Chain Bridge. Taking responsibility for the Incident, Nomad has told its customers to stay careful from the impersonators until they completely investigate the matter.
While investigating, the Moonbeam Network (EVM compatible chain on Polkadot Network) has paused its operations.
Over $200 Million Has Been Hacked From The Nomad Cross-Chain Bridge
There won’t be any further transactions or smart contract interactions. In the past week, Nomad protocol had secured a 22 Million USD seed Investment from top Investors like Polychain Capital, Coinbase Ventures, and much more.
This hack was so simple that the hackers didn’t need to know the Merkle trees and solidity. They had to simply replace the existing transaction with their address and rebroadcast it to the blockchain. In the recent routine update, the Nomad Protocol Developers had made the zero hash a valid root, which enabled hackers to spoof messages and rebroadcast duplicate transactions with their addresses.
How Did The Attack Take Place?
@samczun, a crypto researcher at Paradigm(A crypto investment firm) has tweeted the complete details about the attack. He went on to illustrate how easy it is for users to impersonate transactions in Nomad Smart contracts. A lot of users were easily able to withdraw the funds from the smart contract that they didn’t own.
Different tokens were removed from the bridge, such as 100 Wrapped BTC worth approximately 2 Million USD. The complete list of tokens removed from the bridge is Wrapped Ether, USDC, CARDS(card Starter), HBOT( Hummingbird Governance Token), IAGON, FRAX, and much more.
This was quite different from all the other bridge hacks that have happened recently. The exploiters have used an uncommon way to hack this bridge and made over 200 transactions for 202,440.725413 USD.
Nomad Bridge TVL
According to the defi source DefiLama, the total Value Locked has increased to USD 5,336 following the compromising of around 200 Million in money.
According to the recent update, Nomad Protocol is working round the clock and has partnered with the law enforcement firm to address the situation. They aim to trace all the accounts used for stealing the funds. Nomad has further highlighted how impersonators provided the fraudulent address to steal funds.
Cross Chain Bridges And Security
It has happened before that a cross-chain bridge was vulnerable. There have been a lot of attacks lately by hackers. For example, a liquidity pool recently, Crema finance, faced a loss of approximately USD 9 Million. After intense negotiations, the hacker returned the funds in return for a USD 1.6 Million Bounty.
Also, Qubit FInance was compromised with a hack of 80 USD Million soon after hackers stole 320 Million USD from the Solana-Ethereum Bridge (Wormhole).
Recently in March 2022, approximately 700 Million USD worth of tokens ( USDC and Ethereum) were compromised from the Ronin Bridge.
Blockchain Bridges enable the cross-chain transfer of assets and make blockchain interoperable. For example, Users can use Bridge to transfer funds from one blockchain to another.