Nomad, a cryptocurrency bridge that allows its users to swap their tokens between blockchains, may have overpromised its consumers over the security measures of its platform. The crypto service was recently attacked by a group of hackers that broke through its cybersecurity and made off with millions of dollars.
And when we say millions of dollars, we’re talking about US$200 million (~RM891 million), which translates to approximately 8563 Bitcoins in value.
Nomad has already acknowledged the hack and had been posting updates via Twitter, having initially claimed that it was an “incident” that was being investigated. Not long after, the bridge then said that its team was “working around the clock” to address the situation, which was pretty much just another way of saying that it was assessing the damage.
Update: We are working around the clock to address the situation and have notified law enforcement and retained leading firms for blockchain intelligence and forensics. Our goal is to identify the accounts involved and to trace and recover the funds.
— Nomad (⤭) (@nomadxyz_) August 2, 2022
In another tweet, a researcher for a Web3 investment firm called Paradigm and goes by the title samczsun, explained that the hack attack on Nomad was only possible due to the exploitation of a misconfiguration of its main smart contract that allowed anyone with a basic understanding of code, to authorise the withdrawal to themselves.
As pointed out by The Verge, blockchain bridges like Nomad are often now the target of high profile hacks, primarily due to the fact that they tend to hold a very large quantity of crypto assets, all behind a complex smart contract code that hackers find so deliciously challenging. Or easy, whichever description actually fits the difficulty level for these hackers.
Explaining the Nomad bridge hack
All credit to @samczsun for doing the heavy lifting of diagnosing the precise vulnerability in his postmortem
How did we get the first decentralized crowd-looting of a 9-figure bridge in history? pic.twitter.com/v5u6mrKQv1
— foobar (@0xfoobar) August 2, 2022
Prior to this hacking free-for-all on Nomad, there was another cryptocurrency exchange that fell victim to hackers. The company in question was Wormhole, and hackers had made off with close to 120000 wETH, which is a token that could be exchanged with the actual Ethereum. At the time, the value of those coins averaged around RM1.25 billion.
Getting back on point, a post-mortem of the attack also revealed that, once one hacker successfully managed to break through Nomad’s security measures, other individuals with equal or better knowledge of coding would then use the above method and replicate the attacks. Simply put and as one Twitter user put it, it became one of the biggest nine-figure crowd-looting of a decentralised currency.
(Source: The Verge)
The post Hackers Drain US$200 Million From Nomad Cryptocurrency Bridge appeared first on Lowyat.NET.