In the most recent incident involving cryptocurrency, hackers stole roughly $200 million from the Nomad crypto project.
The total worth of crypto assets held on Nomad decreased from $190.3 million to $11,815 in less than two hours on Monday evening, according to New York time.
Because most crypto currencies are incompatible with multiple blockchains, Nomad acts as a bridge protocol that enables users to send crypto tokens between other blockchains.
The Nomad exploit makes at least three well-known bridge protocols vulnerable to hacking this year.
The Nomad project said on Twitter that it had alerted law enforcement and was looking for assistance from blockchain analytics companies.
A normal upgrade “had the impact of allowing communications to be faked on Nomad,” according to Samczsun, a security researcher and white hat with the crypto startup firm Paradigm.
According to the researcher, this vulnerability gave hackers a simpler chance to steal the money.
According to blockchain analytics company Chainalysis, hackers stole $3.2 billion from cryptocurrency projects last year, and the total amount of cash taken in 2022 is on track to match that amount.
Security companies Besoin and Certik have reported that hackers have already stolen more than $2 billion in 130 different exploits this year. A total of 82 separate instances involving the theft of almost $1.3 billion happened during the first quarter, the majority of which were crypto bridge hacking incidents like Wormhole ($326 million) and the Ronin Network ($615 million). The Wormhole and Ronin teams have both publicly announced that they will compensate investors who lost money as a result of the occurrences. As of yet, Nomad has not disclosed whether it would be able to pay back investors.
DeFi Lama, a crypto data portal, reports that there are currently 24 distinct bridges in use, with a combined total locked value of $11.5 billion.
Users deposit cryptocurrency into bridges to withdraw a corresponding amount in a token that works with another blockchain, much to wire transfers between banks in traditional finance. Users can benefit from crypto service and fee advantages across various chains thanks to this added optionality.
However, the bridging procedure uses automated validators that process transactions based on software code rather than bank tellers. The cost of inaccuracy in this situation is prohibitive.
Nomad raised $22.4 million in April of this year at a $225 million value.
The initiative made the “industry giants” who contributed to the financing public last Thursday, including Coinbase Ventures, Open Sea, Crypto.com, Wintermute, Polygon, and Circle.
Nomad: A “secure” substitute?
Bridge attacks have increased in frequency over the past several months as cryptocurrency users have shown a greater desire to transfer funds across different blockchains.
While cross-chain bridges have enabled the spread of fledgling blockchains, bridge failures can be disastrous for smaller chains that depend on them for a significant portion of their overall liquidity.
One of Nomad’s more recent blockchains, Evmos, tweeted that because the Nomad assault “seriously damages initial Evmos [total value locked],” it would be “brainstorming community solutions.”
The Ronin bridge attack in April, the largest decentralised finance (DeFi) attack in history, resulted in the theft of over $600 million in cryptocurrency from the bridge that drives the blockchain-based game Axie Infinity.
A few months prior to that, the Solana blockchain community and the larger decentralised financial ecosystem were rocked by the theft of nearly $300 million from the Wormhole bridge.
Investors were lured in by Nomad’s promise that its platform would be inherently safer than competing ones.
Just last week, it came to light that leading cryptocurrency investors OpenSea and Coinbase Ventures were among those who took part in an April seed round that valued the company at $225 million.
1/ Nomad just got drained for over $150M in one of the most chaotic hacks that Web3 has ever seen. How exactly did this happen, and what was the root cause? Allow me to take you behind the scenes 👇 pic.twitter.com/Y7Q3fZ7ezm— samczsun (@samczsun) August 1, 2022
By merely replicating the transaction call data from the initial attackers, the Nomad breach turned into a free-for-all where several users began to deplete the network, unlike earlier attacks.
The vulnerability was dubbed “one of the most chaotic hacks that Web3 has ever seen” by Sam Sun, research partner at cryptocurrency investment firm Paradigm. Web3 is a fictitious future version of the internet based on blockchain technology.
Nomad is a “bridge,” or tool, that enables users to transfer tokens and data between several crypto networks. When there is a lot of activity going on at once, a blockchain like Ethereum may charge consumers a lot in processing costs, therefore they are employed as an alternative.
Bridges have been a popular target for hackers looking to defraud investors out of millions of dollars due to instances of weaknesses and bad construction. According to a research by the cryptocurrency compliance company Elliptic, more than $1 billion in cryptocurrency assets have been stolen using bridge attacks so far in 2022.
A $600 million cryptocurrency robbery took place in April via a blockchain bridge named Ronin, which U.S. officials have now linked to the North Korean government. A few months later, a similar attack on Harmony, another bridge, resulted in the loss of $100 million.
Nomad was targeted due to a fault in its coding, same like Ronin and Harmony, however there were a few changes. With the use of those attacks, hackers were able to obtain the private keys required to take over the network and begin transferring tokens. It was considerably easier in Nomad’s situation. Users were able to fake transactions and steal millions of dollars’ worth of cryptocurrency because to a routine update to the bridge.