‘Free-for-all’ Nomad exploit drains $190M of crypto

Ryan is a senior editor at TechForge Media with over a decade of experience covering the latest technology and interviewing leading industry figures. He can often be sighted at tech conferences with a strong coffee in one hand and a laptop in the other. If it's geeky, he’s probably into it. Find him on Twitter (@Gadget_Ry) or Mastodon (@gadgetry@techhub.social)

Cross-chain bridge Nomad has fallen victim to a “free-for-all” exploit that drained around $190 million in crypto.

Just last week, Nomad announced that it had secured $22.4 million in seed funding from high-profile backers including Coinbase Ventures, Crypto.com Capital, and OpenSea. The company emphasised its focus on security following a spate of bridge hacks.

“With $1.5B in bridge hacks happening within the last 12 months, many people, protocols, and DAOs are looking for an interoperability solution that prioritizes the safety and security of their funds/cross-chain messages,” the Nomad team wrote in a blog post.

“This is why we designed Nomad in a way that minimizes the trust assumptions required for bridging.”

Unfortunately, Nomad has already become the latest target of a growing number of attacks targeting cross-chain bridges. Nomad now joins fellow victims like Ronin—a bridge from the makers of Axie Infinity that was hacked for a record-breaking $615 million in March.

Nomad says that it’s notified law enforcement and is working with leading firms that specialise in blockchain intelligence and forensics. The goal is to identify the account involved and recover the funds.

White hat hackers are said to have “acted proactively” to safeguard some funds to prevent further losses:

While we’ll have to await the exact details of the attack from Nomad, some community members have said that a configuration error in a smart contract that Nomad uses to process messages was the culprit:

Sun ultimately described the exploit as leading to a “frenzied free-for-all”. Attackers were able to exploit the bug by simply copying and pasting transactions.

North Korea-linked hacking group Lazarus has been identified as being connected to hacks like the one targeting Ronin. A UN report suggests that North Korea is using stolen crypto funds to pay for its nuclear and ballistic missile programs.

While it seems like many participants took part in the Nomad exploit, we’ll have to await further analysis to uncover if any state-linked hackers were involved.

(Photo by Simon Hurry on Unsplash)

Related: North Korea’s stash of stolen crypto has plunged in value

Blockchain Expo World Series

Want to learn more about blockchain from industry leaders? Check out Blockchain Expo taking place in Amsterdam, California and London.

Explore other upcoming enterprise technology events and webinars powered by TechForge here.

Tags: , , , , , , , , , , , , ,

View Comments
Leave a comment

Leave a Reply

Your email address will not be published. Required fields are marked *