Cross-chain bridge Nomad has fallen victim to a “free-for-all” exploit that drained around $190 million in crypto.
Just last week, Nomad announced that it had secured $22.4 million in seed funding from high-profile backers including Coinbase Ventures, Crypto.com Capital, and OpenSea. The company emphasised its focus on security following a spate of bridge hacks.
“With $1.5B in bridge hacks happening within the last 12 months, many people, protocols, and DAOs are looking for an interoperability solution that prioritizes the safety and security of their funds/cross-chain messages,” the Nomad team wrote in a blog post.
“This is why we designed Nomad in a way that minimizes the trust assumptions required for bridging.”
Unfortunately, Nomad has already become the latest target of a growing number of attacks targeting cross-chain bridges. Nomad now joins fellow victims like Ronin—a bridge from the makers of Axie Infinity that was hacked for a record-breaking $615 million in March.
Nomad says that it’s notified law enforcement and is working with leading firms that specialise in blockchain intelligence and forensics. The goal is to identify the account involved and recover the funds.
White hat hackers are said to have “acted proactively” to safeguard some funds to prevent further losses:
Thank you to our many white hat friends who acted proactively and are safeguarding funds. Please continue to hold them until we provide further instructions on this thread.— Nomad (⤭⛓🏛) (@nomadxyz_) August 2, 2022
While we’ll have to await the exact details of the attack from Nomad, some community members have said that a configuration error in a smart contract that Nomad uses to process messages was the culprit:
Sun ultimately described the exploit as leading to a “frenzied free-for-all”. Attackers were able to exploit the bug by simply copying and pasting transactions.
North Korea-linked hacking group Lazarus has been identified as being connected to hacks like the one targeting Ronin. A UN report suggests that North Korea is using stolen crypto funds to pay for its nuclear and ballistic missile programs.
While it seems like many participants took part in the Nomad exploit, we’ll have to await further analysis to uncover if any state-linked hackers were involved.
Want to learn more about blockchain from industry leaders? Check out Blockchain Expo taking place in Amsterdam, California and London.
Explore other upcoming enterprise technology events and webinars powered by TechForge here.