US bridge-focused crypto firm Nomad was hacked on Monday, with attackers draining almost all of its funds. It is estimated that the total value of cryptocurrencies lost in the attack was around $200 million.
The Nomad, like the other bridges cross chain (cross-chain), allows users to send and receive tokens between different block chains. Monday’s attack is the latest in a series of incidents that have raised questions about the safety of these bridges.
Speaking to CoinDesk, the Nomad team acknowledged the attack: “An investigation is ongoing and key blockchain intelligence and forensics companies have been contacted,” the team said. “We have informed the police and are working around the clock to resolve the situation and provide timely updates. Our goal is to identify the accounts involved and track and recover the funds.
How did it happen
“Bridges” or “Pontes”, in Portuguese, normally work by blocking tokens in a smart contract (smart contract) on one chain and then reissue those tokens on another network as a “wrapped token” – i.e. they are synthetic tokens, which represent the assets of the original blockchain.
If the smart contract on which the original tokens are deposited is sabotaged – as in the case of Nomad – the synthetic tokens lose the underlying assets, which can render them useless.
On Twitter, a researcher from cryptocurrency investment firm Paradigm explained that a recent update to one of Nomad’s smart contracts made it easier to spoof transactions. This means that users could withdraw money from the Nomad Bridge that did not actually belong to them.
Unlike some attacks bridges, where a single culprit is behind all the exploitation, the Nomad attack could have been carried out by multiple people. Indeed, according to the expert, it was not necessary to know much about crypto-assets.
“…you didn’t need to know [a linguagem de programação] Solidity or Merkle Trees or whatever. All you had to do was find a transaction that worked, find/replace the other person’s address with your own, then relay it,” the expert known as ‘samczsun’ explained. .
The problem with cryptocurrency bridges
Bridge attacks have become more frequent in recent months as cryptocurrency users demonstrate a growing appetite for exchanging assets between different blockchains.
Although the bridges cross chain have enabled the proliferation of new blockchains, failures can be devastating for small networks that depend on this technology for much of their total liquidity.
Evmos, one of the newer blockchains served by Nomad, tweeted that it would “swirl community solutions” for the Nomad attack, as the incident “significantly affected [o valor total bloqueado] of Evmos”.
The biggest decentralized finance attack (Challenge) in history, the attack on the Ronin Bridge in April led to the hijacking of over $600 million in cryptocurrencies from the bridge that powers the popular game Axie Infinity (AXS).
A few months prior, over $300 million had been drained from the Wormhole Bridge, wreaking havoc on Solana’s blockchain community (FLOOR) and the decentralized finance (DeFi) ecosystem as a whole.
Nomad sold investors on the idea that it would be fundamentally safer than alternative platforms.
Last week, the company revealed that Coinbase Ventures, the investment arm of the US exchange, as well as NFT marketplace OpenSea, were among its “seed capital” providers, participating in the first round of funding. of the company, which was held in April. At the time, Nomad was valued at $225 million.
How far will cryptocurrencies go? What’s the best way to buy them? We have prepared a free course with step by step. Click here to watch and receive InfoMoney’s cryptocurrency newsletter