Nomad Crypto Bridge Drained of $200M USD in "Free-For-All" Exploit
After Nomad recently raised $22 million USD in a seed round.
As a bridge protocol, Nomad allows users to transfer crypto tokens across different blockchains, maintaining a reserve to back its vault of “wrapped” tokens that allow for the crypto to be sent from one smart contract to another.
We are aware of the incident involving the Nomad token bridge. We are currently investigating and will provide updates when we have them.
— Nomad (⤭⛓?) (@nomadxyz_) August 1, 2022
Over the span of a couple of hours, Nomad’s protocol was slowly drained of funds in small transaction batches by various accounts. With a “free-for-all” exploit, anyone with knowledge of that exploit and how it works is able to capitalize off that by withdrawing an amount of money from the victim — in this case, tokens from Nomad — as if they were an ATM spitting out money at the press of a button.
“An investigation is ongoing and leading firms for blockchain intelligence and forensics have been retained,” Nomad said in a statement. “Nomad’s goal is to identify the accounts involved and to trace and recover the funds.”
According to CNBC, a recent upgrade to Nomad’s code seemed to act as the catalyst for Monday’s attack, whereby one part of the code was marked as “valid” whenever users decided to initiate a transfer — allowing the thieves to withdraw more assets than were actually deposited into the platform. From there, armies of bots were deployed to carry-out what can only be assumed as copycat attacks to withdraw as much money as possible.
Although there isn’t a post-mortem yet, the company has expressed its desire to return tokens to any victims targeted by the protocol’s exploit.
Given the natural appeal bridging serves have in maintaining massive sums of digital assets, it’s not surprising that hackers have continually targeted bridge companies inside the crypto space. In 2022 alone, over $1 billion (USD) have been stolen from bridges, according to forensics firm Elliptic.
Striving to be viewed as safer than alternative platforms and competitors, Nomad recently advertised its services on its website as a “security-first cross-chain messaging protocol.” Nomad recently received $22 million (USD) during a seed round, led by Polychain Capital, along with investments from Coinbase Ventures, Crypto.com Capital, and others.
In other news, Hong Kong University builds its metaverse campus.