A hacker siphoned US$190 million from Nomad’s cross-chain bridge on Monday, triggering one of DeFi’s most successful attacks to date.
Loss of US$ 190 million
As far as DeFi attacks go, this one could be one of the biggest. Nomad’s cross-chain bridge was reportedly stripped of $190 million on Monday, in what is being described as one of DeFi’s most chaotic attacks to date.
Crypto thieves have made a habit of stealing funds through sophisticated hacks involving smart contracts or complicated code.
This hack was different: it does not require deep programming knowledge. All the hackers, who remain unknown, had to do was exploit a flaw for which there is no solution yet, and then collect the funds.
Nomad said on Twitter:
We are aware of the incident involving the Nomad token bridge. We are currently investigating and will provide updates when we have them.— Nomad (⤭⛓🏛) (@nomadxyz_) August 1, 2022
The large amount of assets leaving the bridge first surfaced on social media after security researchers noticed a flaw in Nomad’s replica contract.
Users were able to make a small deposit to the cross-chain bridge, but then withdraw a much larger amount than they had.
What and how much was stolen?
While most DeFi exploits are usually carried out by experienced programmers with extensive Solidity knowledge, this exploit only required a relatively simple copy-and-paste exercise.
Of course, once word got out about this option, everyone tried to profit from Nomad’s vulnerability and a huge mess was created.
The total amount of the loss has not yet been confirmed, but it is estimated that around $190 million in Wrapped Bitcoin (WBTC), Wrapped Ethereum (WETH), USD Coin (USDC) and other assets were stolen.
According to Defi Llama’s data, it now has a total value of only US$12,750. This makes the attack one of the largest to hit the DeFi sector to date.
Drama with an open end
The Nomad team shared on Twitter early Tuesday “that they are investigating [the incident] and will provide updates” as more information becomes known.
The Nomad token bridge is a user-friendly, centralised solution that allows users to move assets freely between Polkadot’s Moonbeam blockchain, Ethereum, Evmos and Milkomeda. The team had raised $22m in April in a seed round led by Polychain.
The product was created in response to the fragmented and isolated nature of the current crypto architecture and serves as a core solution to the problem of interoperability between blockchains.