2 August 2022

Nomad bridge drained of nearly $200 million in one of the largest DeFi hacks


Nomad bridge drained of nearly $200 million in one of the largest DeFi hacks

Nomad, a bridge protocol for transferring crypto tokens across different blockchains, has suffered a cybersecurity incident, which saw hackers made off with almost all the funds in the wallet. According to estimates, the total value of cryptocurrency stolen in the attack has totaled close to $200 million.

The affected assets include wrapped versions of Bitcoin, Ethereum and several stablecoins like USDT and USDC, all of which were being used cross-chain between different blockchains, including Ethereum, Avalanche and Cardano.

The funds were drained over hours and in small batches by various accounts. According to blockchain security firm PeckShield, more that 41 IP addresses were identified involved in the theft.

Nomad has acknowledged the attack and said that an investigation into the incident is ongoing. Its not entirely clear how the attack was executed, or whether the company intends to reimburse users.

According to a security researcher who goes online as samczsun, a recent update to one of Nomad’s smart contracts made it easy for users to spoof transactions.

“... you didn't need to know about Solidity or Merkle Trees or anything like that. All you had to do was find a transaction that worked, find/replace the other person's address with yours, and then re-broadcast it,” samczsun explained.

The attack makes Nomad the latest bridge to suffer a theft this year. In March, cyber actors hacked the Ronin network used for the Axie Infinity blockchain-based game and stole more than $620 million in cryptocurrency. A month later, in April, the US authorities accused the North Korea-linked advanced persistent groups (APT) known as Lazarus Group and APT38 of the theft.

Back to the list

Latest Posts

Exploit code published online for a critical VMware vulnerability

Exploit code published online for a critical VMware vulnerability

A proof-of-concept code for the vulnerability along with technical analysis has been published by a security researcher.
10 August 2022
Cloudflare employees also targeted by SMS phishing attack

Cloudflare employees also targeted by SMS phishing attack

The company says that the attack occurred around the same time as Twilio was attacked and was similar in nature.
10 August 2022
Microsoft fixes yet another MSTD zero-day exploited in the wild

Microsoft fixes yet another MSTD zero-day exploited in the wild

Microsoft had been aware of the DogWalk vulnerability for nearly two years, but deemed it not a security issue.
10 August 2022