White hat hackers have returned $32.6M worth of tokens to Nomad bridge

August 8, 2022 Coin Telegraph

White hat hackers have returned .6M worth of tokens to Nomad bridge

The cross-chain bridge was drained of its assets in less than three hours.

Mere hours after the Nomad token bridge published an Ethereum wallet address last week for the return of funds following a $190 million hack, whitehat hackers have since returned approximately $32.6 million worth of funds. The vast majority of funds consisted of stablecoins USD Coin (USDC), Tether (USDT) and Frax, along with altcoins.

According to research published by Paul Hoffman of BestBrokers, the vulnerability of the Nomad protocol was highlighted in Nomad's recent audit by Quantstamp on June 6 and was deemed "Low Risk." As soon as the exploit was discovered, members of the public joined the attack by copy-pasting the initial hack transaction, which was akin to a "decentralized robbery." More than $190 million worth of cryptocurrencies were drained from Nomad in less than three hours.

The attack came just four months after the project raised $22.4 million in a seed round in April. As told by Hoffman, the attack took advantage of a wrongly initialized Merkle root, which is used in cryptocurrencies to ensure that data blocks sent through a peer-to-peer network are whole and unaltered. A programming error effectively auto-proved any transaction message to be valid.

Not all participants of the heist were capitalizing on the opportunity, though. Almost immediately after the hack began, whitehat hackers copied the same transaction hash as the original hacker to withdraw funds for their safe return. Conversely, one hacker allegedly used their Ethereum Domain Name to launder the stolen funds, leading to the possibility of cross-verification with Know-Your-Customer information also utilizing the domain.

Nomad Bridge Funds Recovery Process

Dear white hat hackers and ethical researcher friends who have been safeguarding ETH/ERC-20 tokens,

Please send the funds to the following wallet address on Ethereum: 0x94A84433101A10aEda762968f6995c574D1bF154 pic.twitter.com/UF623JSZ8u
— Nomad (⤭⛓) (@nomadxyz_) August 3, 2022

Nomad Hackers Return $22M Following Bridge Attack

August 5, 2022 The Crypto Briefing

$2B in crypto stolen from cross-chain bridges this year: Chainalysis

August 4, 2022 Coin Telegraph

Chainanalysis

The $190 million Nomad Bridge exploit is just the latest out of 13 separate bridge attacks in 2022 so far.

Cross-chain bridge hacks have accounted for 69% of the total crypto stolen in 2022, amounting to $2 billion in losses, according to a new report.

The report comes from blockchain analytics firm Chainalysis on Aug. 2, noting there have been 13 separate token bridge hacks this year — the most recent being the $190 million Nomad Bridge exploit.

Q1 2022 was by far the quarter that saw the most amount of crypto stolen since 2021, due mainly to the Ronin Bridge Attack in late March, which saw $624 million in Ether (ETH) and Circle USD (USDC) stolen.

Following last night's exploit of the Nomad Bridge, an estimated $2B has been stolen from cross-chain bridges so far in 2022. Read our blog to learn what makes these protocols vulnerable and what the industry can do about it. https://t.co/WLo62H6NFe pic.twitter.com/CZRnqrPikh
— Chainalysis (@chainalysis) August 2, 2022

Cross-chain bridges, also known as blockchain bridges are designed to transfer cryptocurrencies from one blockchain network to another.

Chainalysis explains that while bridge designs vary, users typically deposit their tokens from one chain to the bridge protocol which are then locked into a contract. The user is then issued the equivalent of a parallel token in another chain.

Bridge vulnerabilities

According to the Chainalysis report, bridges are often targets because they “feature a central storage point of funds that back the 'bridged' assets on the receiving blockchain.”

"Regardless of how those funds are stored – locked up in a smart contract or with a centralized custodian – that storage point becomes a target."

According to some experts, effective bridge design is still in its nascent stages of development, and some developers still have relatively little understanding of security protocols, making their protocols vulnerable to exploitation by hackers.

In a July 22 clip posted on Twitter, almost two weeks before the recent attack, Nomad founder James Prestwich says it will be "at least another year or two before there is enough familiarity across chain security models to build defenses as a standard."

"In cross-chain systems, we haven't built up that kind of expertise about attacks yet, people don't know what the common attacks are, and so they don't defend against them."

Centralized exchanges were once the favorite target of hackers, but advances in security protocols have seen a drop in successful cyber attacks, according to Chainalysis.

The blockchain analytics firm has stressed that cryptocurrency services, including bridges, should start investing in security upgrades and training sooner rather than later.

“A valuable first step towards addressing issues like this could be for extremely rigorous code audits to become the gold standard of DeFi, both for those building protocols and for the investors evaluating them. Over time, the strongest, safest smart contracts can serve as templates for developers to build from.”

Cross-Chain Bridge Nomad Loses $190 Million Making It 2022’s Third-Largest Crypto Heist

August 2, 2022 Bitcoin.com

$190M Stolen From Nomad Bridge in “Frenzied Free-for-All” Hack

August 2, 2022 The Crypto Briefing

Nomad token bridge drained of $190M in funds in security exploit

August 2, 2022 Coin Telegraph

Nomad token bridge drained of 0M in funds in security exploit

Coin Telegraph

Hundreds of potential exploiters appear to have drained all of the bridge’s $190 million in TVL in just a matter of hours.

The Nomad token bridge appears to have experienced a security exploit that has allowed hackers to systematically drain the bridge’s funds over a long series of transactions.

Nearly the entire $190.7 million in crypto has been removed from the bridge, with only $651.54 left remaining in the wallet, according to decentralized finance (DeFi) tracking platform DeFi Llama.

Nomad bridge is getting drained, your funds might be at risk and might be able to still withdraw the remaining funds ⚠️ https://t.co/RgYmjSV9eB
— stani.lens (,) (@StaniKulechov) August 1, 2022

The first suspicious transaction, which may have been the genesis of the ongoing exploit, came at 9:32pm UTC when someone managed to remove 100 Wrapped Bitcoin (WBTC) worth about $2.3 million tokens from the bridge.

Shortly after the community raised alarm bells over the potential exploit, the Nomad team confirmed at 11:35pm UTC that it was aware of the "incident involving the Nomad token bridge" adding it is "currently investigating the incident." The team did not immediately respond to a request for comment.

We are aware of the incident involving the Nomad token bridge. We are currently investigating and will provide updates when we have them.
— Nomad (⤭⛓) (@nomadxyz_) August 1, 2022

The incident has seen WBTC, Wrapped Ether (WETH), USD Coin (USDC), Frax (FRAX), Covalent Query Token (CQT), Hummingbird Governance Token (HBOT), IAGON (IAG), Dai (DAI), GeroWallet (GERO), Card Starter (CARDS), Saddle DAO (SDL), and Charli3 (C3) tokens taken from the bridge.

Exploiters removed tokens in an unusual fashion as each token was removed in nearly equivalent denominations. For example, transactions with exactly 202,440.725413 USDC were executed over 200 times.

Nomad is a token bridge that allows transfers of tokens between Avalanche (AVAX), ethereum (ETH), Evmos (EVMOS), Milkomeda C1, and Moonbeam (GLMR).

Unlike other exploits that have become somewhat commonplace in 2022, this event so far has hundreds of addresses receiving tokens directly from the bridge.

Meanwhile, the Moonbeam smart contract platform from the Polkadot network, whose native GLMR token was one targeted in the Nomad exploit, went into maintenance mode at 11:18pm UTC “to investigate a security incident.” As a result, Moonbeam’s functionality such as regular user transactions and smart contract interactions will be disabled.

1/ Important Notice: The Moonbeam Network has gone into Maintenance Mode in order to investigate a security incident with a smart contract deployed on the network.
— Moonbeam Network #HarvestMoonbeam (@MoonbeamNetwork) August 1, 2022

The attack is untimely for the bridge which and its seed round investors from a fundraise in April. On July 29, the project revealed in a tweet that Coinbase Ventures, OpenSea, and five other major companies in the crypto industry participated in an April seed round fundraising which landed Nomad a $225 million valuation.

Nomad

Bridge vulnerabilities

Share this video