Nearly $200 million drained from crypto bridge Nomad in latest crypto hack
Hackers drained nearly $200 million from crypto bridge project Nomad in the latest crypto-related theft.
In a matter of two hours on Monday evening, the total value of crypto assets held on Nomad dropped from $190.3 million to $11,815 as of early Tuesday morning New York time.
As a bridge protocol, Nomad allows users to send crypto tokens between different blockchains, a feature not normally available as most tokens aren’t compatible with multiple blockchains.
Nomad's hack marks at least the third prominent bridge protocol to be hacked so far this year.
On Twitter, the Nomad project stated it has notified law enforcement and is seeking help from blockchain analytics firms.
Update: We are working around the clock to address the situation and have notified law enforcement and retained leading firms for blockchain intelligence and forensics. Our goal is to identify the accounts involved and to trace and recover the funds.
1/2— Nomad (⤭⛓🏛) (@nomadxyz_) August 2, 2022
According to Samczsun, a security researcher and white hat with the crypto venture firm Paradigm, the exploit came about from a routine upgrade "which had the effect of allowing messages to be spoofed on Nomad."
By the researcher's assessment, this flaw allowed hackers a less complex opportunity to nab the funds.
Last year, hackers stole $3.2 billion in funds from crypto projects according to blockchain analytics firm Chainalysis, with total funds stolen so far in 2022 on pace to match last year's figure.
12/ tl;dr a routine upgrade marked the zero hash as a valid root, which had the effect of allowing messages to be spoofed on Nomad. Attackers abused this to copy/paste transactions and quickly drained the bridge in a frenzied free-for-all
— samczsun (@samczsun) August 2, 2022
According to reports from security firms Besoin and Certik, hackers have made off with more than $2 billion in 130 different exploits already this year. Some $1.3 billion of this total was taken during the first quarter in 82 different incidents, the bulk of which occurred through crypto bridge hacking incidents including Wormhole ($326 million) and the Ronin Network ($615 million). Both the Wormhole and Ronin teams have publicly stated they will reimburse investors who suffered losses from the incidents. Nomad hasn't yet shared whether it will be able to reimburse investors.
According to crypto data platform DeFi Lama, there are 24 different bridges in operation today, which hold a total $11.5 billion in combined total value locked.
Similar to wire transfers between banks in the traditional finance sector, users deposit cryptocurrency into bridges to withdraw a proportionate amount in a token that fits with another blockchain. This additional optionality lets users reap crypto service and fee advantages across multiple chains.
Yet instead of bank tellers, the bridging process relies on automated validators which process transactions based on software code. In this scenario, the margin of error is incredibly expensive.
In April of this year, Nomad raised $22.4 million at a $225 million valuation.
Last Thursday, the project revealed "industry giants" such as Coinbase Ventures, Open Sea, Crypto.com, Wintermute, Polygon, and Circle had contributed to the round.
—
Read the latest financial and business news from Yahoo Finance
Download the Yahoo Finance app for Apple or Android
Follow Yahoo Finance on Twitter, Facebook, Instagram, Flipboard, LinkedIn, and YouTube