Yet another exploit has been found by hackers, this time draining nearly $200 million from the cross-chain bridge Nomad.
Nomad bridge suffers hacker attack
Nomad is a cross-chain bridge solution that allows moving tokens between different blockchains by wrapping them via smart contracts.
Unfortunately for them and the many users affected, someone was able to find an exploit and use it to their advantage to drain around $190 million dollars
Nomad’s Twitter account tweeted the following:
“We are aware of the incident involving the Nomad token bridge. We are currently investigating and will provide updates when we have them”.
We are aware of the incident involving the Nomad token bridge. We are currently investigating and will provide updates when we have them.
— Nomad (⤭⛓🏛) (@nomadxyz_) August 1, 2022
The assets affected include wrapped versions of Bitcoin, Ethereum and several stablecoins like USDT and USDC, all of which were being used cross-chain between different blockchains, including Ethereum, Avalanche and Cardano.
To learn more and delve into the behind-the-scenes of the hack, here’s a detailed breakdown by Twitter user samczsun:
1/ Nomad just got drained for over $150M in one of the most chaotic hacks that Web3 has ever seen. How exactly did this happen, and what was the root cause? Allow me to take you behind the scenes 👇 pic.twitter.com/Y7Q3fZ7ezm
— samczsun (@samczsun) August 1, 2022
Nomad claimed to be security-first and had also recently raised $22.4 million in a seed round led by Polychain Capital, bringing the valuation of the Nomad company to $225 million.
Cross-contamination affects Cardano users
Bridges between different blockchains have been the favourite target of hackers due to the many vulnerabilities that can arise if smart contracts haven’t been thoroughly checked for weak points.
The Nomad bridge was one of the first cross-chain solutions that brought wrapped versions of Bitcoin, Ether and stablecoins to the Cardano ecosystem. These assets were available on WingRiders for example, a DEX on Cardano that allowed yield farming via liquidity pools using these assets.
Here’s what WingRiders had to say about the unfortunate event:
“Riders, a very sad day for Cardano. Nomad Bridge exploits led to a lot of consequences.
Your Cardano Assets and WRT tokens on WingRiders are safe! The platform and the smart contracts are not technically impacted.
Bridged assets madUSDC, madUSDT, madBTC, madETH are impacted!”
🚨Riders a very sad day for Cardano. Nomad Bridge exploits led to a lot of consequences.
Your Cardano Assets and WRT tokens o WingRiders are safe! The platform and the smartcontracts are not technically impacted.
Bridged assets madUSDC, madUSDT, madBTC, madETH are impacted! pic.twitter.com/ll1QamvBlE
— WingRiders (@wingriderscom) August 2, 2022
The Milkomeda EVM Layer 2 Protocol that has launched on Cardano also commented on the Nomad bridge exploit:
“We are aware of the Nomad exploit. Unfortunately, we can’t control what happens to other projects. This does not affect the base Milkomeda protocol, but Nomad is one of multiple bridges deployed to Milkomeda so users of Nomad-based assets on Milkomeda & Cardano are affected”.
We are aware of the Nomad exploit. Unfortunately, we can't control what happens to other projects. This does not affect the base Milkomeda protocol, but Nomad is one of multiple bridges deployed to Milkomeda so users of Nomad-based assets on Milkomeda & Cardano are affected.
— Milkomeda (there is no token) (@Milkomeda_com) August 2, 2022
On the positive side, Milkomeda has recently reported 7,485,720 transactions and 96,026 wallets since launch.
With every hack in the crypto sector, we are being reminded about the risks involved in this nascent space. The famous “Move Fast and Break Things” motto echoed by Mark Zuckerberg in relation to building software and apps cannot be applied in blockchain development because there are millions if not billions of dollars on the line.
There’s a need for a scientific approach that utilizes the peer-review process to make sure that the protocols and smart contracts don’t have any vulnerabilities, bugs or exploits. If this means slowing down the development in order to keep users’ funds safe, then be it. Better to be safe than sorry.