December 3, 2024

Hackers Drain Almost $200 Million From Crypto Startup Nomad

The decentralized finance (DeFi) space has become a target of hackers of late and yet another attack saw them walk away with $200 million from Nomad.

This is a blockchain bridge, which is designed to help users in swapping tokens between blockchains, and its losses highlight the weaknesses in the DeFi ecosystem.

Nomad’s acknowledgment

Late Monday, the crypto startup acknowledged the attack via a tweet. The company said that they were aware of the incident involving the token bridge.

They also added that they were investigating the incidents and would provide updates once they have all the details.

However, it is not yet clear how the hackers orchestrated the attack and Nomad has also not disclosed if it plans on reimbursing the people who lost their crypto in the breach.

Experts share details

According to blockchain security experts, the attack on Nomad was a ‘free-for-all’. Anyone who has knowledge about the attack and how it was orchestrated can use it for doing the same.

This means that the flaw would allow them to withdraw tokens from Nomad, similar to how an ATM machine spews out cash when you press a couple of buttons.

They said that Nomad’s code had been upgraded and that is what started it all. Whenever users decide they want to conduct a transfer, a part of the code was deemed valid.

This gave attackers the chance to withdraw even more assets than the ones deposited on the platform. When other hackers discovered the flaw, they also conducted copycat attacks through their armies of bots.

Market experts said that even someone without any programming experience could just copy the transaction of the original attackers and exploit the protocol by changing the address.

This made the attack a free-for-all because others only had to replay the transaction call data to drain the network.

Bridge hacks

As mentioned earlier, Nomad is a bridge, which means it allows users to exchange information and tokens between various crypto networks.

These come in handy for saving on high processing fees that are charged when transactions are made directly on blockchains like Ethereum.

However, they have become a target for hackers recently because of instances of poor design and vulnerabilities.

This year alone has seen a number of bridges exploited and they have suffered losses of about $1 billion in terms of crypto assets.

Bridge exploits

Blockchain bridge Ronin had been targeted back in April, which suffered from losses of $600 million. According to US officials, North Korea was responsible for the attack.

A few months later, another bridge named Harmony was the target and it lost about $100 million in the exploit.

A flaw in Nomad’s code made it a target, similar to Harmony and Ronin, but there had been a few differences.

In the other two attacks, hackers had to get private keys in order to control the network and move out the tokens, but with Nomad, they were able to forge transactions after an upgrade.

Leave a Reply

Your email address will not be published. Required fields are marked *