- Hackers managed to mine cryptocurrencies from Nomad’s platform in a so-called ‘free-for-all’ attack.
- Attacks on blockchain bridges are on the rise as flaws in the security systems of decentralized finance companies continue.
The as-yet-unidentified hackers managed to extract around $200 million in cryptocurrencies from the Nomad digital platform, the company said in a tweet on Monday
The startup, which has a tool that allows users to make token exchanges between blockchains, said it is investigating the incident involving its token bridge.
The company has not offered details about this attack that security experts are calling an all-out attack. The platform has been left vulnerable and at the mercy of other hackers with knowledge about this flaw.
Nomad, which offers a “secure inter-chain messaging” service, has also not said whether it plans to reimburse its users for the stolen assets
It all started with a code update
The mining of crypto assets from the platform, started after Nomad’s code update, CNBC said. Every time users initiated a transfer, a part of the code was flagged as valid.
This allowed cybercriminals to take out more cryptos than they deposited. When other hackers learned of the theft, they immediately activated their bots to perform copycat attacks.
“With no prior programming experience, any user could simply copy the original attackers’ transaction call data and replace the address with their own to exploit the protocol,” explained the founder and chief architect of blockchain company Analog, Victor Young.
He further noted that “unlike previous attacks, the Nomad hack became a free-for-all in which multiple users began draining the network by simply replicating the transaction call data of the original attackers.”
The attack on Nomad has been described by Sam Sun, research partner at crypto firm Paradigm, as “one of the most chaotic hacks Web3 has ever seen.”
Nomad acts as a “bridge” between different networks for the exchange of tokens and information. This type of platform is widely used by users to transact on blockchains like Ethereum directly. Especially when there is a lot of activity on the network and processing fees increase.
However, bridges have become a target for hackers due to their vulnerability and poor design, according to the opinion of blockchain security experts.
More than $1 billion in losses from exploits
This year bridge thefts or exploits already account for more than $1 billion, according to a report released by Elliptic. The crypto compliance firm referenced the Nomad bridge hack on Tuesday in a tweet.
“The Nomad cross-chain bridge has suffered an exploit in which full protocol funds of over $190 million have been drained | Elliptic’s team has identified addresses receiving stolen funds and has updated its detection tools | More to come,” it tweeted.
Other platforms such as Ronin and Harmony have received attacks similar to Nomad’s this year, due to flaws in their code. Hackers obtained the private keys to enter the network, control it and extract the tokens.
With Nomad the theft was easier, as they took advantage of a routine bridge update to breach its security system and make fake transactions to seize millions of dollars in cryptocurrencies.