Mayowa is a crypto enthusiast/writer whose conversational character is quite evident in his style of writing. He strongly believes in the potential of digital assets and takes every opportunity to reiterate this. He's a reader, a researcher, an astute speaker, and also a budding entrepreneur. Away from crypto however, Mayowa's fancied distractions include soccer or discussing world politics.
The exploit left open access to all users who knew what to do and exactly how to do it.
The Nomad bridge hack is the latest in a list of security exploits that are now commonplace with cross-chain bridges and the world of decentralized finance (DeFi) at large. According to statements issued by Nomad, it lost funds over $190 million in the Monday exploit that lasted for a few hours.
What Led to the Nomad Bridge Hack?
Typically, bridges like Nomad operate by locking up tokens in a smart contract on one chain. They then reissue the same tokens on another chain, but this time in a ‘wrapped form.
For the Nomad bridge hack, however, it was the smart contract where its tokens are locked up, that got exploited, all thanks to a recent update. As a researcher identified as @samczsun pointed out on Twitter, the update opened up a loophole in Nomad’s smart contract. And that allowed users to fake transactions, withdrawing funds from the bridge that wasn’t necessarily theirs.
Meanwhile, the Nomad bridge hack is also different from others before it in terms of the number of attackers. Most bridge attacks in the past usually have a single attacker, but it was a different case with Nomad. The exploit left open access to all users who knew what to do and exactly how to do it.
According to PeckShield, 41 addresses took over $152 million in the hack. But that represents only about 80% of the total amount lost.
As Nomad itself has clarified, however, some of the drained funds were also initiated by some white-hat good actors. They acted in the interest of Nomad to ensure that the funds do not end up in the wrong hands.
A Growing Menace
The rising demand for cross-chain asset swapping by crypto users has also undeniably ushered in an era of frequent bridge attacks.
In March, the Ronin bridge attack resulted in the biggest DeFi attack to date to go down in history. The bridge lost over $600 million worth of crypto to the attack at the time. Since then, the DeFi ecosystem has never been the same.
But even before the Ronin episode, the Wormhole bridge was also exploited in a similar fashion. It also lost $322 million in total to its February hack.
Summarily, while bridges such as Nomad have given blockchain startups the chance to proliferate, bridge hacks like these also hold the potential to ruin the smaller chains that rely on them for liquidity.