• bitcoinBitcoin$70,677.002.29%
  • ethereumEthereum$3,551.410.88%
  • elrond-erd-2MultiversX$61.08-0.09%

In a Chaotic Copy-Paste Attack, Nomad Bridge Loses $190M

A vulnerability in the Nomad cross-chain bridge allowed numerous malicious “copy/paste” actors to siphon off the protocol’s collateral.

Nomad Bridge released a warning that it was aware of an ongoing exploit in the early hours of August 2. The whole $190 million from the protocol’s funds were drained in the next couple of hours.

White hat developer and member of the crypto community’samczsun’ broke down the sequence of events and provided an explanation. The attack was described by him as “one of the most chaotic hacks that Web3 has ever seen.”

The fact that the transactions were not “proven” and carried out immediately distinguishes this exploit from others. Processing information without verifying it first is really bad, declared Samczsun. Further investigation by the programmer revealed a deadly weakness in the “Replica” smart contract, which had been started during a normal Nomad upgrade.

He continued by saying that the fact that the crypto hackers lacked technical expertise made the situation unstable. All they had to do was locate a successful transaction, swap out the target address with their own, and retransmit it.

“A routine upgrade marked the zero hash as a valid root, which had the effect of allowing messages to be spoofed on Nomad. Attackers abused this to copy/paste transactions and quickly drained the bridge in a frenzied free-for-all.”

Over the past four hours, Nomad‘s total locked value has plummeted from $190.38 million to $5,336.

Previous articleNext article

Leave a Reply

Your email address will not be published. Required fields are marked *