Several different hackers stole nearly $200 million in funds
Cross-chain token bridge Nomad fell victim to a series of exploits that drained almost all funds on Monday. In an unprecedented event, a hacker attacked the bridge and was followed by hundreds of other addresses replicating the attack systematically. The series of transactions completely shook up the protocol, which ended up with only $651.54 in funds. Currently, Nomad’s Total Value Locked (TVL) is around $10.937.
The chaotic event began with an attack that took 100 Wrapped Bitcoin (WBTC) worth $2.3 million. Although the community shared the alert and Nomad announced to be investigating the situation, several other transactions quickly followed suit.
Over the following hours, the attacks took $190.7 million worth of WBTC, USD Coin (USDC), Wrapped Ether (WETH), and several other tokens.
With the door open for other hacks, other different addresses also took advantage of the security breach. As tweeted by analyst FatManTerra, there were “people grabbing $3K-$20K from the Nomad bridge. All one had to do was copy the first hacker’s transaction and change the address, then hit send through Etherscan. In true crypto fashion – the first decentralized robbery.”
You can better visualize the effect of attacks through the data tracked on DeFiLlama below.
Thankfully, some withdrawals were made by people to take the funds to return them to the protocol afterward (white hacks). Some of these benefactors have already begun to speak up.
What is Nomad Bridge?
Nomad is a bridge, a protocol that allows you to move tokens between blockchains, in this case, Avalanche, Ethereum, Moonbeam, Evmos, and Milkomeda C1.
A few days before the hack, Nomad announced that several major investors like Coinbase Ventures and Polychain Capital participated in the seed round that raised $22 million.
The Nomad team has been supportive of the community and is currently working to identify accounts involved in the hack to recover funds.
Nomad Bridge is not the only bridge between, for example, Ethereum and Avalanche. Therefore the dapp ecosystem hardly felt the impact of the hack. However, DeFi dapp Benqi did see a sudden spike in activity on the Avalanche blockchain, but that might be a coincidence.
Similarly, trading activity on DeFi platforms in the Moonbeam ecosystem shot up right after or during the hack. Solarflare and Beamswap both had a significant pump in activity, as seen in the Moonbeam Rankings on DappRadar.
The Bridge Hack Pattern
Bridge attacks have become more common in 2022. As more people need to move digital assets from one blockchain to another, either because of the rise of DeFi protocols on alternative blockchains or because of play-and-earn games, the interest of hackers in these bridges also grows.
According to the Rekt database, $1.2 billion in crypto assets were stolen in the first quarter of 2022 – 80% of which came from bridges.
The Ronin bridge suffered an exploit that took away $600 million in March 2022. As a result, Axie Infinity activity dropped 17% over the next 24 hours, but eventually recovered.
In the case of the Nomad bridge attack, however, it was not just an organized group that took advantage of the exploit. Anyone could simply replicate the code, which resulted in a decentralized mass theft.
- Learn more about bridges’ weak spots and recent exploits: How Blockchain Bridges Became Hackers’ Prime Targets
Keep Up With The Latest News With DappRadar
Staying up to date on the latest happenings in the crypto space is very important for opportunity seekers.
Keep learning about the exciting world of decentralized apps with the DappRadar blog, Youtube channel, and Twitter account.