Another blockchain bridge has been compromised, with this one ending up losing approximately $200 million - apparently due to the greed of its users.
Nomad was exploited earlier this week, and the protocol lost pretty much everything it had, despite no malware or cyberattacks apparently being involved.
While bridge exploits are not that new in the world of cryptocurrencies (remember Ronin, Wormhole, Beanstalk), this one is a little different.
Law enforcement included
Apparently, a recent update to one of Nomad's smart contracts allowed users to spoof transactions. In other words, whoever wanted to take the money from the bridge, was free to do so. There was no malware or breached endpoints, involved.
And that’s the key difference here. This wasn’t the work of a single hacker, or a group of actors, looking for a hole in the code to exploit. This was the project’s developers messing up, and the entire community seizing the day and grabbing what they can.
In a statement, Nomad said: "An investigation is ongoing and leading firms for blockchain intelligence and forensics have been retained. We have notified law enforcement and are working around the clock to address the situation and provide timely updates. Our goal is to identify the accounts involved and to trace and recover the funds."
Bridge hacks are pretty common these days. Just over a month ago, an unknown individual stole more than 85,000 Ether tokens from the Harmony bridge which were, at the time, valued at some $105 million, while in April, the breach of Ronin (a bridge belonging to the makers of Axie Infinity) resulted in the biggest crypto heist of all time - valued at more than $600 million at the time.
A bridge company offers the service of coin transfers between different chains, a service that’s grown extremely popular in the last couple of years. At the same time, these companies have become major targets for cybercriminals everywhere, as they’re often coded with insufficient security, resulting in theft.
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.