Nomad, a cross-chain bridge project, became the name of the attack on the morning of August 2, leading to extremely serious damage because many people took advantage of the vulnerability.

Nomad cross-chain bridge and "foul of money", damage more than 176 million USD

Nomad was mercilessly drained by users

At around 04:30 AM on August 2, the community on Twitter began to record strange transactions related to Nomad, a bridge project between and Moonbeam, specializing in smart contract .

Specifically, the developer @sniko_ đã chia sẻ về một loạt giao dịch trả phí đến 350.000 USD nhưng vẫn thất bại. Sau đó, người này phát hiện ra đây là một nỗ lực tấn công vào Nomad, rút hàng loạt các WBTC, , with many tokens Another -20 equals countless small transactions.

According to the statistics of user @1kbeetlejuice, in the next 2 hours, of Nomad has been drained, falling from $176.6 million to almost zero.

Statistics of balances Nomad's -20. Source: @1kbeetlejuice on Dune Analytics

User FatManTerra claims that this attack was carried out using multiple accounts or even a "foul" situation, where someone copied the first hacker's transaction and changed only each address. withdraw money to extract money from Nomad. FatMan joked that this was the industry's first "decentralized" attack , true to the nature of the field .

SlowMist tracks the cash flow to the three wallet addresses that are said to have taken the most money from Nomad, with a total value of up to $90 million.

Security expert samczsun later discovered that Nomad's vulnerability stemmed from the project's permission to grant withdrawal permission to the default root message of 0x000… Someone discovered that and proceeded to withdrawals. Others then discovered the vulnerability and simply copied the first hacker's transaction.

“This is exactly why the become so chaotic – it doesn't require you to know about or Merkle Tree. All you have to do is find a successfully hacked transaction, find/replace someone else's address with yours, and then interact with Nomad's smart contract.”

It is worth mentioning that this vulnerability was discovered and warned by smart contract auditing unit Quantstamp to Nomad in early June, but was ignored and led to the current consequences.

Nomad has announced the closure of its cross-chain bridge to investigate the cause, and warned users to be on the lookout for impostor accounts that are calling for voluntary return of money from looters.

While, has also brought the network to a “maintenance state,” but still allows users to make transactions, interact with smart contracts, staking, and administer normally.

Question marks continue to arise for cross-chain bridge projects

The Nomad attack took place almost a year after Poly Network, another cross-chain bridge project, was hacked for $611 million on August 10, 2021. The hacker then decided to return the money after the hack was discovered and realized that it was impossible to disperse such a large amount of money.

Read more  What future for high-speed Layer-1 named "Solana"

By February 2022, it's time to bridge Wormhole Between and hacked, losing $325 million in crypto assets. Wormhole then raised an emergency fund of a similar amount to ensure user compensation and resume operations.

More than a month later, on March 29, 2022, the crypto community was shaken by the bridge information Ronin of the game was stolen by hackers within a week without knowing it, resulting in a loss of $622 million. This is the most damaging attack in the history of the cryptocurrency industry to date.

At the end of June, Ronin resumed normal operations, while the development unit to be had to raise capital of 150 million USD and pay out-of-pocket to compensate users. Even so, controversies continued to cling to the project as project information was hacked because a programmer of accepted a dubious "job offer", or rumors that Sky Mavis CEO Nguyen Thanh Trung transferred $3 million on the floor before announcing the hack.

Also around this time, the bridge Horizen of project blockchain Harmony Was attacked, lost about 100 million USD of cryptocurrency on here. then posted a proposal to hard fork the protocol to print more tokens intended to compensate users instead of disbursing the project's funds, prompting a backlash from the community.

Read more  Bitcoin Is Winning, Gold Is Outdated

Right before the Wormhole hack, the founder Ethereum Vitalik Buterin believes that cross-chain solutions should not be trusted because of many defects in the working mechanism.

Join our channel to get the latest investment signals!