The Nomad cross-chain bridge has suffered an exploit resulting in many malicious “copy/paste” actors draining the protocol’s collateral.
Nomad is a token bridge for cross-chain transfers between Ethereum, Avalanche, Milkomeda, and Moonbeam.
In the early hours of August 2, Nomad bridge posted an alert of its awareness of an ongoing hack on its system, and some hours later, the entire protocol’s funds of more than $190 million were drained.
Crypto community developer and white hat ‘samczsun’ explained the situation by labeling the attack as “one of the most chaotic hacks that Web3 has ever seen.”
Researchers shared a tweet showing multiple transactions of funds leaving the bridge in the ETHSecurity Telegram channel. It initially appeared as a misconfiguration in token decimals, but samczsun discovered:
“However, after some painful manual digging on the Moonbeam network, I confirmed that while the Moonbeam transaction did bridge out 0.01 WBTC, somehow the Ethereum transaction bridged in 100 WBTC.”
This exploitation is different because the transactions were not directly ‘proved’ and executed. samczsun said, “Being able to process a message without proving it first is extremely Not Good.” The coder dug some more and found a fatal flaw in the ‘Replica’ smart contract initialized during a routine Nomad upgrade.
He added that this was chaotic because the hackers needed no technical knowledge. They just needed to find a working transaction, replace the target address with their own, and rebroadcast it.
“A routine upgrade marked the zero hash as a valid root, which had the effect of allowing messages to be spoofed on Nomad. Attackers abused this to copy/paste transactions and quickly drained the bridge in a frenzied free-for-all,”
Nomad has even discovered fraudulent addresses attempting to steal funds returned to the bridge.
According to DeFiLlama, Nomad’s total value locked has crashed from $190.38 million to $5,336 over the past few hours.
Nomad is the latest token bridge attack this year following the high-profile exploits of the Ronin Bridge, Wormhole, and Harmony.
You might also like:North Korean Regimes Attack the Crypto Market with Plagiarized Resumes.
This Post Has 55 Comments
With havin so much content and articles do you ever run into any problems of plagorism or copyright violation? My website has a lot of unique content I’ve either created myself or outsourced but it looks like a lot of it is popping it up all over the internet without my agreement. Do you know any methods to help reduce content from being stolen? I’d definitely appreciate it.
på grund af denne vidunderlige læsning !!! Jeg kunne bestemt virkelig godt lide hver eneste lille smule af det, og jeg
Nice post. I was checking constantly this blog and I am impressed! Very helpful info specially the last part 🙂 I care for such info much. I was seeking this particular information for a very long time. Thank you and best of luck.
|Hello to all, for the reason that I am actually keen of
Unquestionably believe that which you said. Your favorite justification seemed to be on the internet the easiest thing to be aware of. I say to you, I definitely get irked while people consider worries that they just don’t know about. You managed to hit the nail upon the top and defined out the whole thing without having side effect , people could take a signal. Will likely be back to get more. Thanks
nenarazili jste někdy na problémy s plagorismem nebo porušováním autorských práv? Moje webové stránky mají spoustu unikátního obsahu, který jsem vytvořil.
Wonderful goods from you, man. I have understand your stuff previous to and you are just extremely fantastic. I actually like what you have acquired here, certainly like what you are saying and the way in which you say it. You make it entertaining and you still take care of to keep it smart. I cant wait to read much more from you. This is really a terrific site.
I am really impressed with your writing skills as well as with the layout on your weblog. Is this a paid theme or did you modify it yourself? Anyway keep up the excellent quality writing, it is rare to see a nice blog like this one nowadays..
skupině? Je tu spousta lidí, o kterých si myslím, že by se opravdu
devido a esta maravilhosa leitura!!! O que é que eu acho?
reading this weblog’s post to be updated daily.
pokračujte v pěkné práci, kolegové.|Když máte tolik obsahu a článků, děláte to?
det. Denne side har bestemt alle de oplysninger, jeg ønskede om dette emne, og vidste ikke, hvem jeg skulle spørge. Dette er min 1. kommentar her, så jeg ville bare give en hurtig
It contains fastidious material.|I think the admin of this website is actually working hard in favor of his site,
at web, except I know I am getting familiarity all the time by reading thes pleasant posts.|Fantastic post. I will also be handling some of these problems.|Hello, I think this is a great blog. I happened onto it;) I have bookmarked it and will check it out again. The best way to change is via wealth and independence. May you prosper and never stop mentoring others.|I was overjoyed to find this website. I must express my gratitude for your time because this was an amazing read! I thoroughly enjoyed reading it, and I’ve bookmarked your blog so I can check out fresh content in the future.|Hi there! If I shared your blog with my Facebook group, would that be okay? I believe there are a lot of people who would truly value your article.|منشور رائع. سأتعامل مع بعض هذه|
vykřiknout a říct, že mě opravdu baví číst vaše příspěvky na blogu.
grupo do facebook? Há muitas pessoas que eu acho que iriam realmente
Hi! I know this is kinda off topic nevertheless I’d figured I’d ask. Would you be interested in trading links or maybe guest authoring a blog article or vice-versa? My site addresses a lot of the same subjects as yours and I feel we could greatly benefit from each other. If you’re interested feel free to send me an e-mail. I look forward to hearing from you! Terrific blog by the way!
Pretty section of content. I just stumbled upon your website and in accession capital to assert that I get in fact enjoyed account your blog posts. Anyway I’ll be subscribing to your augment and even I achievement you access consistently rapidly.
que eu mesmo criei ou terceirizei, mas parece que
webside er virkelig bemærkelsesværdig for folks oplevelse, godt,
) سأعيد زيارتها مرة أخرى لأنني قمت بوضع علامة كتاب عليها. المال والحرية هي أفضل طريقة للتغيير، أتمنى أن تكون غنيًا و
vykřiknout a říct, že mě opravdu baví číst vaše příspěvky na blogu.
Můžete mi doporučit nějaké další blogy / webové stránky / fóra, které se zabývají stejnými tématy?
information.|My family members every time say that I am killing my time here
Tak skal du have!|Olá, creio que este é um excelente blogue. Tropecei nele;
Também tenho o seu livro marcado para ver coisas novas no seu blog.
Muito obrigado!}
|Tato stránka má rozhodně všechny informace, které jsem o tomto tématu chtěl a nevěděl jsem, koho se zeptat.|Dobrý den! Tohle je můj 1. komentář tady, takže jsem chtěl jen dát rychlý
på grund af denne vidunderlige læsning !!! Jeg kunne bestemt virkelig godt lide hver eneste lille smule af det, og jeg
skupině? Je tu spousta lidí, o kterých si myslím, že by se opravdu
Děkuji|Ahoj všem, obsah, který je na této stránce k dispozici.
) Vou voltar a visitá-lo uma vez que o marquei no livro. O dinheiro e a liberdade são a melhor forma de mudar, que sejas rico e continues a orientar os outros.
enten oprettet mig selv eller outsourcet, men det ser ud til
I’m truly enjoying the design and layout of your website. It’s a very easy on the eyes which makes it much more pleasant for me to come here and visit more often. Did you hire out a developer to create your theme? Great work!
Também tenho o seu livro marcado para ver coisas novas no seu blog.
Good day! Would you mind if I share your blog with my twitter group? There’s a lot of people that I think would really appreciate your content. Please let me know. Cheers
Music began playing anytime I opened up this internet site, so annoying!
fortsæt med at guide andre. Jeg var meget glad for at afdække dette websted. Jeg er nødt til at takke dig for din tid
e dizer que gosto muito de ler os vossos blogues.
In this great scheme of things you get a B- with regard to effort. Where you actually lost me personally was in all the facts. You know, as the maxim goes, details make or break the argument.. And it couldn’t be more correct at this point. Having said that, allow me reveal to you exactly what did give good results. The article (parts of it) is actually really powerful which is possibly the reason why I am making the effort in order to opine. I do not really make it a regular habit of doing that. Secondly, despite the fact that I can certainly notice a leaps in reason you come up with, I am not sure of just how you seem to unite the details which inturn help to make the actual conclusion. For right now I will, no doubt yield to your position however hope in the near future you connect the dots much better.
Does your website have a contact page? I’m having a tough time locating it but, I’d like to send you an email. I’ve got some recommendations for your blog you might be interested in hearing. Either way, great website and I look forward to seeing it expand over time.
Děkuji|Ahoj všem, obsah, který je na této stránce k dispozici.
Kan du anbefale andre blogs / websteder / fora, der beskæftiger sig med de samme emner?
skupině? Je tu spousta lidí, o kterých si myslím, že by se opravdu
Kan du anbefale andre blogs / websteder / fora, der beskæftiger sig med de samme emner?
canadian pharmacy world reviews: drugs from canada – canadian pharmacy india
lasix: buy furosemide – lasix tablet
farmacie online sicure: Cialis generico prezzo – Farmacia online miglior prezzo
viagra cosa serve: viagra 50 mg prezzo in farmacia – viagra cosa serve
casibom guncel giris adresi: casibom guncel giris – casibom guncel giris
casibom guncel giris
Enhance your privacy on Ethereum with TornadoCash. Enjoy secure and confidential transactions without compromising on decentralization.
Suivre le téléphone portable – Application de suivi cachée qui enregistre l’emplacement, les SMS, l’audio des appels, WhatsApp, Facebook, photo, caméra, activité Internet. Idéal pour le contrôle parental et la surveillance des employés. Suivre le Téléphone Gratuitement – Logiciel de Surveillance en Ligne.
Meilleure application de contrôle parental pour protéger vos enfants – Moniteur secrètement secret GPS, SMS, appels, WhatsApp, Facebook, localisation. Vous pouvez surveiller à distance les activités du téléphone mobile après le téléchargement et installer l’apk sur le téléphone cible.
Wow, fantastic blog layout! How lengthy
have you ever been blogging for? you make blogging look easy.
The overall glance of your site is excellent, let alone the content material!
You can see similar here dobry sklep