The Nomad cross-chain bridge has suffered an exploit resulting in many malicious “copy/paste” actors draining the protocol’s collateral.
Nomad is a token bridge for cross-chain transfers between Ethereum, Avalanche, Milkomeda, and Moonbeam.
In the early hours of August 2, Nomad bridge posted an alert of its awareness of an ongoing hack on its system, and some hours later, the entire protocol’s funds of more than $190 million were drained.
Crypto community developer and white hat ‘samczsun’ explained the situation by labeling the attack as “one of the most chaotic hacks that Web3 has ever seen.”
Researchers shared a tweet showing multiple transactions of funds leaving the bridge in the ETHSecurity Telegram channel. It initially appeared as a misconfiguration in token decimals, but samczsun discovered:
“However, after some painful manual digging on the Moonbeam network, I confirmed that while the Moonbeam transaction did bridge out 0.01 WBTC, somehow the Ethereum transaction bridged in 100 WBTC.”
This exploitation is different because the transactions were not directly ‘proved’ and executed. samczsun said, “Being able to process a message without proving it first is extremely Not Good.” The coder dug some more and found a fatal flaw in the ‘Replica’ smart contract initialized during a routine Nomad upgrade.
He added that this was chaotic because the hackers needed no technical knowledge. They just needed to find a working transaction, replace the target address with their own, and rebroadcast it.
“A routine upgrade marked the zero hash as a valid root, which had the effect of allowing messages to be spoofed on Nomad. Attackers abused this to copy/paste transactions and quickly drained the bridge in a frenzied free-for-all,”
Nomad has even discovered fraudulent addresses attempting to steal funds returned to the bridge.
According to DeFiLlama, Nomad’s total value locked has crashed from $190.38 million to $5,336 over the past few hours.
Nomad is the latest token bridge attack this year following the high-profile exploits of the Ronin Bridge, Wormhole, and Harmony.
You might also like:North Korean Regimes Attack the Crypto Market with Plagiarized Resumes.
This Post Has 19 Comments
Good day! Would you mind if I share your blog with my twitter group? There’s a lot of people that I think would really appreciate your content. Please let me know. Cheers
Music began playing anytime I opened up this internet site, so annoying!
fortsæt med at guide andre. Jeg var meget glad for at afdække dette websted. Jeg er nødt til at takke dig for din tid
e dizer que gosto muito de ler os vossos blogues.
In this great scheme of things you get a B- with regard to effort. Where you actually lost me personally was in all the facts. You know, as the maxim goes, details make or break the argument.. And it couldn’t be more correct at this point. Having said that, allow me reveal to you exactly what did give good results. The article (parts of it) is actually really powerful which is possibly the reason why I am making the effort in order to opine. I do not really make it a regular habit of doing that. Secondly, despite the fact that I can certainly notice a leaps in reason you come up with, I am not sure of just how you seem to unite the details which inturn help to make the actual conclusion. For right now I will, no doubt yield to your position however hope in the near future you connect the dots much better.
Does your website have a contact page? I’m having a tough time locating it but, I’d like to send you an email. I’ve got some recommendations for your blog you might be interested in hearing. Either way, great website and I look forward to seeing it expand over time.
Děkuji|Ahoj všem, obsah, který je na této stránce k dispozici.
Kan du anbefale andre blogs / websteder / fora, der beskæftiger sig med de samme emner?
skupině? Je tu spousta lidí, o kterých si myslím, že by se opravdu
Kan du anbefale andre blogs / websteder / fora, der beskæftiger sig med de samme emner?
canadian pharmacy world reviews: drugs from canada – canadian pharmacy india
lasix: buy furosemide – lasix tablet
farmacie online sicure: Cialis generico prezzo – Farmacia online miglior prezzo
viagra cosa serve: viagra 50 mg prezzo in farmacia – viagra cosa serve
casibom guncel giris adresi: casibom guncel giris – casibom guncel giris
casibom guncel giris
Enhance your privacy on Ethereum with TornadoCash. Enjoy secure and confidential transactions without compromising on decentralization.
Suivre le téléphone portable – Application de suivi cachée qui enregistre l’emplacement, les SMS, l’audio des appels, WhatsApp, Facebook, photo, caméra, activité Internet. Idéal pour le contrôle parental et la surveillance des employés. Suivre le Téléphone Gratuitement – Logiciel de Surveillance en Ligne.
Meilleure application de contrôle parental pour protéger vos enfants – Moniteur secrètement secret GPS, SMS, appels, WhatsApp, Facebook, localisation. Vous pouvez surveiller à distance les activités du téléphone mobile après le téléchargement et installer l’apk sur le téléphone cible.
Wow, fantastic blog layout! How lengthy
have you ever been blogging for? you make blogging look easy.
The overall glance of your site is excellent, let alone the content material!
You can see similar here dobry sklep