Cross-Chain Bridge Nomad Loses $190 Million Making It 2022’s Third-Largest Crypto Heist

Cross-Chain Bridge Nomad Loses $190 Million Making It 2022's Third-Largest Crypto Heist

On Monday, the cross-chain token bridge Nomad was attacked and hackers managed to siphon $190 million from the protocol, draining a great majority of the funds. The Nomad cross-chain bridge attack was the third-biggest crypto heist of 2022, and the ninth largest of all time.

Nomad Cross-Chain Bridge Exploited for $190 Million

Cross-chain bridges in the world of decentralized finance (defi) just can’t catch a break no matter how long they have been running and even after the bridges have been audited. On August 1, 2022, the cross-chain bridge Nomad suffered an attack that saw the bridge lose $190 million in crypto funds. Security experts at the blockchain auditing firm Certik published an incident report describing what happened.

“The vulnerability was in the initialization process where the “committedRoot” is set as ZERO,” Certik wrote. “Therefore, the attackers were able to bypass the message verification process and drain the tokens from the bridge contract,” Certik added, noting:

The exploit occurred when a routine upgrade allowed verification messages to be bypassed on Nomad. Attackers abused this to copy/paste transactions and were able to drain the bridge of nearly all funds before it could be stopped.

Cross-chain bridges have been suffering from exploit after exploit since they were first introduced. At the end of March, the largest hack of 2022 saw $620 million stolen from Axie Infinity’s Ronin bridge. Researchers at Comparitech detail that the Nomad bridge attack was the third-largest breach this year, according to the research firm’s crypto heist tracker. While Nomad connected a variety of blockchain networks, the founder and CEO of AVA Labs, Emin Gün Sirer, tweeted about the incident and said the AVAX bridge was safe.

“The Nomad bridge, used by non-Avalanche chains, was hacked today,” Gün Sirer wrote. “Nomad was the official bridge for EVMOS (Cosmos EVM), Moonbeam (Polkadot EVM), and Milkomeda (another EVM) — The Avalanche Bridge is unaffected.”

Nomad Raised $22 Million in April, Blockchain Security Company Certik Says This Particular Bug ‘Would Be Difficult to Discover Under Conventional Auditing Practices’

The attack against the Nomad bridge follows the project raising approximately $22.4 million in seed funding in a finance round led by Polychain Capital. Other strategic investors that helped Nomad raise funds include 1kx, Ethereal Ventures, Hack.vc, Circle Ventures, Amber, Robot Ventures, Hypersphere, Figment, Dialectic, Archetype, and Ledgerprime. While a broad audit could have found the Nomad bridge vulnerability, the blockchain and smart contract auditors from Certik say this attack may be more difficult to find in a conventional audit.

“This type of issue would be difficult to discover under conventional auditing practices that assume all deployment configurations are correct, because this particular bug was introduced by mistakes in the deployment parameters,” Certik’s report on the Nomad situation concludes. “However, a broader auditing process and full-scope penetration test that includes validating deployment processes would potentially capture this bug,” the auditors added.

What do you think about the recent cross-chain exploit against the Nomad bridge? Let us know what you think about this subject in the comments section below.

Earning Passive Income With Crypto

Related Posts

Fractional NFT Markets Slide 76% in Value in 7 Months, Diced-up Doge NFT Still Leads the Pack

When non-fungible token (NFT) collectibles became popular, the fractionalized NFT market grew past the $200 million range seven months ago in December 2021. Since then, the fractionalized…

Bored Ape Yacht Club (BAYC) NFT Sales Test New Higher-Low Slipping More Than $290M

Similar to more than 90% of NFTs, BAYC saw a significant reduction in sales volume due to negative market sentiment during the seventh month of the year. …

Crypto Use in Metaverse Could Threaten Financial Stability, Says BoE

The prospective widespread use of cryptocurrencies within a fully developed metaverse could pose a systemic risk to financial stability, according to Bank of England researchers. Were the…

Troubled CoinFLEX Files for Restructuring in Seychelles

On Tuesday, the troubled Cryptocurrency exchange, CoinFlex, filed for restructuring in a Seychelles court to resolve a shortfall due to a counterparty failing to make a margin…

Elon Musk Sells Tesla Shares Worth Nearly $7 Billion — Plans to Buy TSLA Stock Back if Twitter Deal Falls Through

Elon Musk has sold nearly 8 million Tesla shares worth almost $7 billion. “It is important to avoid an emergency sale of Tesla stock” if Twitter forces…

Citadel CEO Ken Griffin Spills Beans on Why He Outbid ConstitutionDAO

Citadel CEO Ken Griffin opens up on what prompted him to outbid ConstitutionDAO last year to obtain a rare copy of the U.S. Constitution. The prized document…