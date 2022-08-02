US bridging-focused crypto firm Nomad was hacked on Monday, with attackers draining virtually all of its funds. It is estimated that the total value of cryptocurrencies lost to the attack was around $200 million.

The Nomad, like other bridges cross-chain (cross-chain), allows users to send and receive tokens between different blockchains. Monday’s attack is the latest in a series of incidents that have raised questions about the safety of these bridges.

Speaking to CoinDesk, the Nomad team acknowledged the attack: “An investigation is ongoing and leading blockchain intelligence and forensics firms have been contacted,” the team said. “We have notified the police and are working around the clock to resolve the situation and provide timely updates. Our goal is to identify the accounts involved and track and recover the funds.”

How did it happen

“Bridges” or “bridges” in Portuguese typically work by locking tokens in a smart contract in a chain and then re-issuing those tokens on another network in the form of a “wrapped token” (wrapped token). – that is, they are synthetic tokens, which represent the assets of the original blockchain.

If the smart contract on which the original tokens are deposited is sabotaged – as in the case of Nomad – the synthetic tokens lose the underlying assets, which can render them useless.

On Twitter, a researcher at cryptocurrency investment firm Paradigm explained that a recent update to one of Nomad’s smart contracts has made it easier for transactions to be spoofed. This means that users could withdraw money from the Nomad bridge that did not actually belong to them.

Unlike some attacks bridges, where a single culprit is behind all the exploitation, the attack on Nomad could have been carried out by several people. This is because, according to the expert, it was not necessary to know much about cryptoassets.

“…you didn’t need to know [a linguagem de programação] Solidity or Merkle Trees or whatever. All you had to do was find a transaction that worked, find/replace the other person’s address with your own, and then relay it,” explained the expert known by the pseudonym “samczsun.”

The problem of cryptocurrency bridges

Attacks on bridges have become more frequent in recent months, with cryptocurrency users demonstrating a growing appetite for exchanging assets between different blockchains.

Although the bridges cross-chain have enabled the proliferation of new blockchains, failures can be devastating for smaller networks that rely on this technology for a large amount of their total liquidity.

Evmos, one of the newer blockchains served by Nomad, tweeted that it would “brainstorm community solutions” for the Nomad attack as the incident “significantly affected [o valor total bloqueado] from Evmos”.

The biggest decentralized finance (DeFi) attack in history, the Ronin bridge attack in April, saw more than $600 million in cryptocurrencies diverted from the bridge that powers the popular game Axie Infinity (AXS).

Just a few months before that, over $300 million had been drained from the Wormhole bridge, wreaking havoc on the Solana blockchain community (SOL) and the decentralized finance (DeFi) ecosystem as a whole.

Nomad sold investors the view that it would be fundamentally safer than alternative platforms.

Last week, the company revealed that Coinbase Ventures, the investment arm of the American exchange, in addition to the NFTs martplace OpenSea, are among its “seed capital” providers, participating in the company’s first funding round, held in April. At the time, Nomad was valued at $225 million.

