- The Nomad cross-chain bridge was completely emptied by an exploit.
- The procedure of a single hacker became public.
- Because in principle you only had to copy a command line, hundreds of users started looting the protocol and took off cryptocurrencies.
The Nomad bridge suffered a special exploit last night. Apparently, the developers of the protocol made a crucial mistake during an upgrade and changed a value in the bridge’s smart contract. After that, in principle, it was possible for anyone to withdraw digital assets without having to authorize themselves further.
As if that wasn’t enough, a snippet of code that a hacker used to operate the smart contract ended up in various chat groups. The highlight of the matter: Everyone who had the snippet could use their own Ethereum address and replicate the exploit via Etherscan. Deeper knowledge was not necessary to carry out the command. In a way, this is the first decentralized heist in the history of cryptocurrencies.
The result was that a mob of users took over the smart contract and diligently took off tokens until Nomad was completely drained. Nomad is a so-called cross-chain bridge. Such a bridge makes it possible to move digital assets between different blockchains. Because the assets usually have to be locked on one blockchain and unlocked on the landing page, such smart contracts are considered particularly vulnerable due to the complexity of the process.
Some users also wanted to help
In the end, however, the picture is not nearly as dark as it seems at first, because in some places the good in man also won. Dozens of users who want to return their alleged loot reported via Twitter. It seems that many have accessed the assets with the plan to take them into custody for Nomad and so that no one else can actually steal them.
At the moment, it is still unclear what amount will be refunded by the “white hats”. The total damage is estimated at $ 150 million. Just before the exploit, Nomad raised further funds and received $ 22 million from investors. They particularly praised the security of their own software product. Nomad is not the first bridge to be hacked and probably not the last. For example, in February 2022, around 320 million US dollars were lost in the spectacular Wormhole hack.