- According to an analysis company, Nomad had already known about the vulnerability that led to the hacker attack.
- Nomad denies this claim and says that the June security report was another vulnerability.
- Nevertheless, this hack, which stole almost $ 200 million in cryptocurrencies, is one of the largest in crypto history.
The hack attack on the Nomad token bridge on August 3 was the fourth largest crypto hack in history. There, almost $200 million worth of crypto assets were stolen from the platform. However, not only the hack, but also the method behind it attracted great attention.
The exploit was possible due to a smart contract vulnerability. In addition to the hacker, hundreds of other users also used them and took as much as possible with them. To do this, all you had to do was copy the transaction data used by the original hacker and enter your own wallet address. This event was later classified by many as a decentralized robbery, since ordinary community members were also involved.
Later, the Nomad team revealed to Cointelegraph that some of the people who were withdrawing funds acted benevolently to prevent the hackers from stealing the entire cryptocurrencies.
After the hack, the crypto analysis firm BestBrokers found that the first attack took place on August 1. In this case, 400 Bitcoin (BTC) were stolen in four different transactions. The hackers then took 22,880 ether (ETH), then moved on to the stablecoins worth over $ 107 million and finally to the altcoins supported by the project.
In the incident, WBTC, Wrapped Ether (WETH), USD Coin (USDC), Frax (FRAX), Covalent Query Token (CQT), Hummingbird Governance Token (HBOT), IAGON (IAG), Dai (DAI), GeroWallet (GERO), Card Starter (CARDS), Saddle DAO (SDL) and Charli3 (C3) tokens were stolen from the bridge.
In this context: Hack attack on Solana-based hot wallets: several million already stolen
Some altcoins stolen from the platform have seen a slump of up to 94 percent. According to the data of the analysis company, the following altcoins have recorded the largest drop after the hack:
The exploited smart contract vulnerability was already highlighted in a security review report by Quantstamp in the first week of June. The Nomad team replied that it was “practically impossible to find the model of the blank sheet”.
The auditors believed that the Nomad team had misunderstood the problem at the time. Two months later, this very vulnerability led to losses of almost $ 200 million.
Cointelegraph asked Nomad for a comment on this discovery, and the team has since replied that the vulnerability identified by Quantstamp was different from the one that made this hack attack possible. The company also assured that it is actively working to return the money to users.