DeFi continues to place bridge attacks at the forefront of crypto and blockchain. This is because bridges are a significant point of vulnerability. Here’s another example: the most recent 9-figure attack on the multichain Nomad Bridge.
In the early hours following the exploit, we’re looking at an exploit in the range of $160-190M – let’s take a look at this and more from what we know thus far.
Nomad’s Collapse
According to Defi Luma, the bridge was shut down in July at $190M TVL. Users on crypto Twitter started watching the bridge become exploited to drain to 0. Most of this was USDC, WETH and WBTC. However, roughly a half dozen different tokens were drained, ranging anywhere from ten’s of thousands to nearly $100M worth.
This was the first time it was noticed by @spreekaway, a Twitter user
Nomad bridge getting rugged??? It looks very suspenseful. pic.twitter.com/nvtMIjf0rD
— Spreek (@spreekaway) August 1, 2022
Nomad has attracted seed investors from Polygon Ventures, Coinbase Ventures and OpenSea. The bridge raised $22M in fundraising only 4 months ago.
You can wrap Ether (ETH), to make it transferable across networks and through bridges at a cheaper cost. Source: ETH-USD on TradingView.com | Source: ETH-USD on TradingView.com
Related Reading| TA: Near Protocol Struggles To Break Out Despite Relief Bounce
Another Bridge Hits The Dust
Nomad’s team is optimistic that they will recover but it will take a lot of work. Bridges are still a major vulnerability in crypto. 9-figure hacks continue to make havoc. Wormhole lost over $300 million in the largest DeFi losses ever. Cross-chain activity should be a major point of emphasis for crypto security as many have touted it as “the future of crypto” – but also offers areas of vulnerabilities.
This vulnerability, unlike many others in cryptography, was a contract exploit that was used by several addresses. Some of these have stated they will return the money. In this case, a user manipulated code noted in the bridge’s audit, taking advantage of a vulnerable function to have every message on the bridge valid. This was discovered by other users who sought out to replicate it.
Perhaps the funds returned will allow the bridge to keep moving forward after the dust has settled. At time of publishing, the bridge’s TVL sits just shy of $5,000 – a tiny amount of the near $200M locked pre-exploit, but still a small bounce back from the sub-$1,000 worth that was seen immediately following the exploit.
Similar Reading: Ethereum Investors Claiming Profits as Profitability Explodes| Ethereum Investors Clamor To Take Profits As Profitability Explodes
Featured image taken from Pixabay. Charts taken from TradingView.com Disclaimer: The author of this content has not been associated with or paid any money to the companies mentioned. This content is not intended to be financial advice.