Well, folks, another multi-million dollar Nomad bridge hacked. Now you may have seen the news earlier today that the nomad bridge has just been exploited for close to 200 million dollars. Now despite how much this may feel like deja vu it is a hack unlike any other and I’ll get on to that in a bit but first a bit of background.
How was Nomad bridge hacked? So, the nomad is a crypto project focused on interoperability between different networks in other words a bridge between more than one network. To quote their documents it’s a quoted security first cross-chain messaging protocol. Now, this is an MVP that the project has been touting for a long time and in January of this year, its CEO said quote we’re secure period.
Now it also doesn’t help that only five days ago the project issued a press release talking about strategic investments from a raft of VCs. In a said press release they again stated their goal of developing a secure cross-chain protocol but that is neither here nor there. As I mentioned earlier this was a hack unlike any other in that once other users found out about the initial hackers exploit they realized it could easily be replicated. They could copy the original hacker’s transaction called data control c ctrl v. What’s even crazier than that is that this vulnerability was mentioned in the audit report conducted a few months ago.
“We’re secure… period” — @pranaymohan— Nomad (⤭⛓🏛) (@nomadxyz_) January 27, 2022
The result is that the bridge went from having close to 200 million dollars in it to almost zero dollars in a matter of hours. One of the first community hacks for lack of a better term. Of course, if you did manage to get any funds from the hack I would encourage you to give them back as some pretty sophisticated tracking tools can follow those funds.
I should also mention that it appears that some funds have been withdrawn by white hat users to stop them from getting into shall we say less civic-minded hands these will be returned. Now, this of course opens up the question of how secure we can expect crypto bridges to be because this comes the latest in a long line of previous bridge hacks over the past year.
Nomad bridge hacked and Here’s just a quick rundown of some of them the poly network hack for 600 million dollars, the wormhole hack for 320 million dollars, the ronin bridge hack for 615 million dollars, the Harmony 100 million hack, and the horizon bridge hack for 100 million dollars, and that last one happened no more than a week ago. So with yesterday’s exploit, that’s over 1.8 billion dollars of crypto stolen. I’m sure I’m missing many other smaller bridge hacks from that list.
It also doesn’t help that the explicit goal of the nomad was to develop a completely secure and unhackable bridge and despite the team’s extensive experience their novel approach and the millions they raised from top VCs they still ended up falling victim to an attack. So this raises the question of how secure we can make these bridges. It’s something that vital himself has talked about in the past because bridges remain some of the softest targets when it comes to crypto security.
Nomad bridge hacked, The unfortunate reality of this is that most in the mainstream won’t be able to discern between a bridge hack and the underlying crypto networks themselves. They just read about a 200-million dollar hack and cast their aspersions on the broader sector put simply it is a terrible look for the industry as a whole. And of course, the same can be said when a centralized lender goes under and the crypto sector gets tarnished with the same brush.
Now of course interoperability is still the holy grail we’re trying to achieve and we shouldn’t abandon that goal. However, I think there needs to be a lot more testing done on bridges, especially before the stage at which they can reach hundreds of millions of dollars in tvl.