No products in the cart.
- Latest
- Trending
ADVERTISEMENT
The Nomad token bridge was exploited on August 1st, with several people exfiltrating the $190.7 million bridge.
The first signs of trouble began around 9:23 PM UTC after hackers exploited the bridge to withdraw 100 WBTC worth $2.3 million.
Some others copied the code of the original suspicious transaction and changed addresses to participate in the exodus of funds.
1/ Nomad stole over $150 million in one of the most chaotic hacks Web3 has ever seen. How exactly did this happen and what was the root cause? Let us show you behind the scenes pic.twitter.com/Y7Q3fZ7ezm
samczsun (@samczsun) August 1, 2022
The Nomad Bridge enabled token transfers between Ethereum (ETH), Avalanche (AVAX), Evmos (EVMOS), Moonbeam (GLMR) and Milkomeda C1 blockchains.
A public Discord server pops up with messages of random people who get between $3,000 and $20,000 off the Nomad Bridge. All I had to do was copy the original hacker’s transaction, change the address, and send it through Etherscan. True cryptocurrency fashion the first decentralized heist. https://t.co/jWV9AamBer
Fat Man (@FatManTerra) August 2, 2022
Unlike other crypto exploits where only a handful of addresses have been directly linked to hacking, hundreds of addresses exfiltrated nearly all of the $190.7 million locked away from the Nomad bridge.
2/ It appears that multiple wallets were involved in this hack and successfully exfiltrated funds.
A total of $39 million in USDC was stolen in a single trade with multiple withdrawals of $202,440 from the bridge. pic.twitter.com/ciXfv3Ebpo
Brandt woke up (@Manikumar111111) August 2, 2022
Oddly enough, some exploit transactions had the same value. For example, there were over 200 trades for exactly 202,440.725413 USDC.
Tokens such as WBTC, WETH, USDC, FRAX, CQT, HBOT, IAG, DAI, GERO, CARDS, SDL, C3 were stolen from the bridge.
according to oxhuberthe attack was caused by an improper operational strategy that caused “improper Merkle root initialization where all messages are proven valid by default”.
TL;DR – A Poor Operational Strategy Caused Improper Merkle Root Initialization Proving All Messages Are Valid By Default
Rough timing of the Nomad team raising a $22 million round a few months ago and recently announcing a massive backing https://t.co/tsPTigF8XV
Hoover (@0xfoobar) August 2, 2022
The Nomad team confirmed the exploit and claimed to be investigating the event.
We are aware of an incident involving the Nomad Token Bridge. We are currently investigating and will update you as soon as we have an update.
Nomad () (@nomadxyz_) August 1, 2022
Meanwhile, Moonbeam has entered maintenance mode “to investigate a security incident with smart contracts deployed on its network.”
1/ IMPORTANT NOTICE: Moonbeam Network has entered maintenance mode to investigate a security incident involving smart contracts deployed on the network.
Moonbeam Network #HarvestMoonbeam (@MoonbeamNetwork) August 1, 2022
1/ We had a security incident today. @nomadxyz_ A bridge to Moonbeam. Almost all assets of Nomad’s Ethereum Mainnet smart contracts have been exfiltrated. We found no evidence that the recent security incident was related to the Moonbeam codebase.
Moonbeam Network #HarvestMoonbeam (@MoonbeamNetwork) August 2, 2022
Peckshield has revealed that it detected 41 addresses that acquired approximately $152 million (80%) of the stolen funds.
One of the wallets belonged to a hacker who stole $80 million from DeFi platforms Rari Capital and Saddle Finance, according to a blockchain security firm.
#PeckShieldAlert PeckShield detected about 41 addresses stolen worth about $152 million (about 80%). @nomadxyz_ bridge exploits, including ~7 MEV bots (~$7.1M), @RariCapital Arbitrum exploits (~$3.4M), and 6 White Hats (~$8.2M).
~10% of these addresses with ENS names earned $6.1M pic.twitter.com/UUjk7ZiiKEPeckShieldAlert (@PeckShieldAlert) August 2, 2022
The whole thing looks like a free plunder, but available information suggests that some people who stole funds from the bridge were white hat hackers trying to prevent thieves from accessing the funds. has been confirmed.
Some who have run out of funds have confirmed that they plan to return the funds.
I will return this money, fbi pls calm down. No, I didn’t mean to steal it.Yes, I know this address has been exposed
.eth
Nomad.eth (@SpaceWigger) August 2, 2022
one of them I have written:
“This is a white hack. We plan to return the funds. We are waiting for a formal communication from the Nomad team (please enter your contact email id). We are aware that the USDC may be frozen. I have never traded my assets even after .I transferred USDC, FRAX and CQT tokens from other addresses for consolidation.I wish I had more funds, but it was too late.
others also identified As a white hat hacker, I asked the team to contact me, including the person who got the $1 million.
Some of those looking to get bridge funding have come forward openly and offered to return
.eth
Rari capital exploiter
darkfi.eth pic.twitter.com/2adlMl6Pj3Hoover (@0xfoobar) August 2, 2022
