Nomad cross-chain protocol lost almost all funds in exploit
According to DefiLlama, the total value locked is $10 937
02.08.2022 - 09:45
515
3 min
0
What’s new? Experts at blockchain security company SlowMist have reported an attack on the Nomad cross-chain protocol. Analysts were able to track the movement of stolen funds using the MistTrack platform, and they estimate that the total damage from the incident exceeded $90 million. In addition, Nomad representatives told Cointelegraph that some of the funds were withdrawn by white hackers in order to protect them from theft. According to DefiLlama, almost all of the cryptocurrencies worth over $190,3 million have been withdrawn from the bridge, with the total value locked (TVL) being $10 937.
🚨SlowMist Security Alert🚨@nomadxyz_ , a cross chain protocol was recently hacked causing majority of their funds to be stolen.We used @MistTrack_io and traced ~90M to the following 3 addresses here. Follow us as we continue our investigation into this exploit. pic.twitter.com/HSV5SPU33J— SlowMist (@SlowMist_Team) August 2, 2022
What else is known about the attack? The attackers managed to withdraw the stolen funds to three Ethereum addresses. Most of the assets are in wrapped bitcoin (WBTC) and USDC stablecoins. A researcher at crypto investment firm Paradigm, nicknamed samczsun, believes that a recent update to one of Nomad’s smart contracts made it easier to fake transactions, allowing users to withdraw funds from the bridge that do not actually belong to them.
3/ My first thought was that there was some misconfiguration for the token's decimals. After all, it seemed as though the bridge was running a "send 0.01 WBTC, get 100 WBTC back" promotion pic.twitter.com/H9IOJRYB0G— samczsun (@samczsun) August 1, 2022
At the moment, the Nomad team is investigating to identify the vulnerability. Developers noted that scammers have begun posing as Nomad representatives and providing fake addresses to raise funds. The team noted that they have not yet provided an asset recovery plan, and all news will appear on their official account.
We’re aware of impersonators posing as Nomad and providing fraudulent addresses to collect funds. We aren’t yet providing instructions to return bridge funds. Disregard comms from all channels other than Nomad’s official channel: @nomadxyz_— Nomad (⤭⛓🏛) (@nomadxyz_) August 2, 2022
On July 23, Audius, a decentralized music service, suffered a hack that resulted in hackers withdrawing $6 million in cryptocurrency. According to cybersecurity company CertiK, the attackers changed certain configurations of a smart contract used by Audius’ governance system.
Useful material?
Market
Due to supply shortages, the asset’s pre-market exchange rate was climbing above $1000
Dec 16, 2024
Incidents
Reports about the hacking of the exchange with calls to withdraw assets began to spread on December 13
Dec 13, 2024
Crypto regulations
Stablecoins from issuer Circle will not be affected by the changes
Dec 12, 2024
Crypto regulations
The platform will launch after meeting the preconditions of the local exchange authority
Dec 9, 2024
Market
The $1,1 billion figure was reached after the bitcoin correction
Dec 6, 2024
Crypto regulations
By early January, all open positions and loans of local users will be closed and repaid automatically
Dec 5, 2024