Nomad cross-chain protocol lost almost all funds in exploit
According to DefiLlama, the total value locked is $10 937
02.08.2022 - 09:45
419
3 min
0
What’s new? Experts at blockchain security company SlowMist have reported an attack on the Nomad cross-chain protocol. Analysts were able to track the movement of stolen funds using the MistTrack platform, and they estimate that the total damage from the incident exceeded $90 million. In addition, Nomad representatives told Cointelegraph that some of the funds were withdrawn by white hackers in order to protect them from theft. According to DefiLlama, almost all of the cryptocurrencies worth over $190,3 million have been withdrawn from the bridge, with the total value locked (TVL) being $10 937.
🚨SlowMist Security Alert🚨@nomadxyz_ , a cross chain protocol was recently hacked causing majority of their funds to be stolen.We used @MistTrack_io and traced ~90M to the following 3 addresses here. Follow us as we continue our investigation into this exploit. pic.twitter.com/HSV5SPU33J— SlowMist (@SlowMist_Team) August 2, 2022
What else is known about the attack? The attackers managed to withdraw the stolen funds to three Ethereum addresses. Most of the assets are in wrapped bitcoin (WBTC) and USDC stablecoins. A researcher at crypto investment firm Paradigm, nicknamed samczsun, believes that a recent update to one of Nomad’s smart contracts made it easier to fake transactions, allowing users to withdraw funds from the bridge that do not actually belong to them.
3/ My first thought was that there was some misconfiguration for the token's decimals. After all, it seemed as though the bridge was running a "send 0.01 WBTC, get 100 WBTC back" promotion pic.twitter.com/H9IOJRYB0G— samczsun (@samczsun) August 1, 2022
At the moment, the Nomad team is investigating to identify the vulnerability. Developers noted that scammers have begun posing as Nomad representatives and providing fake addresses to raise funds. The team noted that they have not yet provided an asset recovery plan, and all news will appear on their official account.
We’re aware of impersonators posing as Nomad and providing fraudulent addresses to collect funds. We aren’t yet providing instructions to return bridge funds. Disregard comms from all channels other than Nomad’s official channel: @nomadxyz_— Nomad (⤭⛓🏛) (@nomadxyz_) August 2, 2022
On July 23, Audius, a decentralized music service, suffered a hack that resulted in hackers withdrawing $6 million in cryptocurrency. According to cybersecurity company CertiK, the attackers changed certain configurations of a smart contract used by Audius’ governance system.
Useful material?
Market
The USDT issuer responded by saying that the report lacked sufficient data to support such claims
May 10, 2024
Incidents
The breach was reported to Binance by the head of its monitoring department, who was later fired
May 9, 2024
Trends
In April, the project’s launch on the crypto exchange was postponed twice
May 9, 2024
Incidents
Users were urged to withdraw funds before the site was completely shut down on November 7
May 8, 2024
Market
The outflow persists for four weeks
May 7, 2024
Market
The assets were valued at $630 000 at the time of receipt
May 6, 2024