Cross-Chain Bridge Attacks Poses Threat to Blockchain Growth Prospects
- In February 2022, hackers exploited the wormhole bridge for more than $300 million.
On Monday, hackers exploited the Nomad bridge (a cross-chain token bridge) and moved nearly all the funds in the protocol. Early reports estimate that the hackers drained the protocol of almost $200 million in cryptos. Like other cross-chain bridges, Nomad enables users to transfer or receive tokens between multiple blockchains.
This attack is the latest in a series of high-profile hacker exploits on cross-chain bridges. Hence, many continue to wonder why hackers easily penetrate the security system of these bridges. Nomad has already admitted that an exploit took place and adds that it has commenced an investigation immediately.
It has hired a blockchain intelligence and forensics firm to assist with the investigation. The Nomad team has informed relevant law enforcement agencies and will keep working to resolve the situation. It intends to provide fresh updates as the case progresses. Meanwhile, the team said its first goal is to identify the affected accounts. Then, trace the funds to recover them.
The Nomad Bridge Exploit
Usually, bridges work by locking tokens in the smart contracts of one chain and issuing the wrapped version of such tokens on another chain. In Nomad’s case, hackers drained the tokens deposited in the smart contract. When such incidents happen, the wrapped tokens don’t have any backing and become worthless.
One of the researchers at paradigm (a crypto investment firm) with the Twitter username (@samczsun) explained how the Nomad hack happened. Using a Twitter thread, @samczsun said the hackers were able to spoof transactions on one of Nomad’s smart contracts following a recent update. Thus, they could withdraw money they don’t own from the nomad bridge.
He added that anyone with little or no knowledge about Merkle trees or Solidity could have carried out this attack. “The hacker only needed to find a workable transaction. Then, find and replace the other person’s address with his and re-broadcast it.”
Rising Incidents of Bridge Attacks
Recently, crypto holders have shown more interest in swapping cryptos between various blockchains. Hence, it isn’t surprising that their rising interest coincided with increased cross-chain bridge exploits. While many newer blockchains rely on cross-chain bridges to grow quickly, bridge exploits can hurt them badly. Many rely on these cross-chain bridges for most of their liquidity.
One such blockchain affected by the nomad exploit is Evmos. The blockchain tweeted that the Nomad will have a massive effect on Evmos’ total value locked. However, it adds that it is already discussing possible solutions with its community. Since January 2022, hackers have siphoned over $1.2 billion in cryptos from various cross-chain bridges.
In February 2022, hackers exploited the wormhole bridge for more than $300 million. Two months later, hackers drained more than $600 million in cryptos from the ronin bridge. The ronin bridge attack was the largest in the history of the decentralized finance (DeFi) industry.
Nomad’s unique selling position to potential investors was that it had better security than the alternatives. Last week, multiple reports revealed that the company raised fresh funds from VC investors, with Coinbase ventures and OpenSea leading that funding round.