Nomad lost $190m TVL in "Decentralized Robbery"

The trading platform verified the hacking event in a statement posted on Twitter:

“We have been made aware of the situation concerning the Nomad token bridge.” We are presently researching and will offer updates as they become available.

The protocol also cautioned against “impersonators acting as Nomad and offering false addresses to receive cash,” and concluded, “We have not yet provided guidelines on how to return bridge funds. Disregard all communications from channels other than Nomad's official channel.”

The protocol acts as a cross-chain bridge, allowing users to exchange tokens such as Ethereum (ETH), Avalanche (AVAX), Evmos (EVMOS), Milkomeda C1, and Moonbeam (GLMR).

According to the online media outlet Cryptonews, the total value locked (TVL) of Nomad reached up to $190 million before the exploit, citing statistics from DeFi Llama, a Defi tracking data portal. At the time of writing, the platform indicated that Nomad's TVL was less than $11,000.

TVL represents the quantity of user funds put in a DeFi protocol.

DefiLlama is the source.

Another cybersecurity company, BlockSec, believes that the overall damage in this attack is approximately $150 million in Tether (USDT). The monitoring platform highlighted that various gaps in Nomad's verification approach may exist among functions: “Because an uninitialized storage slot is always treated as zero, the attacker can pass any message that has never been seen before to escape the verification system.”

FatMan, an anonymous Terra researcher, called the incident “the first decentralized theft,” adding that “all one had to do was copy the original hacker's transaction, alter the address, and push submit using Etherscan.”

According to CoinDesk, bridges typically work by locking coins in a smart contract on one chain and then reissuing those tokens in “wrapped” form on another.

Furthermore, if the smart contract where the tokens are initially deposited is sabotaged in the context of Nomad's position, the wrapped tokens may lose their value.

Nomad revealed last month that it had received a $22.4 million strategic investment in April from a group of investors that included OpenSea, CoinBase Ventures, Crypto.com, and Polygon.

Ironically, the current security flaw may make Nomad feel embarrassed to keep its words and pursue its objectives, as the business stated in a press release that its major goal is to “build a safer crypto ecosystem where blockchains can connect easily and securely with each other.”

According to the business, hackers stole more than $1.5 billion this year by exploiting flaws in cross-chain bridges, demonstrating that the sector need security-first solutions that enhance the protection of users, funds, and messages.

As a reminder, WikiBit is ready to help you search the qualifications and reputation of projects in a bid to protect you from hidden dangers in this risky industry!

iOS: t.ly/UUCj

Android: t.ly/cfYt