Nomad bridge drained of $190M after hundreds of addresses copy hacker’s code


Nomad token bridge suffered an exploit on August 1 that allowed several people to drain the bridge of $190.7 million.

The first sign of trouble began at about 9:23 pm UTC after a hacker exploited the bridge to withdraw 100 WBTCs worth $2.3 million.

How To Get Free Crypto  

Several others copied the code of the first suspicious transaction and changed the address to participate in draining the funds.

The Nomad bridge allowed token transfer between Ethereum (ETH), Avalanche (AVAX), Evmos (EVMOS), Moonbeam (GLMR), and Milkomeda C1 blockchains.

Unlike other crypto exploits where only a few addresses are directly tied to the hack, hundreds of addresses were responsible for draining the Nomad bridge of almost all the $190.7 million locked in it.

Bizarrely, some of the exploit transactions had the same value. For instance, there were over 200 transactions of exactly 202,440.725413 USDC.

Several tokens like WBTC, WETH, USDC, FRAX, CQT, HBOT, IAG, DAI, GERO, CARDS, SDL, and C3 were stolen from the bridge.

Coinbase Banner  

According to Oxfoobar, the attack happened due to poor operational strategy causing “bad Merkle root initialization which led to every message being proven valid by default.”

The Nomad team confirmed the exploit and claimed to be investigating the events.

Meanwhile, Moonbeam went into maintenance mode “to investigate a security incident with a smart contract deployed on the network.”

Peckshield revealed that it detected 41 addresses that grabbed roughly $152 million (80%) of the stolen funds.

According to the blockchain security firm, one of the wallets belonged to the hacker who stole $80 million from DeFi platform Rari Capital and Saddle Finance.

Whitehat hackers save some of the stolen funds

While the whole thing seems like a free for all looting, available information confirms that some of those who took funds from the bridge were whitehat hackers seeking to prevent thieves from accessing the funds.

Some who drained the funds have confirmed that they plan to return them.

One of them wrote:

“This is a whitehack. I plan to return the funds. Waiting for official communication from Nomad team (please provide an email id for communication). I have not swapped any assets even after knowing that USDC can be frozen. Transferred USDC, FRAX and CQT token from other addresses in order to consolidate. I wish I could rescue more funds but it was too slow.”

Others have also identified as whitehat hackers and asked the team to get in touch, including someone who was able to get $1 million.

FreeBitcoin Banner  
Posted In: Hacks

Go to Source
Author: Oluwapelumi Adejumo

Recommended Crypto Services, Products and Strategies:

The first thing any crypto investor needs is is a reliable and secure Crypto Wallet.  Whether you’re looking for an online wallet, hardware wallet, desktop or mobile wallet, Crypto Renegade provides you with all the Best Crypto Wallets in each category.

Best Crypto Wallets Banner

When you’re ready to buy more crypto, or exchange your coins for others, Crypto Renegade’s list of the Best Crypto Exchanges has you covered.  The Crypto Exchanges recommended here offer everything from simplicity and convenience to advanced trading platforms and profit sharing. 

Best Crypto Exchanges Banner

If you want to learn more about the methods and tools that can be used to find Great Crypto Projects, then be sure to check out Crypto Renegade’s strategy for How To Find The Best Cryptocurrency.

Crypto Strategy Banner

For those people that don’t have any money to invest right now, or just want to understand the technology a bit more, you’ll definitely want to check out Crypto Renegade’s Free Crypto Strategy and start collecting Free Coins today!

Free Crypto Banner

What do you think about cryptocurrency? Do you have any questions about it? Be sure to leave a comment below.

This site uses Akismet to reduce spam. Learn how your comment data is processed.