The Nomad bridge, allowing interconnection between several networks such as Moonbeam or Covalent and the Ethereum blockchain, was hacked a few hours ago, resulting in the embezzlement of $190 million.
nomad’s land
This will be the image of the day, a snapshot via the Defillama tracking site of the TVL (total liquidity locked) of the bridge Nomad. A TVL passed in a few hours from 190 million dollars in ethers, USDC and other “wrapped” tokens to …1794 dollars.
In question, an exploit of the said bridge around 1 a.m. French time, allowing its authors to siphon off almost all of the funds.
And as maddening as this observation is, from the first investigations carried out by the developer community, it seems that the flaw exploited concerned a particularly primary vulnerability.
“Nomad works in 2 steps:
User sends token from string X
User processes token withdrawal on string Y
During step 2, the bridge appears to allow the user to pass an arbitrary amount. »
A vulnerability so gaping, that in addition to the initial siphoning of hackers, anyone was literally able to come and exploit it as long as funds remained available on the bridge. The situation has also allowed a few whitehats of goodwill to recover part of the funds, with a view to later restitution (a manipulation so simple that it could even be executed… from a simple smartphone).
“I was crossing town in my pajamas to get to the office, while reproducing the feat myself to save funds. All on my phone with little to no battery. »
Bridge dinner
This hack once again demonstrates how bridges represent weak points in the DeFi ecosystem. An observation that Vitalik Buterin had prophesied. Moreover, the interdependence of its players is likely to cause potentially devastating domino effects. A risk that recent events around the collapse of LUNA have sadly illustrated. New demonstration this evening with the Covalent project which already indicates that nearly 13% of the $CQT token supply has been affected by the hacking of the bridge.
We will quickly return to the Journal du Coin on the details of this new episode. An episode that once again shines a harsh light on the flaws and failings of the Decentralized Finance industry.
>> Play it safe, register on FTX the reference of crypto exchanges (commercial link) <<