Hundreds of would-be hackers, and even a few white hat do-gooders intent on returning the funds, appear to have removed all of the $190 million in assets locked on the bridge in just a few hours!
A new major hack for a crypto bridge
The Nomad bridge appears to have suffered a security breach that allowed hackers to recover a significant portion of the bridge’s funds in a long series of transactions.
Almost all of the $190.7 million in crypto has been withdrawn from the bridge , and only $651.54 remains in the wallet, according to decentralized finance (DeFi) tracking platform DefiLlama . However, Nomad later suggested to Cointelegraph that some of the funds were withdrawn by “white hat friends” who collected the funds with the intention of saving them.
The first suspicious transaction, which could be the origin of this hack, took place at 21:32 UTC when someone managed to withdraw from the bridge 100 Wrapped Bitcoin (WBTC), worth around 2, $3 million.
Shortly after the community raised the alarm about this potential hack, Nomad’s team confirmed at 23:35 UTC that they were aware of ” the incident involving bridge Nomad “, adding that they ” currently investigating the incident ”.
Nomad said in an email response to Cointelegraph on Tuesday that at least some of the people who took the funds were acting in benevolent ways to protect the crypto from falling into the wrong hands. The team added that they have retained the services of ‘ leading companies specializing in blockchain intelligence and forensics ‘:
Nomad has informed the legal authorities and is working tirelessly to deal with the situation and provide updated information. Nomad’s objective is to identify the accounts involved and to trace and recover the funds. Nomad is grateful to its many “white hat” friends who moved quickly to withdraw and save the funds.
White Hats at work?
So far, at least one individual has offered to act as a white hat and return funds taken from the Bridge . The individual known as Notifi Bot on Twitter contacted Nomad in a tweet stating: ‘ This is a whitehack. I intend to return the funds”.
During this incident, WBTC, Wrapped Ether (WETH), USD Coin (USDC), Frax (FRAX), or Card Starter (CARDS) tokens were stolen. The hackers minted the tokens in an unusual way , as each token was minted in nearly equivalent denominations. For example, trades with exactly 202,440.725413 USDC have been executed over 200 times.
Nomad is a bridge that allows token transfers between Avalanche, Ethereum, Evmos, Milkomeda C1 and Moonbeam . Unlike other hacks that have become quite common in 2022, this event so far has hundreds of addresses receiving tokens directly from the bridge.
Meanwhile, the Polkadot network’s Moonbeam smart contract platform , whose native token GLMR was one of those targeted by Nomad’s hack, went into maintenance mode at 23:18 UTC” to investigate a security incident. “. As a result, Moonbeam features such as regular user transactions and smart contract interactions have been disabled.
This attack falls badly for the bridge which had conducted a fundraiser in April. The project revealed in a tweet on Friday that Coinbase Ventures, OpenSea and five other major crypto industry companies participated in this seed fundraising in April, which helped Nomad reach a valuation of 225 million dollars . This hack therefore risks dealing a severe blow to the image of bridge among investors and users.
Safety is a major issue, especially for bridges, which are particularly in danger, as Vitalik Butterin reminded us, notably shortly after the Wormhole affair. Well aware of this fact, projects like Lucky Block have reinforced their security to prevent any attack and theft of funds in the future