The Nomad token bridge hack was the fourth largest hack to steal cryptocurrencies in history, resulting in the loss of nearly $200 million in crypto assets from the platform. However, more than the hack, the methodology behind it has grabbed the public’s attention.
The attack occurred due to a smart contract vulnerability that caused hundreds of users, in addition to the hacker, to get involved and take whatever they could by simply copying the transaction data used by the initial hacker and changing the email address. wallet for yours. The event was later considered a decentralized heist by many due to the involvement of normal members of the community.
Later, the Nomad team revealed to Cointelegraph that some of the people who took the funds were acting benevolently to protect the cryptocurrencies from falling into the wrong hands.
After the hack, the cryptocurrency analysis group BestBrokers discovered that the first attack took place on August 1, which drained 400 Bitcoin (BTC) in four different transactions. The hackers later siphoned the 22,880 Ether (ETH), then moved on to the more than $107 million worth of stablecoins, and finally started siphoning the altcoins supported by the project.
The incident has seen WBTC tokens, Wrapped Ether (WETH), USD Coin (USDC), Frax (FRAX), Covalent Query Token (CQT), Hummingbird Governance Token (HBOT), IAGON (IAG), Dai (DAI), GeroWallet (GERO), Card Starter (CARDS), Saddle DAO (SDL), and Charli3 (C3) were stolen from the bridge.
Some altcoins that were stolen from the platform saw a decline of up to 94%. Data collected by the analytics company showed that the following altcoins suffered the biggest crash after the hack:
The smart contract vulnerability that facilitated the attack was highlighted in a security audit report conducted by Quantstamp in the first week of June. The Nomad team even responded to the vulnerability by stating that it was “effectively impossible to find the preimage of the empty sheet”.
Auditors believed that the Nomad team had misunderstood the issue at the time, and in two months, the same vulnerability has been the reason for nearly $200 million in losses.
Cointelegraph has contacted Nomad with inquiries related to the discovery and will update this story accordingly.
Clarification: The information and/or opinions expressed in this article do not necessarily represent the views or editorial line of Cointelegraph. The information set forth herein should not be taken as financial advice or investment recommendation. All investment and commercial movement involve risks and it is the responsibility of each person to do their due research before making an investment decision.
Keep reading:
Investments in crypto assets are not regulated. They may not be suitable for retail investors and the full amount invested may be lost. The services or products offered are not aimed at or accessible to investors in Spain.