$190 Million Drained From Nomad Bridge, Here’s How It Happened!
$190 Million drained from Nomad Bridge, here’s how it happened! A vulnerability caused massive damage after hundreds of people exploited it, draining a reported $190 Million from the bridge.
What Happened
Today, Nomad Token Bridge, a system that allows users to move a number of different digital assets between different blockchains has been exploited, leading to a reported $190 million of its total value locked (TVL) to be drained.
The hacks originally started when one hacker found a vulnerability, a “fatal flaw” within the Replica contract. This hacker was said to have successfully steal around $2.3 million worth of tokens from the bridge.
However, the big issue really began when others in the community discovered the hacker, the vulnerability, as well as the tactics that the hacker used to steal these funds.
As explained by Twitter user @0xfoobar, all people had to do to exploit and steal from the bridge was “copy the original hacker’s transaction calldata, replace the original address with a personal one” and the transaction would be successful, making this hack fatally easy for anyone to do.
https://twitter.com/0xfoobar/status/1554269058882801666?s=20&t=rn7yclnpWnXCLAWQFtU9jg
Related: Here’s Everything You Need to Know About Crypto Stealer!
Since then, it’s been reported that hundreds of people have taken part in exploiting and stealing from the Nomad bridge, leading more than $190,740,000 to be stolen in just hours.
Multiple tokens have been reported to have been stolen from the bridge, including WETH, WBTC, USDC, FRAX, CQT, DAI, GETO, and many more.
Response To The Hack
Earlier today after a reported $45 million was stolen from the bridge, the Nomad team responded through their Twitter saying that they are currently “aware of the incident involving the Nomad token bridge.”
“We are currently investigating and will provide updates when we have them.“ they stated.
This attack against Nomad was something, I've never seen before.
People started replicating the attack after a few minutes, while the initial attacker drained out the pool systematically.
At some point, random dudes with ENS names were getting a million USDC per transactions. pic.twitter.com/KgBxAfLHtJ
— raz ⌐◨-◨ ✰ (@leadinscientist) August 1, 2022
A number of people in the community have also seemed to start taking matters into their own hands, with a few users taking advantage of the Nomad hack to “save funds”. These users have reportedly been taking some of the funds from the exploit with the purpose of returning them to Nomad again after the vulnerability is fixed so that some of the funds can be saved from malicious stealers.
There have also been a few in the community who have admitted to “accidentally” exploiting the vulnerability, taking the funds out of curiosity on testing to see the exploit themselves. These users are now reportedly asking the Nomad team on how they can return the funds that they have taken by mistake.
For more info regarding Crypto Alpha and NFTs Alpha. Always follow us on Twitter and Instagram
