Cryptocurrency transfer bridge protocol, Nomad, took nearly US$200 million in losses following a security exploit that happened on Aug 1 this year.
Bloomberg reported that the software system’s funds were drained in small batches over the period of hours via different accounts, shown by blockchain data.
In a recent statement, the company said that an investigation is underway with them retaining learning companies for blockchain intelligence and forensics to aid in the case.
“Nomad’s goal is to find out which accounts are involved and to trace and recover the funds,” the statement added.
The hack makes Nomad the most recent bridge to experience an exploit this year.
According to a Bloomberg article, bridges are software that enables different blockchains and their corresponding tokens to interoperate with one another, as opposed to working in silos.
In recent years, bridges have become frequent targets of hacks. A forensics firm called Elliptic reported in June that over US$1 billion have been stolen from bridges in 2022 alone.
In order for a token to interoperate on another blockchain, a bridge service will normally “wrap” a cryptocurrency. The “wrapping” would require the bridge to maintain reserves in order to back the wrapped coins and this creates a massive pool of tokens for hackers.
Mudit Gupta, Polygon’s chief information security officer, stated that the intricacy of bridge software might lead to errors and leave it open to exploitation
The fact that bridges control large amounts of assets makes them a tempting target for hackers, he explained.
Meanwhile, the other bridges that lost assets due to hacks this year were Axie Inifinity’s Ronin bridge and Harmony’s Horizon which each lost US$600 million and US$100 million in March and June.
The attack happened just days after Nomad announced its full list of investors in its US$22 million seed round, led by Polychain Capital with backers including Ethereal Ventures, Hack VC, Crypto.com Capital, and Coinbase Ventures. Nomad touts itself as a “security-first” cross-chain messaging protocol.
Tom Robinson, co-founder of Elliptic, stated that a technical flaw in the Nomad protocol allowed users to withdraw more assets than were deposited in the bridge.
He added that following the initial hack, more than 40 exploiters that included MEV bots, flashbots, and independent exploiters, had replicated the hack and swiftly depleted the bridge’s resources.
According to PeckShield Inc, one of the exploiters for this Nomad hack was also involved in Rari Capital’s Fuse platform attack in April which saw the platform losing US$80 million.
Join our Telegram group for the latest updates!