Cross-Chain Bridge Nomad loses $ 190 million making it the third largest cryptocurrency theft of 2022 – Bitcoin News

On Monday, the Nomad cross-chain token bridge was attacked and the hackers managed to squeeze $ 190 million out of the protocol, draining the vast majority of funds. The Nomad cross-chain bridge attack was the third largest cryptocurrency heist of 2022 and the ninth largest of all time.

Nomad Cross-Chain Bridge exploited for $ 190 million

Cross-chain bridges in the world of decentralized finance (defi) cannot take a break no matter how long they have been in operation and even after the bridges have been verified. On August 1, 2022, the Nomad cross-chain bridge suffered an attack that saw the bridge lose $ 190 million in crypto funds. Security experts from blockchain auditing firm Certik have released a report on the incident describing what happened.

“The vulnerability was in the initialization process where” committedRoot “is set to ZERO,” wrote Certik. “Thus, the attackers were able to bypass the message verification process and drain the tokens from the bridge contract,” Certik added, noting:

The exploit occurred when a routine update allowed the verification messages on Nomad to be ignored. The attackers abused it to copy / paste transactions and were able to drain the bridge of nearly all funds before it could be stopped.

Number of crypto project attacks per month, according to Comparitech researchers.

Cross-chain bridges have undergone exploits after exploits since their first introduction. In late March, the biggest hack of 2022 saw $ 620 million stolen from Axie Infinity’s Ronin Bridge. Comparitech researchers detail that the Nomad bridge attack was the third largest breach this year, according to the research firm’s cryptocurrency tracker. While Nomad connected a variety of blockchain networks, AVA Labs founder and CEO Emin Gün Sirer tweeted about the incident and said the AVAX bridge was safe.

“The Nomad Bridge, used by non-avalanche chains, was breached today”, Gün Sirer he wrote. “Nomad was the official bridge for EVMOS (Cosmos EVM), Moonbeam (Polkadot EVM) and Milkomeda (another EVM) – The Avalanche Bridge is not interested.”

Nomad raised $ 22 million in April, Blockchain security firm Certik says this particular bug “would be difficult to detect with conventional auditing practices.”

The attack on the Nomad bridge follows the project which raised approximately $ 22.4 million in initial funding in a funding round led by Polychain Capital. Other strategic investors who have helped Nomad raise funds include 1kx, Ethereal Ventures, Hack.vc, Circle Ventures, Amber, Robot Ventures, Hypersphere, Figment, Dialectic, Archetype, and Ledgerprime. While an extensive audit could have detected the Nomad bridge vulnerability, Certik’s blockchain and smart contract auditors say this attack may be harder to find in a conventional audit.

“This kind of problem would be difficult to detect with conventional auditing practices that assume all deployment configurations are correct, because this particular bug was introduced by errors in the deployment parameters,” concludes Certik’s report on the Nomad situation. “However, a broader auditing process and comprehensive penetration testing that includes validation of distribution processes could potentially catch this bug,” the auditors added.

Tag in this story

$ 22 million, Ambra, Archetype, Bridge, bug, certik, Certik Auditor, Certik Audits, Circle Ventures, Comparitech, Comparitech researchers, cross-chain bridge, Cross-Chain Bridge Hacks, crypto heist, defi vulnerability, defi vulnerabilty, dialectic, Emin Gün Sirer, Exploit, Figment, Hypersphere, Ledgerprime, Nomad, Nomad Bridge, Nomad cross-chain bridge, Nomad theft, Robot Ventures, Stolen Crypto, Third Larger Heist

What do you think of the recent cross-chain exploit against the Nomad bridge? Let us know what you think about this topic in the comments section below.

Jamie Redman

Jamie Redman is the News Lead of Bitcoin.com News and a financial technology journalist living in Florida. Redman has been an active member of the cryptocurrency community since 2011. He has a passion for Bitcoin, open source code and decentralized applications. Since September 2015, Redman has written more than 5,700 articles for Bitcoin.com News on the disruptive protocols emerging today.




Image credits: Shutterstock, Pixabay, Wiki Commons, Comparitech,

Disclaimer: This article is for informational purposes only. It is not a direct offer or solicitation of an offer to buy or sell, nor a recommendation or endorsement of products, services or companies. Bitcoin.com does not provide investment, tax, legal or accounting advice. Neither the company nor the author is responsible, directly or indirectly, for any damage or loss caused or allegedly caused by or in connection with the use or reliance on any content, good or service mentioned in this article.

Leave a Reply