Another Crypto Bridge Attack: Nomad Loses $190 Million in ‘Chaotic’ Hack

New York
CNN Business

Burglaries continue to plague the crypto world, with news of large sums being stolen from digital currency companies seemingly every month. But while crypto exchanges were once the main point of attack, hackers now seem to have a new target: blockchain bridges.

Bridges are the infrastructure that allows users to exchange assets between different blockchains, the digital database that underpins major cryptocurrencies. When a bridge service exchanges one coin for another, it “wraps” the currency so that it runs on the other blockchain.

A wrapped coin doesn’t completely become another currency — “it looks like it does,” Tom Robinson, chief scientist at blockchain analytics firm Elliptic, told CNN Business. Instead, a “token” is issued to represent the new coin on the various blockchains. “I deposit my Bitcoin in the bridge. In exchange for that, I get a bitcoin token on the Ethereum blockchain, and then I can transfer that bitcoin token, which is called a wrapped asset, through the Ethereum blockchain,” says Robinson.

To support these packaged coins, deck services hold large reserves of miscellaneous coins. “You have to trust that the bridge really owns the assets that back those tokens,” Robinson said. “They have huge amounts of assets backing these wrapped tokens.”

According to Elliptic, these coin stashes attract the attention of hackers and turn blockchain bridges into prime targets for heists. “These are just huge pots of honey. They just hold huge amounts of crypto assets, and so they are very obvious targets,” Robinson said.

Some $1.83 billion has been stolen from bridges to date, the majority ($1.21 billion) of that this year alone, according to Elliptic. So far in 2022, six major bridges have been hit by thefts, including The Californian company Harmonywhich lost $100 million at the end of June, and Axie Infinity’s Ronin Bridgewhich suffered a $625 million theft in March.

In the latest example, hackers allegedly stole $190 million worth of cryptocurrency from cryptocurrency bridge provider Nomad, according to blockchain data security and analytics firm Peckshield. (Nomad has not confirmed the total amount lost.)

“We are working around the clock to deal with the situation and have notified law enforcement and retained leading blockchain intelligence and forensics firms,” ​​Nomad said. tweeted Tuesday. “Our goal is to identify the accounts involved and to trace and recover the funds.”

Nomad is working with chain analytics firm TRM Labs to help trace funds in a bid to return stolen money to users, according to a tweet posted by Nomad on Wednesday.

nomad first tweeted Monday night, addressing the incident and said he was “aware of impersonators impersonating Nomad and providing fraudulent addresses to raise funds.”

According to Shield, Nomad’s system was gradually emptied in batches, and the stolen coins included ether and US dollar-linked stablecoins. A researcher from crypto investment firm Paradigm tweeted that the exploit was “one of most chaotic hacks that Web3 has never seen.

Just a few days before the incident, Nomad Revealed several high-profile investors – including Coinbase Ventures, OpenSea and Capital – who participated in an April $22 million round to “help develop a secure cross-chain messaging solution.”

The growing number of bridge attacks only compounds security and trust issues in the crypto industry. Several of the biggest crypto heists of all time took place last year, amid a spike in crypto prices and usage. Cryptocurrency prices have since fallen significantly but remain a potentially lucrative target.

Crypto scams have also become popularscammers who stole more than $1 billion between the start of 2021 and March this year, according to a report in June from the Federal Trade Commission.

“Certain characteristics of cryptocurrency may explain why it is a payment method for scammers and scammers,” the FTC said in a statement. Release at the time. “There is no bank or other entity to flag suspicious transactions before they happen. Crypto transfers cannot be undone. Once the money is gone, you can kiss your crypto buh-bye.

Comments are closed.