$190M Stolen From Coinbase-Backed Crypto Bridge Nomad


Over $190 million was drained from cross-chain cryptocurrency bridge Nomad on Monday in what is being described as one of the most perplexing hacks in DeFi history.

What Happened: On Aug. 1, market participants observed millions of dollars being drained from the Nomad contract address.

See Also: Huobi Global Sees Itself As Safe-Haven ‘Not Affected’ By Crypto Winter, Turmoil

Data from DeFi Llama shows that more than $190 million worth of Ethereum ETH/USD and other tokens were drained from the Total Value Locked (TVL) in the bridge.   

“A perplexing aspect of this vulnerability was that all users had to do to hack bridge funds was copy the original hacker’s transaction calldata, replace the original address with a personal one, and the tx would succeed!” wrote DeFi protocol code auditor “foobar” on Twitter. “Easy as CTRL-C, CTRL-V.”

A number of users who were observed replicating the exploit and grabbing the stolen funds have publicly come forward to return the tokens. According to foobar, the vulnerable process function enabling the hack was lying in plain sight — in the Nomad audit report itself.

The Nomad team said they were aware of the token bridge being compromised and were currently investigating the exploit.

Earlier this year, Nomad raised $22 million from investors led by Polychain Capital in the name of “security-first interoperability.”

The round saw participation from high-profile investors like AT&T Inc.’s T venture capital arm. 

Nomad has also attracted angel investment from Coinbase Global Inc COIN and the foundations behind the Polkadot and Avalanche blokchains.


Image and article originally from www.benzinga.com. Read the original article here.