A cryptocurrency bridge saw nearly $200 million drained on August 1. The attackers are also posing as Nomad employees. Bridge attacks have been common this year, and the Nomad attack adds to a growing list.
Cryptocurrency bridge Nomad suffered a nearly $200 million exploit on August 1. The team is investigating the attack and warned users not to send funds to people posing as Nomad employees.
Nomad has been the subject of an exploit that caused the attackers to make off with nearly $200 million worth of WETH and WBTC. The attack took place on August 1 and the team said they were aware of it and were conducting an investigation, according to a post on Twitter:
“We’re aware of impersonators posing as Nomad and providing fraudulent addresses to collect funds. We aren’t yet providing instructions to return bridge funds. Disregard comms from all channels other than Nomad’s official channel: @nomadxyz_”
The attack took place within a few hours and almost all of the bridge funds had been depleted. Samczsun, a researcher at Paradigm, said that a recent update to a smart contract made it possible for attackers to spoof transactions. He added on Twitter that, “It all started when @officer_cia shared @spreekaway’s tweet in the ETHSecurity Telegram channel. Although I had no idea what was going on at the time, just the sheer volume of assets leaving the bridge was clearly a bad sign.”
The attackers also try to pose as Nomad employees to steal more funds. The team said they were aware of these impersonators sending fraudulent addresses to raise funds. They clarified that they had not yet given instructions for the return of the bridge funds.
This exploit deals a serious blow to Nomad, which has been experiencing a significant few weeks. The company raised $22 million in a seed funding round just days ago, with participants including Coinbase Ventures, Polygon, Wintermute, Polychain Capital, Gnosis, and OpenSea.
Bridges Exploit: A Popular Attack Vector
Bridge attacks have become an increasingly popular method for malicious actors. Several have taken place this year alone, including the massive $600 million attack on Axie Infinity’s Ronin Bridge, which has just been relaunched. North Korean hackers have been linked to the attack on Ronin.
Wormhole was another major incident, with attackers siphoning off approximately $300 million from Solana’s bridge. The most recent of these attacks was on Harmony’s Horizon Bridge, in which $100 million was stolen.
Security Remains a Priority for DeFi
Security has become a top priority for DeFi projects, which have been under attack for years. In 2022 alone, hackers have stolen more than $1.2 billion from the DeFi space.
The teams are now working on how to prevent bridge attacks, and this will be necessary if the teams are to maintain their reputation and hold on to users. Nomad has been working on new solutions, although that doesn’t mean they aren’t completely invulnerable.
By Audy Castaneda