Malicious actors hacked into the system of the Nomad bridge, a crypto project that allows users to move digital assets between blockchains, draining nearly $200 million of their funds. Nomad addressed the hack in a tweet and said:
We’re aware of impersonators posing as Nomad and providing fraudulent addresses to collect funds. We aren’t yet providing instructions to return bridge funds. Disregard comms from all channels other than Nomad’s official channel: @nomadxyz_
— Nomad (⤭⛓🏛) (@nomadxyz_) August 2, 2022
The breach took place on Monday evening, with $45 million getting hacked by 7:15 P.M. This is the latest incident that has caused severe damage to crypto bridges following similar attacks on Axie Infinity’s Ronin Bridge that lost over $600 million.
A crypto investment firm Paradigm researcher, @samczsun, explained that the breach may have been due to a recent update on Nomad’s smart contracts. The upgrade showed zero hash as a valid root. This might have led to the spoofing of messages on Nomad. It may have made it simpler for hackers to spoof transactions, allowing users to withdraw money that wasn’t theirs.
In a series of tweets, the researcher explained that the hack could have been completed by putting credentials of others whose transactions had been successful. All they needed was to replace the contact details to complete the fraudulent transaction, adding that it might have been as simple as copy-pasting credentials to fetch money from others’ accounts.
It is also speculated that the hack could be connected to the event of making the complete list of investors public with the likes of @coinbase, @Cryptocom_Cap and @0xPolygon being mentioned on it. Last week, Nomad expressed its goal of making communications across blockchains safer. They added that they believe that secure cross-chain messaging is key to uniting DeFi ecosystems and unlocking block space’s true power and potential.