Nomad Bridge Hack...Another Multi-Million Dollar Bridge Exploit This Year

^(Source)

Evening

So we have got yet another blockchain bridge mega-hack at our hands, as popular multichain Bridge Nomad got exploited for $200 million yesterday. Nomad Bridge provides token swap service between Ethereum, Avalanche, Evmos, Moonbeam and Milkomeda C1 chains.

How did it happened?

The exploit happened due to a bug in Nomad's main smart contract. The bug allowed anyone with basic knowledge of coding to find previously approved transactions, replace the receiving address with their address and rebroadcast the transaction to re-route the funds to their wallet.

The whole thing created a frenzy as multiple parties rushed to extract funds from the bridge, and the whole process became a crowd looting spectacle. Whereas many looters came with malintent, but hopes are that some white hat hackers also proactivity participated to secure the funds from being looted.

Nomad Bridge team have already acknowledged the hack and appealed to the white hat hackers to return the lost funds. As of now, $9M of the stolen funds have already been returned.

We are aware of the incident involving the Nomad token bridge. We are currently investigating and will provide updates when we have them.

— Nomad (⤭⛓🏛) (@nomadxyz_) August 1, 2022

With so many parties involved in the exploit pin pointing the main culprits might turn out to be the difficult job. The only hope Nomad is recovering as much of the lost funds as they can, courtesy of the possible white hat hackers.

Costly Year For Cross-Chain Bridges

Multitoken bridges are a tool of extreme utility as they provide the essential interoperability among various chains. But this interoperability also comes at a cost . A variety of risks linger due to the complex coding involved and huge amount of funds these bridges hold.

This year alone web3 world already got two mega-multichain bridges hacks, one Wormhole bridge and second Axie's Ronin bridge hack. Wormhole bridge resulted in a loss of $325 Million whereas Axis's Ronin amounted to $625 Million in stolen funds. Adding the recent $200 million Nomad bridge exploit to the list, we have a total of above $1 billion worth crypto stolen from the cross chain bridges.

Implications

Considering the amount of losses endured so far, cross-chain security might turn out to be the most urgent challenge Web3 world face today. Apparently the blockchain trilemma still persists.

Events like these also attract the attention the financial watchdogs and regulators, who remain hell-bound on taming the free & fast growing web3 world. They put the integrality and reputation of whole web3 ecosystem at risk and certainly call for increased vigilance, alertness and ingenuity.