Nomad is a cross-chain blockchain bridge project that helps people swap tokens on its platform, solving the interoperability problem between two blockchains. For instance, if you want to swap ETH, BTC, or WBTC, you can do that via Nomad, which will issue a wrapped token of the equivalent amount and store the original tokens in reserve.
Of course, it’s not a great day for Nomad’s crypto team members. Blockchain bridges are most vulnerable to cyberattacks, where hackers stole $200 million of Nomad’s funds. In addition, the loopholes in the smart contracts on the cross-chain bridges make it possible for hackers to exploit the situation and join the party.
However, in the case of Nomad, there was a bug in the smart contract, which made the transaction appear more to the receiver and less to the sender. So, for instance, you can literally send 0.1BTC on one side and receive 100 BTC on the other side.
Nomad, which markets itself as a “security-first cross-chain protocol.” Then what went wrong with the iron-clad security measures taken by the Nomads?
Samczsun, a researcher in the Web 3 community, explained how the attack was made possible.
Samczsun said that the hackers exploited the major smart contract loophole, wherein people with just a basic understanding of coding can steal the funds. “You didn’t need to know about Solidity or Merkle Trees or anything like that. All you had to do was find a transaction that worked, find/replace the other person’s address with yours, and then re-broadcast it,” as mentioned by the researcher.
Currently, the company officials are trying to get back the funds from the whitehats. Of course, Whitehat hackers will always steal some of the funds as a preventive measure, but the officials are still unaware of the scenario in this deal.
Nomad’s official Twitter handle stated, “We are working around the clock to address the situation and have notified law enforcement and retained leading firms for blockchain intelligence and forensics. Our goal is to identify the accounts involved and to trace and recover the funds.”
After people came to know about the loophole and how the money was getting stolen, more and more people joined the party, which was described on Twitter as “the first decentralized crowd-looting of a 9-figure bridge in history.”
More News at Cryptocurrencyessentials.com