Cryptocurrency Hacks all too common, but it has been extremely anarchic as the latest example. As The Verge recordNomad has confirmed that its cryptocurrency bridge (a service that allows you to exchange tokens between blockchains) is a victim of the August 1 “incident” where a hacker killed nearly $200 million in funds. As Samczsun Paradigm researcher explained, the intruders took advantage of a misconfiguration that allowed a well-informed user to authorize the withdrawal. The result is a “messy” hack where people can change crypto addresses to transactions known to be good for stealing digital money.
In the update, Nomad said it is “working around the clock” to resolve the problem with the help of law enforcement and blockchain intelligence companies. It hopes to both pinpoint the account involved and return the funds. A16z security team recommended the well-intentioned white hat hacker will return the crypto they took “preemptively,” but there is no word to identify the thief.
Bridges like this are prime targets for hackers because of the high volume of assets and the potential for exploitation in sophisticated code. Attackers swiped approximately $625 million from Ronin’s blockchain base Infinite Axie in March, and exploits on the Wormhole bridge led to a $325 million hack in February. While the Nomad breach wasn’t financially devastating enough, it does illustrate just how vulnerable the bridge is.