AltcoinsMarketsTechnology

Hackers Drain Nearly $200 Million From Nomad Token Swap Tool

748411

Hackers exposed yet another weakness in the DeFi space as they drained almost $200 million in cryptocurrency from a token bridge called Nomad.

Nomad commented on the exploit in a Tweet late Monday and said that they are aware of the incident and are currently investigating. Nomad has also not yet commented on whether it plans to reimburse lost tokens to users.

Blockchain security experts believed that the exploit was a chaotic free-for-all whereby anyone with knowledge of the vulnerability and how it worked, could simply withdraw any amount of tokens from Nomad like a broken ATM.

It is believed to have started with a recent upgrade to Nomad’s code where users were allowed to initiate a transfer and withdraw more assets than were deposited into the platform. Once other attackers realized what was happening, they quickly deployed a swarm of bots to execute copycat attacks.

“Without prior programming experience, any user could simply copy the original attackers’ transaction call data and substitute the address with theirs to exploit the protocol,” said Victor Young, founder and chief architect of crypto startup Analog.

“Unlike previous attacks, the Nomad hack became a free-for-all where multiple users started to drain the network by simply replaying the original attackers’ transaction call data.”

According to Coindesk, hackers sent back $9 million to Nomad a day after the exploit which equates to around 4.75% of the total loss.

So far there have been a cumulative $1 billion in crypto assets that have been stolen through bridge exploits in 2022, according to a report from crypto compliance firm Elliptic.

DISCLAIMER:

At the BTC Times, we decided to responsibly cover news about altcoins from time to time, provided that we consider them relevant for Bitcoin or interesting for our readers. The goal of these articles will always be to inform, explain, clarify, debunk, and expose, sticking to the objective facts and qualified technical opinions, and never to promote, advertise, or legitimize "coins", "tokens", or other investment propositions.

author avatar image

written by

Top stories

Stay up to date with our latest news.