The Nomad cross-chain bridge was hacked, but the hack was so simple that hundreds of users copied it and looted the rest of the $190M of assets.
Yet another cross-chain cryptocurrency bridge, the Nomad bridge, was drained of almost all its assets, but this time it wasn’t just hackers who participated. In a first for the blockchain industry, a 9-figure hack was committed by not just one hacker, or even a few hackers, but by hundreds of actual users in what can only be described as a “frenzied looting spree“.
Cross-chain bridges are a system of smart contracts and messaging scripts that connect one blockchain to another to allow for cryptocurrencies and NFTs to be transferred between them. They (usually) work by storing the tokens in a smart contract on their “native” chain, and then minting a “wrapped” version of the deposited tokens on the other chain. Users can also withdraw their native tokens by depositing the wrapped tokens back into the bridge, where they are burned. One common is example is Wrapped Bitcoin, or WBTC, which allows users to send their BTC on the Bitcoin blockchain to the Ethereum blockchain where it can be used in Decentralized Finance (or “DeFi“) applications. Bridges can wrap any kind of blockchain token, including non-fungible tokens (or “NFTs“) and stablecoins (cryptocurrencies stable to the dollar). Because they act as massive pools of locked up cryptocurrencies and digital assets, bridges are the most attractive targets for hackers, and present the largest security risk to the blockchain ecosystem.
Yesterday, TechCrunch and Gizmodo reported that the Nomad blockchain bridge was hacked, but the hack was so simple that hundreds of additional users copy-pasted the transaction and drained the bridge of $190M in what blockchain developer and Twitter user @0xfoobar is…
