Cryptocurrency startup Nomad allowed thieves to steal all its fake money. It’s the latest dangerous DeFi API vulnerability in a long line of such failures.
Nomad claimed its “optimistic bridging” API would “would keep users’ funds safe.” That sounds like an optimistic promise—it certainly hasn’t aged well.
Stupid exploit or cynical rug pull? In today’s SB Blogwatch, we take a closer look.
Your humble blogwatcher curated these bloggy bits for your entertainment. Not to mention: Technical interview survival guide.
I’ve Got a Bridge to Sell You
What’s the craic? Elizabeth Howcroft reports—“Crypto firm Nomad hit by $190 million theft”:
“Nomad described itself as a ‘security-first’ business”
Crypto analytics firm PeckShield [said] $190 million worth of users’ cryptocurrencies were stolen, including ether and the stablecoin USDC. Other blockchain researchers put the figure at over $150 million. [It’s] the latest such heist to hit the digital asset sector this year.
…
[It] targeted Nomad’s “bridge” – a tool which allows users to transfer tokens between blockchains. … Blockchain bridges have increasingly become the target of thefts, which have long plagued the crypto sector. Over $1 billion has been stolen from bridges so far in 2022, according to … Elliptic.
…
San Francisco-based Nomad … which last week raised $22 million from investors … makes software that connects different blockchains – the digital ledgers that underpin most cryptocurrencies. … Nomad described itself as a “security-first” business which would keep users’ funds safe.
That’s hilarious. Sam Kessler and Brandy Betz mourn the loss—“Calls the security of cross-chain token bridges into question once again”:
“Bridge attacks have become more frequent”
Attackers [drained] the protocol of virtually all of its funds. … Monday’s attack is the latest in a string of highly-publicized incidents.
…
The Nomad team…
