Cross-chain messaging protocol Nomad, which allows users to send and receive tokens between different blockchains, was drained of at least USD 150m after experiencing a security exploit that allowed bad actors to spoof messages.
The project had USD 190m in total value locked (TVL) just before the exploit began, according to DeFi tracking platform DeFi Llama. However, in a matter of hours, all the funds were drained. At the time of writing, the project currently has around USD 5,600 in TVL.
Blockchain security firm BlockSec estimated the loss to be around USD 150m. This could suggest that users themselves withdraw the remaining USD 40m from the bridge.
Etherescan transactions show that the first suspicious transaction might have occurred at 9:32 PM UTC on Monday, when a user managed to remove wrapped bitcoin (WBTC) 100 (worth around USD 2.3m) from the bridge by depositing WBTC 0.01 (around USD 230).
Subsequently, the Nomad team confirmed that it was aware of the “incident involving the Nomad token bridge” adding it is “currently investigating the incident.”
Various amounts of WBTC, wrapped ethereurm (WETH), USD coin (USDC), frax (FRAX), covalent query token (CQT), hummingbird governance token (HBOT), IAGON (IAG), dai (DAI), gerowallet (GERO), card starter (CARDS), saddle DAO (SDL), and charli3 (C3) tokens have been taken from the bridge, according to data compiled by crypto security firm PeckShield.
According to Sam Sun, Head of Security at Paradigm, the hack was possible because “the Nomad team initialized the trusted root to be 0x00” during an upgrade, which had the “side effect of auto-proving every message.”
“This is why the hack was so chaotic – you didn’t need to know about Solidity or Merkle Trees or anything like that,” Sun added. “All you had to do was find a transaction that worked, find/replace the other person’s address with yours, and then re-broadcast it.”
Anonymous Terra researcher FatMan called the incident “the first decentralized robbery.” They added that “all one had to do was copy the first hacker’s transaction and change the address, then hit send through Etherscan.”