And when we say millions of dollars, we’re talking about US$200 million (~RM891 million), which translates to approximately 8563 Bitcoins in value. Nomad has already acknowledged the hack and had been posting updates via Twitter, having initially claimed that it was an “incident” that was being investigated. Not long after, the bridge then said that its team was “working around the clock” to address the situation, which was pretty much just another way of saying that it was assessing the damage.
1/2 — Nomad (⤭⛓🏛) (@nomadxyz_) August 2, 2022 In another tweet, a researcher for a Web3 investment firm called Paradigm and goes by the title samczsun, explained that the hack attack on Nomad was only possible due to the exploitation of a misconfiguration of its main smart contract that allowed anyone with a basic understanding of code, to authorise the withdrawal to themselves. As pointed out by The Verge, blockchain bridges like Nomad are often now the target of high profile hacks, primarily due to the fact that they tend to hold a very large quantity of crypto assets, all behind a complex smart contract code that hackers find so deliciously challenging. Or easy, whichever description actually fits the difficulty level for these hackers.
All credit to @samczsun for doing the heavy lifting of diagnosing the precise vulnerability in his postmortem How did we get the first decentralized crowd-looting of a 9-figure bridge in history? pic.twitter.com/v5u6mrKQv1 — foobar (@0xfoobar) August 2, 2022 Prior to this hacking free-for-all on Nomad, there was another cryptocurrency exchange that fell victim to hackers. The company in question was Wormhole, and hackers had made off with close to 120000 wETH, which is a token that could be exchanged with the actual Ethereum. At the time, the value of those coins averaged around RM1.25 billion. Getting back on point, a post-mortem of the attack also revealed that, once one hacker successfully managed to break through Nomad’s security measures, other individuals with equal or better knowledge of coding would then use the above method and replicate the attacks. Simply put and as one Twitter user put it, it became one of the biggest nine-figure crowd-looting of a decentralised currency. (Source: The Verge)