A cross-chain bridge is a DeFi protocol that allows users to transfer assets from one blockchain to another. While this sounds very simple it is indeed a complex operation that not only requires running smart contracts on multiple ends but also enough liquidity on all involved chains to service users who are looking to bridge their assets. Yesterday an incident occurred that was sad, to say the least.

What is Nomad and how did the protocol get exploited for about $150 million?

The first copy-paste attack

Nomad is a protocol that allows bridging assets between Ethereum, Polkadot, Moonbeam, and a few other networks. So far it looks like the developers made a couple of upgrades to protocol and changed a line of code that opened the gates of hell.

An unknown hacker was able to exploit the dev team’s error and withdraw funds from the bridge. After the exploit, the line of code that was used by the hacker spread on several chat groups and channels. It didn’t require any knowledge, all malicious users had to do was to copy that line and replace the Ethereum address with their own, and execute the exploit via Etherscan.

In effect, the Nomad bridge got drained its funds within a very short amount of time. That was not only hurtful to the reputation of Nomad and their partners like Moonbeam, but also a devastating blow against the crypto community. This was not the doing of a single but rather the greed of many who chose to pick the wrong side.

White hats to the rescue

But it seems that not all hope is lost. Judging from social media activity many people tried to help by snatching the funds with the sole purpose of taking them into custody for Nomad. It is yet unclear how much has been saved by those volunteers.

They are taking a high risk in doing so because there is no way to differentiate between exploiters with remorse and helping hands. In fact, depending on the jurisdiction a person lives this could still constitute some sort of crime. Nevertheless, these people are a beacon of hope and while some people believe that the opportunity was good to make free money nothing can be further from the truth.

Many who took part in this didn’t care about the trails that they were leaving. Ever interacted with an exchange using that Ethereum address? Guess what, a three-letter agency next to the place you live will catch up to you. Promise!

Crime and blockchain don’t go well with each other. Even people who are proficient in covering their trails and exploiting blockchain technology are getting caught. The blockchain never forgets and it’s public.