Robert Steinadler, 8 months ago

Nomad got exploited by a mob of users for $150 million

A cross-chain bridge is a DeFi protocol that allows users to transfer assets from one blockchain to another. While this sounds very simple it is indeed a complex operation that not only requires running smart contracts on multiple ends but also enough liquidity on all involved chains to service users who are looking to bridge their assets. Yesterday an incident occurred that was sad, to say the least.

What is Nomad and how did the protocol get exploited for about $150 million?

The first copy-paste attack

Nomad is a protocol that allows bridging assets between Ethereum, Polkadot, Moonbeam, and a few other networks. So far it looks like the developers made a couple of upgrades to protocol and changed a line of code that opened the gates of hell.

An unknown hacker was able to exploit the dev team’s error and withdraw funds from the bridge. After the exploit, the line of code that was used by the hacker spread on several chat groups and channels. It didn’t require any knowledge, all malicious users had to do was to copy that line and replace the Ethereum address with their own, and execute the exploit via Etherscan.

In effect, the Nomad bridge got drained its funds within a very short amount of time. That was not only hurtful to the reputation of Nomad and their partners like Moonbeam, but also a devastating blow against the crypto community. This was not the doing of a single but rather the greed of many who chose to pick the wrong side.

White hats to the rescue

But it seems that not all hope is lost. Judging from social media activity many people tried to help by snatching the funds with the sole purpose of taking them into custody for Nomad. It is yet unclear how much has been saved by those volunteers.

They are taking a high risk in doing so because there is no way to differentiate between exploiters with remorse and helping hands. In fact, depending on the jurisdiction a person lives this could still constitute some sort of crime. Nevertheless, these people are a beacon of hope and while some people believe that the opportunity was good to make free money nothing can be further from the truth.

Many who took part in this didn’t care about the trails that they were leaving. Ever interacted with an exchange using that Ethereum address? Guess what, a three-letter agency next to the place you live will catch up to you. Promise!

Crime and blockchain don’t go well with each other. Even people who are proficient in covering their trails and exploiting blockchain technology are getting caught. The blockchain never forgets and it’s public.

Featured articles
Four trading strategies for crypto
Bitcoin and Ethereum: what are the differences?
What determines the Bitcoin price?
Related articles
Authorities closed ChipMixer: Crime and Bitcoin don’t go together

Mar 16, 2023

Many people believe that Bitcoin is anonymous and that nobody can see who is behind each Bitcoin address. That is true to some extent but with blockchain analysis there is a tool available that can reveal the origin of funds. Most crypto companies use such services to block funds that originate from dubious sources such as Darknet marketplaces. Criminals are creative and responded with so-called Bitcoin tumblers to disguise their digital trails.

Trade anytime, anywhere

Boost your trading impact and reaction time in over 80+ cryptocurrencies via instant access to your portfolio with the LiteBit app.

  • 2525 Ventures B.V.
  • 3014 DA Rotterdam
  • The Netherlands
More info
  • About LiteBit
  • Careers
  • Support
  • Sell
  • News
  • Education
  • Affiliates
Subscribe for updates

Sign up to stay informed via our email updates

Explore popular coins
© 2023 LiteBit - All rights reserved