“One of the most chaotic hacks that Web3 has ever seen.”
That’s Bad
On Monday, hackers exploited a basic vulnerability in the code of Nomad — a crypto “bridge” that allows customers to transfer cryptocurrencies between different blockchains — getting away with roughly $190 million in user investments, CNBC reports.
This hack is just the latest in a string of attacks on crypto bridges, platforms that, according to CNBC, have collectively lost more than $1 billion to hackers in 2022 alone.
Given that Nomad markets itself as a “secure” platform, the company definitely has a lot of explaining to do.
Copy Paste
Though the company has remained tight-lipped about the incident, some analysts have weighed in on what they think went down.
“Nomad just got drained for over $150 million in one of the most chaotic hacks that Web3 has ever seen,” Sam Sun, a researcher at crypto investment firm Paradigm, wrote in a viral Twitter thread.
Sun alleged that the hackers needed very little technical knowledge to execute the heist, which he described in one tweet as a “frenzied free-for-all.”
According to Sun, the hackers simply exploited a coding mistake in a routine software update — a shocking error that allowed bad actors to forge transaction data with a simple copy-paste command.
“All you had to do was find a transaction that worked, find/replace the other person’s address with yours, and then re-broadcast it,” Sun explained.
According to CNBC, Nomad has yet to inform its users if they’ll be reimbursed — but given the industry’s track record, users should be ready to call their lost investments a write-off.
READ MORE: Hackers drain nearly $200 million from crypto startup in ‘free-for-all’ attack [CNBC]
More on crypto hacks: Wildly Overconfident Crypto.Com Bros Admit That Hackers Stole $30 Million of Its Money