Hackers stole approximately $200 million in ether and stablecoins from crypto bridge Nomad in the latest cryptocurrency attack.
During the two-hour attack, Nomad’s holdings fell from $190.7 million to $651.54. In a tweet early Tuesday, Nomad claimed that it had notified law enforcement, hired blockchain intelligence and forensics organizations, and was “working around the clock” to trace and reclaim the funds.
The hack exposes an ever-present concern in decentralized finance, which has limited accountability when such crises occur because authorities cannot simply seize the funds. According to Chainalysis, a blockchain analytics business, hackers made $3.2 billion in 2021 and are on track to duplicate that figure in 2022. However, theft can sometimes be recovered if the offender is recognized and apprehended or if a reward is paid to restore the funds.
However, the “chaotic” nature of Nomad’s hack makes a difference: While many assaults have a single culprit, Nomad’s was a “frenzied free-for-all,” according to a researcher at Paradigm. The funds were diverted to over 41 different wallet addresses as vultures flocked to loot Nomad after word of the scam spread.
The heist was made possible because Nomad’s hacking only required simple coding. A simple software upgrade revealed the theft, which allowed users to “spoof” transactions by manually rewriting the code to withdraw more cryptocurrency than was held in their accounts. This treated Nomad like an endless ATM giving away free money. Once a hacker discovered it, others could easily copy and paste the malicious code to participate in the con.
The most recent cyberattack on a so-called crypto “bridge” was the third such hack in 2022. According to blockchain analytics company Elliptic, more than $1 billion has been taken from bridges in 2022, including $600 million in March from the Ronin bridge, which supports the well-known Axie Infinity video game. Also, $300 million had been stolen from the Solana-based Wormhole bridge months prior.
The attack on Nomad has increased these worries. Before the heist, Nomad had presented investors like Coinbase Ventures and OpenSea with a vision of a cross-chain protocol that put “security first.”