{"id":13425,"date":"2022-08-02T18:20:41","date_gmt":"2022-08-02T18:20:41","guid":{"rendered":"https:\/\/crowdfundjunction.com\/blog\/cross-chain-bridge-nomad-loses-190-million-making-it-2022s-third-largest-crypto-heist-bitcoin-news\/"},"modified":"2022-08-02T18:20:41","modified_gmt":"2022-08-02T18:20:41","slug":"cross-chain-bridge-nomad-loses-190-million-making-it-2022s-third-largest-crypto-heist-bitcoin-news","status":"publish","type":"post","link":"https:\/\/crowdfundjunction.com\/blog\/cross-chain-bridge-nomad-loses-190-million-making-it-2022s-third-largest-crypto-heist-bitcoin-news\/","title":{"rendered":"Cross-Chain Bridge Nomad Loses $190 Million Making It 2022’s Third-Largest Crypto Heist \u2013 Bitcoin News"},"content":{"rendered":"

(Originally posted on : Bitcoin News )<\/b>
\n<\/p>\n

\n
\n<\/header>\n
\n<\/div>\n

On Monday, the cross-chain token bridge Nomad was attacked and hackers managed to siphon $190 million from the protocol, draining a great majority of the funds. The Nomad cross-chain bridge attack was the third-biggest crypto heist of 2022, and the ninth largest of all time.<\/strong><\/p>\n

Nomad Cross-Chain Bridge Exploited for $190 Million<\/h2>\n

Cross-chain bridges in the world of decentralized finance (defi) just can\u2019t catch a break no matter how long they have been running and even after the bridges have been audited. On August 1, 2022, the cross-chain bridge Nomad<\/a> suffered an attack that saw the bridge lose $190 million in crypto funds. Security experts at the blockchain auditing firm Certik<\/a> published an incident report<\/a> describing what happened.<\/p>\n

\u201cThe vulnerability was in the initialization process where the \u201ccommittedRoot\u201d is set as ZERO,\u201d Certik wrote. \u201cTherefore, the attackers were able to bypass the message verification process and drain the tokens from the bridge contract,\u201d Certik added, noting:<\/p>\n

\n

The exploit occurred when a routine upgrade allowed verification messages to be bypassed on Nomad. Attackers abused this to copy\/paste transactions and were able to drain the bridge of nearly all funds before it could be stopped.<\/p>\n<\/blockquote>\n

\"\"
Number of crypto project attacks by month, according to researchers at Comparitech.<\/figcaption><\/figure>\n

Cross-chain bridges have been suffering from exploit after exploit since they were first introduced. At the end of March, the largest hack of 2022<\/a> saw $620 million stolen from Axie Infinity\u2019s Ronin bridge. Researchers at Comparitech detail that the Nomad bridge attack was the third-largest breach this year, according to the research firm\u2019s crypto heist tracker<\/a>. While Nomad connected a variety of blockchain networks, the founder and CEO of AVA Labs, Emin G\u00fcn Sirer, tweeted about the incident and said the AVAX bridge was safe.<\/p>\n

\u201cThe Nomad bridge, used by non-Avalanche chains, was hacked today,\u201d G\u00fcn Sirer wrote<\/a>. \u201cNomad was the official bridge for EVMOS (Cosmos EVM), Moonbeam (Polkadot EVM), and Milkomeda (another EVM) \u2014 The Avalanche Bridge is unaffected.\u201d<\/p>\n

Nomad Raised $22 Million in April, Blockchain Security Company Certik Says This Particular Bug \u2018Would Be Difficult to Discover Under Conventional Auditing Practices\u2019<\/h2>\n

The attack against the Nomad bridge follows the project raising approximately $22.4 million<\/a> in seed funding in a finance round led by Polychain Capital. Other strategic investors that helped Nomad raise funds include 1kx, Ethereal Ventures, Hack.vc, Circle Ventures, Amber, Robot Ventures, Hypersphere, Figment, Dialectic, Archetype, and Ledgerprime. While a broad audit could have found the Nomad bridge vulnerability, the blockchain and smart contract auditors from Certik say this attack may be more difficult to find in a conventional audit.<\/p>\n

\u201cThis type of issue would be difficult to discover under conventional auditing practices that assume all deployment configurations are correct, because this particular bug was introduced by mistakes in the deployment parameters,\u201d Certik\u2019s report on the Nomad situation concludes. \u201cHowever, a broader auditing process and full-scope penetration test that includes validating deployment processes would potentially capture this bug,\u201d the auditors added.<\/p>\n

\n
\nTags in this story
\n<\/h6>\n
$22 Million<\/a>, Amber<\/a>, Archetype<\/a>, Bridge<\/a>, bug<\/a>, certik<\/a>, Certik Auditors<\/a>, Certik Audits<\/a>, Circle Ventures<\/a>, Comparitech<\/a>, Comparitech researchers<\/a>, cross-chain bridge<\/a>, Cross-Chain Bridge Hacks<\/a>, crypto heist<\/a>, defi vulnerability<\/a>, defi vulnerabilty<\/a>, Dialectic<\/a>, Emin G\u00fcn Sirer<\/a>, Exploit<\/a>, Figment<\/a>, Hypersphere<\/a>, Ledgerprime<\/a>, Nomad<\/a>, Nomad Bridge<\/a>, Nomad cross-chain bridge<\/a>, Nomad theft<\/a>, Robot Ventures<\/a>, Stolen Crypto<\/a>, Third Largest Heist<\/a><\/div>\n<\/div>\n

What do you think about the recent cross-chain exploit against the Nomad bridge? Let us know what you think about this subject in the comments section below. <\/strong><\/em><\/p>\n

\n
\n<\/div>\n
\n
\nJamie Redman <\/h6>\n

\nJamie Redman is the News Lead at Bitcoin.com News and a financial tech journalist living in Florida. Redman has been an active member of the cryptocurrency community since 2011. He has a passion for Bitcoin, open-source code, and decentralized applications. Since September 2015, Redman has written more than 5,700 articles for Bitcoin.com News about the disruptive protocols emerging today.

\n
\n
\n<\/a>
\n<\/span>\n<\/p>\n<\/div>\n<\/div>\n

Image Credits<\/b>: Shutterstock, Pixabay, Wiki Commons, Comparitech, <\/em><\/p>\n

\n

Disclaimer<\/strong>: This article is for informational purposes only. It is not a direct offer or solicitation of an offer to buy or sell, or a recommendation or endorsement of any products, services, or companies. Bitcoin.com<\/a> does not provide investment, tax, legal, or accounting advice. Neither the company nor the author is responsible, directly or indirectly, for any damage or loss caused or alleged to be caused by or in connection with the use of or reliance on any content, goods or services mentioned in this article.<\/p>\n<\/div>\n

\n