Nomad apparently overlooked security vulnerability that brought to $190M exploit

The Nomad token bridge hack on August. 3 was the 4th largest crypto hack ever that saw nearly $200 million price of crypto assets drained in the platform. However, greater than the hack, the methodology behind it received prevalent attention.

The exploit required place as a result of smart contract vulnerability that saw countless users apart from the hacker will also get involved, removing around they are able to simply by copy-pasting the transaction data utilized by the first hacker and altering the wallet address to their own. The big event was later considered like a decentralized robbery by many people because of the participation of ordinary community people.

Later, the Nomad team revealed to Cointelegraph that some people who required funds were acting benevolently to safeguard the crypto from stepping into the incorrect hands.

As a direct consequence from the hack, the crypto analysis group BestBrokers discovered that the very first exploit required put on August. 1, which drained 400 Bitcoin (BTC) in four different transactions. The online hackers later diverted all 22,880 Ether (ETH), then moved to the over $107 million price of stablecoins and lastly began diverting the altcoins based on the work.

The incident has witnessed WBTC, Wrapped Ether (WETH), USD Gold coin (USDC), Frax (FRAX), Covalent Query Token (CQT), Hummingbird Governance Token (HBOT), IAGON (IAG), Dai (DAI), GeroWallet (GERO), Card Starter (CARDS), Saddle DAO (SDL) and Charli3 (C3) tokens obtained from the bridge.

Related: Ongoing Solana-based wallet hack seeing millions drained

Some altcoins which were stolen in the platform endured over a 94% decline. Data collected through the analysis firm demonstrated the following altcoins endured the greatest collapse following the hack:

The smart contract vulnerability which was exploited was highlighted inside a security audit report made by Quantstamp within the first week of June. The Nomad team even taken care of immediately the vulnerability by claiming so that it is “effectively impossible to obtain the preimage from the empty leaf.”

The auditors thought that the Nomad team has misinterpreted the problem at that time, and within two several weeks, exactly the same vulnerability continues to be the explanation for nearly $200 million in losses.

Cointelegraph arrived at to Nomad with queries associated with the invention and can update the storyline accordingly.

Latest stories

You might also like...