What Happened with Nomad?
Nomad is the name of a once prominent and rising star in the DeFi space but has now succumbed to mainstream attention due to a monstrous hack that destroyed their cryptocurrency bridge stealing over 200 million dollars in user’s funds in what’s now being described as a “mob” of hackers and users alike abusing a security compromise allowing them to easily steal funds.
On Monday evening; an initial transaction triggered a wave of concern with a whopping $2.3 million in various cryptocurrencies removed from the Nomad bridge in a single transaction, followed suit by a multitude of transactions extracting various cryptocurrencies in “million dollar increments.”
The compromise stems from a faulty routine upgrade that allowed what is believed to be the initial hacker to skip verification messages and obtain tokens from the bridge in enormous sums, prompting a wave of hackers, bots, and regular users alike rushing in to obtain a piece of the enormous pie.
Community members, hackers, and bots alike used the breach caused by the initial hacker to further abuse the security compromise by copying and pasting the initial transaction numbers and replacing it with personal ones allowing them to re-enact the breach in the same manner the initial hacker had breached in the first place.
One of the saddest aspects of this compromise was the wave of community members who shamelessly participated in the breach to secure assets to benefit their personal fortune at the expense of the bridge. After the compromise, there was a surprising number of individuals who returned to the community that participated in the breach offering to return the funds they had stolen.
Some simply admitted to participating in the breach and apologized in humiliation, others provided excuses with certain individuals claiming to have participated in an “accident” or simply an action designed to protect their personal assets as well as their friends’ assets.
From $190,740,000 to $1,794 in just a few hours; a small initial compromise led to one of the most horrific mob-style cyber attacks in history, with a surprising portion of the community participating in Nomad’s destruction for their personal gain.
What is Nomad Doing Now?
Nomad has announced they are working with relevant law enforcement and data analytical firms to locate the funds stolen through the compromise.
This effort has led to some success, with a reported $9 million or 4.75% of stolen funds already returned and located after the exploit (per blockchain security company; Peck Shield’s reports), but an abundance of the stolen funds remains distributed through a multitude of wallets and locations due to the massive participation of users in the compromise.
During the exploit; a multitude of “white-hat hackers” participated in the attempt to save Nomad by allocating as much funding as they could from the bridge to personal addresses in hopes of returning it back to the bridge when it had been stabilized.
Nomad had released a statement outlining a process for these amazing heroes to return the funds in hopes of restoring as much stolen funding as possible in a tweet;
“We are actively working with a leading chain analysis firm and law enforcement to trace funds. All involved are prepared to take necessary action in the coming days. If you took ETH/ERC-20 tokens with the intention of returning them, we now have a process for you to do so.” - The Official Nomad Team
The majority of returned funds have been stablecoins; with a reported $3.8 million in USDC tokens and another $2 million in USDT tokens being sent by an abundance of addresses already.
What Does The Future Hold For Nomad?
Blockchains were built to allow individuals to engage in an ecosystem that has built anti-trust mechanisms to prevent bad individuals from ever destroying the ecosystem for their personal gain, but the experimental nature of connecting blockchains through bridges has led to sadly a huge number of devastating losses both for projects and investors.
The once prominent and widely respected bridge is now in turmoil as they scramble to salvage any stolen funds they can, and the future truly looks grim for what they can accomplish to persuade the community to return.
This is a grave lesson for the crypto space as a whole; another in a long line of horrible mistakes made by giant projects that is devastating the space as a whole, but this time we saw something absolutely horrific and disgusting. We saw a project’s destruction extremely accelerated by it’s community and participants, and it truly sheds a dark light on a minority of community members who if given the opportunity; would destroy everything in their path for personal gain and fortune.
Blockchains like Cardano have long withstood these bad actors from ever compromising the blockchain, but these projects developing bridges designed to connect blockchains are extremely experimentally and with little to no true understanding of how these can be as secure as the blockchains they are connecting. Bridges have proven to be one of the easiest systems to compromise in the blockchain industry, and more needs to be done before investors continue to throw hundreds of millions into this experimental and unguaranteed technology.