Nomad, a cryptocurrency bridge that lets users swap tokens between blockchains, was targeted in a frenzied attack which left almost $200 million of its funds drained.
Nomad notified law enforcement and was working around the clock to address the situation.
The exploit was made possible by a misconfiguration of the project’s main smart contract that allowed anyone with a basic understanding of the code to authorize withdrawals for themselves.
The hack was so chaotic, all you had to do was to find a transaction that worked, find/replace the other person’s address with yours, and then re-broadcast it.
TPRM report: https://scoringcyber.rankiteo.com/company/nomadxyz
"id": "nom1544121122",
"linkid": "nomadxyz",
"type": "Cyber Attack",
"date": "08/2022",
"severity": "100",
"impact": "6",
"explanation": "Attack threatening the economy of a geographical region"{'affected_entities': [{'industry': 'Blockchain',
'name': 'Nomad',
'type': 'Cryptocurrency Bridge'}],
'attack_vector': 'Smart Contract Misconfiguration',
'description': 'Nomad, a cryptocurrency bridge that lets users swap tokens '
'between blockchains, was targeted in a frenzied attack which '
'left almost $200 million of its funds drained.',
'impact': {'financial_loss': '$200 million',
'systems_affected': 'Smart Contract'},
'motivation': 'Financial Gain',
'post_incident_analysis': {'root_causes': 'Misconfiguration of the project’s '
'main smart contract'},
'response': {'communication_strategy': 'Working around the clock to address '
'the situation',
'law_enforcement_notified': True},
'title': 'Nomad Cryptocurrency Bridge Hack',
'type': 'Cryptocurrency Heist',
'vulnerability_exploited': 'Misconfiguration of the project’s main smart '
'contract'}