Crypto Bridge Nomad Loses $190M in Free-For-All AttackAttacker Exploited Bug Introduced During 'Routine Upgrade'
Dozens of hackers converged on trading platform Nomad to drain nearly $200 million in digital assets held by the U.S. cryptocurrency firm in an attack described by an observer as a "frenzied free-for-all."
The attack, discovered late Monday afternoon, vaults Nomad into the upper tier of cross-chain bridge hacking victims. Cross-chain bridges perform a vital cryptocurrency service by allowing users to exchange digital assets, such as crypto tokens, between multiple, otherwise siloed blockchains.
"We are aware of the incident involving the Nomad token bridge. We are currently investigating and will provide updates when we have them," the company tweeted. Nomad, which advertises itself as a "security-first cross-chain messaging protocol," raised $22 million on a $225 million valuation earlier this year. Only days ago, it revealed its investors include Coinbase and OpenSea.
Blockchain security experts say the attack occurred after Nomad updated its smart contracts and inadvertently made it easy to spoof transactions by failing to verify the amount of digital assets being exchanged.
The company spotted the attack at 5:32 p.m. EDT on Monday, a Nomad spokesperson tells Information Security Media Group. It has retained blockchain intelligence and forensics firms to investigate the incident and notified law enforcement. "Our goal is to identify the accounts involved and to trace and recover the funds," the spokesperson says.
The attackers stole at least $190.7 million and laundered at least $6 million via cryptocurrency mixer Tornado Cash, blockchain security firm PeckShield tells ISMG. Nomad has ceased operations and at the time of writing, close observers estimate that less than $10,000 remains in Nomad.
The total number of victims is "quite hard" to determine, PeckShield says. Among them appear to be Cardano's decentralized oracle Charli3; Evmos, an interconnected community of blockchains; and blockchain data aggregator Covalent.
One of the thieves, who stolen $3 million, appears to be the exploiter behind the Rari Capital attack (see: A $10 Million 'Bounty' for an $80 Million DeFi Attack).
Attack Analysis and Impact
Nomad is underpinned by a generalized cross-chain messaging protocol for building applications to send messages, transfer tokens and initiate actions across multiple networks.
It deploys a core contract on each supported blockchain, which acts as a mailbox for any cross-chain messages or transactions. Off-chain agents relay messages via a root hash to this contract. All these messages need to be confirmed on-chain by the prove() and the process() procedures. The former verifies the messages and marks them as proven, while the latter checks if the messages have been proven and executes them.
"But there was a bug in the process function that treated nonconfirmed roots as confirmed," allowing attackers to empty the platform of funds, Yajin Zhou, CEO of BlockSec, tells ISMG.
The bug was an improper initialization function on Nomad, PeckShield says. It allowed the transaction messages to be validated immediately instead of going through the predetermined verification process. The attackers misused this vulnerability to broadcast fake messages, validating all requests for funds transfer by default and drained the assets from the protocol, PeckShield adds.
"The improper initialization led to the zero address (0x00) being marked as a trusted root, which led to every message being proven valid by default," it says.
The Nomad team initialized the trusted root to be 0x00 during a "routine upgrade," which in this case caused the "side effect of auto-proving every message," says @samczsun, a well-known crypto investigator. The routine upgrade allowed users to spoof transactions and withdraw money that did not belong to them.
"tl;dr a routine upgrade marked the zero hash as a valid root, which had the effect of allowing messages to be spoofed on Nomad. Attackers abused this to copy/paste transactions and quickly drained the bridge in a frenzied free-for-all," says samczsun.
Recovery and Mitigation
Some white hat hackers "reacted quickly to withdraw and safeguard the funds," the Nomad spokesperson says. Instructions on how to return the funds will be shared on the company's Twitter soon, the spokesperson also says.
PeckShield says 41 addresses were responsible for withdrawing about $152 million, including $7 million by MEV bots and $3.4 million by the Rari Capital exploiter. At the time of writing this story, six white hat hackers had taken about $8.2 million, it says.
It is key to conduct audits, and more importantly, address the issues that are found during the audits, PeckShield tells ISMG. Companies must also conduct local tests, especially for corner cases, it says.
BlockSec's Zhou adds that blockchain projects must be actively monitored for unusual activities. Any unusual activity, such as the flow of a large number of assets out the bridge as in Nomad's case, can help with detection and subsequently prevention. "Unfortunately, the [Nomad] project does not have such monitoring infra to project the assets," Zhou says.