Cointime

Cointime

Download App
iOS & Android

On Nomad Theft: Security of Chain-to-Chain Bridge

Cointime Official

Another tragedy in the history of the Chain-to-Chain Bridge or Cross-Chain Bridge happened this August and the protagonist is Nomad Bridge. More than $190 million was stolen and the theft was turned into the largest and most chaotic "decentralized" heist in DeFi history.

As a new Chain-to-Chain Bridge launched this year, Nomad, with popular concepts such as cross-chain communication, has not only won the love of Coinbase Ventures, OpenSea, Polychain and other venture capital institutions, but also completed a $22 million of financing in April. It also quickly became the official Chain-to-Chain Bridge of EVMOS, Moonbeam, Milkomeda and other EVM public chains, and its lock-up volume quickly rose to nearly $200 million.

Still, no amount of endorsements is a safety net. Less than a week after the new list was released, hackers targeted Nomad and its total lock-up fell from $190 million to less than $2,000 in a matter of hours.

For a start-up project, tens of millions of dollars of financing can be regarded as the starting line to win. What is the advantage of Nomad in terms of team and design mechanism? And what vulnerabilities triggered the hack? What is the security of Chain-to-Chain Bridges we’re talking about today?

What does a Chain-to-Chain bridge tell us about the rapidly changing blockchain market?

Essentially, the initial overwhelming traffic driven by Ethereum is segmented bit by bit until a fragmented “value island" is formed. This phenomenon has become more and more evident in the past two years with the increase of the L2 projects. In essence, multi-chain coexistence is a new market pattern. As more public chains emerge, L2 projects continue to evolve and the corresponding ecosystem improves, the need for cross-chain asset transfers will explode.

However, at present, there are different types of assets and protocols on different public chains, which makes it impossible for them to communicate directly and that brings a lot of inconvenience to users.

The development of Chain-to-Chain technology makes it possible for users to interoperate between different blockchains, such as asset transactions and information exchange. The most widely used implementation is Chain-to-Chain bridge in the Web3 domain. This connection is important because without a blockchain “bridge”, blockchains would be isolated from each other, unable to communicate with each other.

What makes Nomad bridge stand out and win over those famous capitals?

Nomad is a security-first cross-chain messaging protocol whose goal is to provide connective tissue that enables end-users to securely interact across blockchains and developers to build cross-chain applications such as token bridges, native cross-chain assets, cross-chain governance applications, and more.

According to Nomad's official profile, members of its founding team have been involved in interoperability research for more than four years, and in 2017 several of them worked at Summa, a cross-chain interoperability R&D company.

Pranay Mohan, CEO and co-founder of Nomad, has 8 years of development experience. He started as a software engineer at IBM in 2014, and then co-founded software media company SE Daily. He has since worked at Snapchat, O(1) Labs, and Celo.

Nomad realized that while header relays or light client were theoretically considered the most secure way to build cross-chain bridges, they were not scalable and difficult to deploy across heterogeneous ecosystems. Light client require expertise in proof-of-work and proof-of-stake implementation and are not friendly to new developers.

Thus, Nomad, taking inspiration from Optimistic Rollups, is exploring ways to avoid light client and use fraud proofs in Optimistic Rollups to build a trust-minimizing bridge that is also easy to deploy in various ecosystems. As a result, Nomad expects to reduce gas fees by 90% compared to traditional block header relays. This is also an Optics design.

Nomad wants to provide a security-first interoperability solution where developers can securely build cross-chain applications (xApps) and bridge assets between chains. Currently, Nomad has launched the Nomad Token Bridge, which supports cross-chain assets on Ethereum, Moonbeam, and Milkomeda C1, with more chains to come.

With the security-first slogan, why this $190 million still occurred to Nomad?

Nomad Bridge was hacked on August 2 after bad actors discovered a security hole in Nomad smart contracts that enabled them to withdraw funds that did not belong to them through suspicious transactions.

According to the Slow fog analysis, this attack was caused by the fact that the trusted root of the Nomad bridge Replica contract was set to 0x0 during initialization, and the old root was not invalid when the trusted root was modified. As a result, the attack can construct any message to steal funds from the bridge.

In addition to professional analysis, there are also many people in the industry who have explained the attack in layman's terms. For example, @0x_Todd from Nothing Research said:

“Nomad had a trivial error in upgrading contracts, which resulted in ordinary people being able to hack, find past successful transactions, and then change the address and broadcast again. ”

However, the amount of money cannot be changed, so the hackers also wanted to steal one piece after another, which gave others an opportunity to grab the remaining Nomad assets, some even with ENS attached to them, such as ?? .eth this man robbed more than $3 million.

Samczsun, Paradigm partner, said:

“Nomad just got drained for over $150M in one of the most chaotic hacks that Web3 has ever seen. You didn't need to know about Solidity or Merkle Trees or anything like that. All you had to do was find a transaction that worked, find/replace the other person's address with yours, and then re-broadcast it.”

The very special point about this theft is that it was not caused by a single or several of hackers, but after the initial attacker attacked, hundreds of different accounts found this way and copied their way to get stolen funds.

Among the skepticism on the team, how does Nomad cope with the ‘most chaotic theft’?

The professionalism of the Nomad team was questioned during the theft.

At the beginning of the hack, the Nomad team said in the Discord community that they were investigating the case. At the time, about $100 million in assets had not yet been stolen from the Nomad contract address.

"The Nomad bridge is an upgradeable proxy contract. Why didn't the multisig block transactions when the slow-motion hack started?" "Says CrocSwap founder @0xdoug.

It's also worth noting that Nomad founder James Prestwich was accused of wrongdoing when he launched the project earlier this year. In November, the Celo public cross-chain bridge Optics was temporarily suspended. James Prestwich, the engineer at the time, was blamed for the incident.

Nomad was then offering a 10% reward to recover $190 million after it was hacked. Nomad has since issued a statement saying that whoever returns at least 90 per cent of the stolen tokens will be considered a so-called "white hat" -- a hacker whose goal is to find vulnerabilities rather than acquire them maliciously.

"We are not suing white hats," Nomad Chief Executive Pranay Mohan said in a statement. "But we will continue to work with our partners, intelligence firms and law enforcement to fully hold all other malicious actors accountable to the full extent of the law."

"If you haven’t yet returned funds, you can still do so now! Metagame checks your on-chain tx history automatically. "the Nomad team said via Twitter.

As of August 8, the white hat hackers had returned about $32.6 million of the total $190 million stolen, Cointelegraph reported.

BlockBeats news, on September 21, the cross-chain interoperability protocol Nomad released the cross-chain bridge restart update, called support restart made significant changes to the code, including vulnerability exploitation fixes, bridging GUI patches, processing recovered funds, etc., will be released after the completion of the audit code.

Back to technical solitons, Nomad stated that bridging recovered funds to madAssets is not a simple process, and users need to follow the following process:

1. The bridge. Bridging madAssets back into Ethereum results in an NFT that specifies the type and number of bridged assets.

2. Use an NFT (for example, 100 USDC). This NFT grants rights to a portion of the asset equivalent to a percentage of the recovered asset. In addition, users who are added to the whitelist will only be able to receive the recovered funds, the recovered funds will be accounted for by token, the tokens returned in different forms will be released, and Nomad will work with blockchain forensics companies to determine which tokens are affected.

Summary

Among the well-known cross-chain bridges, only Stargate, Hop Protocol, and Connext have not been successfully attacked so far. How long can they survive? Nomad provides a cross-chain solution that considers speed, cost, and network security by imitating optimistic system with fraud proof utilization. With complementary cooperation with cross-chain infrastructure such as Connext and later integration with other DEX protocols, Nomad may play a key role in interoperability solutions after it really learns the lesson from the historic theft.

DeFi
Comments

All Comments

Recommended for you

  • Cointime's Evening Highlights for May 19th

    1.US spot Bitcoin ETFs saw net inflows of $948.3 million this week

  • This year, there have been more than 90 Bitcoin ecosystem-related financings

    There have been more than 90 financing transactions related to the Bitcoin ecosystem since 2024, setting a new record for the highest number of financing transactions in a single year in Bitcoin's history. Kyle Samani, Managing Partner at Multicoin Capital, pointed out that with the emergence of the Bitcoin Taproot upgrade and the Ordinals protocol, the Bitcoin ecosystem is experiencing a "developer renaissance". For some developers, building financial tools on Bitcoin is more attractive because it is the oldest and most secure blockchain. Multicoin Capital's investment trend is reportedly shifting from Solana to the Bitcoin ecosystem. The venture capital firm has invested in projects such as Solana Labs and StarkWare, but recently participated in the funding of the Bitcoin-native music platform Arch Network and the Bitcoin scaling network Mezo.

  • $1.911 billion worth of SOL transferred

    According to Whale Alert monitoring, 11,040,253 SOL (US $1,911,291,365) was transferred from an unknown wallet to another unknown wallet.

  • DeFi TVL exceeds $95 billion again

    According to defillama data, as of May 18, 2024, the total value locked (TVL) in DeFi has once again surpassed $95 billion. It is currently reported at $95.069 billion, an increase of nearly $12 billion from the low point of $83.04 billion 35 days ago. Among the top five protocols in terms of TVL, Eigenlayer has the highest 30-day increase, with TVL rising by 19.67% to a total of $15.455 billion.

  • Cointime's Evening Highlights for May 24th

    1. CryptoPunks Launches “Super Punk World” Digital Avatar Series

  • An address mistakenly transferred about $7,000 in BTC to Satoshi Nakamoto’s wallet

    According to Arkham monitoring, someone accidentally sent 90% of their BTC assets to Satoshi Nakamoto's wallet address last night. They were trying to swap Ordinal for PupsToken, but ended up sending almost their entire wallet balance - about $7,000 worth of BTC.

  • USDC circulation increased by 200 million in the past 7 days

    According to official data, within the 7 days ending on May 16th, Circle issued 1.8 billion USDC, redeemed 1.6 billion USDC, and the circulation increased by 200 million. The total circulation of USDC is 33.2 billion US dollars, and the reserve is 33.4 billion US dollars, of which 3.8 billion US dollars are in cash, and Circle Reserve Fund holds 29.6 billion US dollars.

  • Bitcoin mining company Phoenix Group released its Q1 financial report: net profit of US$66.2 million, a year-on-year increase of 166%

    Phoenix Group, a listed mining company and blockchain technology provider for Bitcoin, released its Q1 financial report, with the following main points:

  • Pudgy Penguins and Lotte strategically cooperate to expand into the Korean market, and the floor price rose by 3.1% on the 7th

    The NFT series "Pudgy Penguins" has recently announced a strategic partnership with South Korean retail and entertainment giant Lotte Group on the X platform to expand its market in South Korea and surrounding areas. More information will be announced in the future. According to CoinGecko data, the floor price of Pudgy Penguins is currently 11.8 ETH, with a 7-day increase of 3.1%.

  • CryptoPunks Launches “Super Punk World” Digital Avatar Series

    Blue-chip NFT project CryptoPunks announced the launch of "Super Punk World" on X platform, which is the project's first release of 500 digital avatars inspired by the iconic CryptoPunks features and combined with Super Cool World attributes. It is reported that the series may launch auctions in the future, and more details about the collection and auction of this series will be announced soon.

Daily Must-Read

Popular Activities

Delysium $AGI & AI Private Yacht Party

Delysium $AGI & AI Private Yacht Party

March 27 - March 27
Seoul

Popular Tags

Cointime
News
Contents
RSS
Company