Latest news about Bitcoin and all cryptocurrencies. Your daily crypto news habit.
Key on-chain analytics showing Nomad’s exploit repercussions across the ecosystem
During the afternoon of August 1st, 2022, the Nomad bridge was exploited for over $190M in crypto assets. A recent unaudited upgrade to the protocol’s smart contracts created an exploitable vulnerability. Due to the particularity of the hack many experts are calling it one of the most chaotic hacks in Web3. This one came days after the Nomad protocol announced its $22 million seed round, led by highly regarded investors. The list of hacked bridges in 2022 continues to grow, following the Wormhole, Ronin and Harmony bridge exploits.
The Nomad protocol TVL had just recently reached a new all time high in TVL of $199 million on July 22. Among the top assets deposited in the bridge were USDC, WETH and WBTC, which suffered a loss of $87M, $39M and $24M respectively.
Source: IntoTheBlock & DeFi Llama
The indicator above depicts Nomad’s TVL increasing over time and then plummeting on the day of the exploit. The attack began with one address draining the WBTC pool by processing funds without having proof of the funds backing it. Using the bridge the attacker was able to send a Moonbeam transaction out of 0.01 WBTC, and somehow the Ethereum transaction bridged in 100 WBTC. As people noticed the attack, an estimated 300+ addresses copied the attack and began draining other pools on Nomad. Some of this included white hat hackers that even had named their addresses using Ethereum Naming Services (ENS). More recently Nomad informed of an official address to return funds to. As of 12AM (EST) of August 4th, 2022 the official Nomad recovery address has received $16.6M, of which $6.3M are USDC.
Turns out that attackers were able to process a message without proving it first. They accomplish this by manipulating the “process()” function by calling it directly without the function “prove()” approving it first. This allowed for withdrawals that did not necessarily match with the amount they deposited into Nomad on the other chain. This is what made the hack so explosive. Hackers were able to just copy a successful transaction and replace the address with their own, without the need to know advance solidity.
Among the major chains affected were the Moonbeam Network, Evmos chain and the Milkomeda chain. This was due to the fact that the Nomad bridge was chosen as the official bridge for these ecosystems. Tokens were locked in the Ethereum mainnet and wrapped bridge tokens were emitted in the destination chains.
Source: IntoTheBlock & DeFi Llama
The graph above shows Moonbeam TVL, which was the most affected chain by the Nomad exploit. It had also recently reached a new all time high TVL of $322 M on July 25th, 2022. Currently the chain TVL sits on $88 M, which represents a 72% decrease in TVL during the past 3 days.
Moreover, major Moonbeam dApps relating to the Nomad wrapped tokens are facing massive withdrawals. Moonwell Artemis and StellaSwap being the two biggest currently have dropped 81% and 67% respectively on TVL in the last 7 days. Protocols which didn’t support Nomad wrapped assets have surprisingly managed to increase their TVL. This is the case with Curve Moonbeam and Lido, which increased 25% and 55% respectively. Curve’s biggest pool which accounts for 95% of its TVL stands for xcDOT+ stDOT, currently none of the tokens are facing any issues. In regards to Lido, being a liquid staking service it is implied that more users have staked their tokens to help secure the network.
GLMR, Moonbeam Network token, suffered a relatively small decrease in price after the attack heavily affected the chain’s TVL.
Source: IntoTheBlock & CoinGecko
The chart above depicts the token price movement 14 days prior to the Nomad exploit. GLMR dropped from $0.84 to $0.64 representing a 23% decrease in price after the Nomad bridge was exploited. The attack spiked its daily trading volume to a 30-day high of $90 M.
In conclusion, many are naming this event as the first decentralized robbery. Nomad is working with blockchain forensics teams to attempt to identify and recover stolen funds. Crypto bridges continue to show exploitable vulnerabilities and harm many users during massive attacks. The Nomad code had undergone two audits prior to the recent upgrade and the protocol had been live for 8 months before the hack. It’s still early to draw final conclusions regarding this specific event; several other protocols have managed to survive similar drastic situations.
Analysis of the Nomad Bridge Exploit was originally published in IntoTheBlock on Medium, where people are continuing the conversation by highlighting and responding to this story.
Disclaimer
The views and opinions expressed in this article are solely those of the authors and do not reflect the views of Bitcoin Insider. Every investment and trading move involves risk - this is especially true for cryptocurrencies given their volatility. We strongly advise our readers to conduct their own research when making a decision.