Crypto bridge Nomad was exploited for nearly $200 million on Aug. 1. The team is investigating the attack and has warned users not to send funds to individuals impersonating Nomad employees.
Crypto bridge Nomad has been subject to an exploit that saw attackers make away with nearly $200 million in WETH and WBTC. The attack took place on Aug. 1, and the team said that they were aware of it and are conducting an investigation.
The attack took place in a handful of hours, and almost the entire funds in the bridge had been drained. Samczsun, a researcher at Paradigm, said that a recent upgrade to a smart contract resulted in the attackers being able to spoof transactions.
The attackers are also attempting to impersonate Nomad employees to steal more funds. The team said that they were aware of these impersonators sending fraudulent addresses to collect funds. They clarified that they hadn’t yet put out instructions for the return of the bridge funds.
This exploit deals a tough blow to Nomad, which has been experiencing a strong few weeks. The company raised $22 million in a seed funding round only a few days ago, with the participants including Coinbase Ventures, Polygon, Wintermute, Polychain Capital, Gnosis, and OpenSea.
Bridge exploitations a popular attack vector
Bridge attacks have become an increasingly popular method for bad actors. Several have taken place this year alone, including the massive $600 million attack on Axie Infinity’s Ronin bridge, which only just relaunched. North Korean hackers have been linked to the attack on Ronin.
Wormhole was another major incident, with attackers siphoning approximately $300 million from the Solana bridge. The most recent of these attacks was on the Harmony Horizon bridge, which saw $100 million stolen.
Security still a priority for DeFi market
Security has become a top priority for DeFi projects, which have been subject to attacks for years. In 2022 alone, hackers have stolen over $1.2 billion from the DeFi space.
Teams are now working on how to prevent Bridge hacks, and this will be necessary if teams want to maintain their reputation and hold on to users. Nomad itself has been working on new solutions, though that does not mean they are not entirely invulnerable.
BeInCrypto has reached out to company or individual involved in the story to get an official statement about the recent developments, but it has yet to hear back.