Sad news. The crypto market is once again bombarded with the news of the 5th largest DeFi hack of all time. Almost $200 million has been taken out of Nomad a connecting protocol. According to the blockchain security firm, more than 41 addresses have been identified that are believed to have taken out millions of dollars during the theft.
According to PeckShield, 41 addresses racked up more than $152 million in Nomad bridge exploits. It amounts to 80% of the total theft. This includes 7 MEV Bots, 7 Rari Capital Arbitrum exploiters and 6 White Hats.
It added that about 10% of these addresses with the name ENS got $6.1 million from this exploit. While MEV Bots grabbed $7.1 million and Rari exploiter Arbitrum took $3.4 million.
After this massive attack, Nomad was listed as the biggest exploit in 2022. However, this hack was a little different from the others as funds were taken out of the protocol within hours in small batches.
Mudit Gupta, CISO at Polygon on Twitter stated that hackers can take everything in one transaction in the Nomad hack. But hackers don't do that.
He added that if the first attacker has the necessary and correct skills, they can take all the funds using smart contracts in one transaction. However, this is a smart contract hack and it is not something that can be compromised.
Gupta mentioned that this could have been avoided with better testing and some formal validation. Meanwhile, he concluded that decentralized bridges are complex and difficult to maintain.
Zellic, a blockchain security firm, says the understanding of 'bugs' is insufficient. It mentions that the first recorded hacking transaction was Wrapped Bitcoin (WBTC) worth $2.322 million.
During the hack, Nomad uploaded a statement that there is an increasing prevalence of impersonating Nomads on the internet and at the same time giving fake addresses. It mentions that they do not provide instructions on refunds.
Be advised that this case is under investigation and will provide an update on it.
