The global digital asset market wakes to the 5th largest DeFi hack of all time. Nearly $200 million were drained from the Nomad, a bridge protocol. According to a blockchain security firm, more than 41 addresses have been identified which grabbed millions of dollars during the theft.
41 address grabbed over $152 million in Nomad Hack
As per PeckShield, 41 addresses grabbed over $152 million in the Nomad bridge exploit. It amounted to 80% of the total hack. This includes 7 MEV Bots, 7 Rari Capital Arbitrum exploiter, and 6 White Hat.
It added that around 10% of these addresses with the ENS names got $6.1 million out of this exploit. While MEV Bots grabbed $7.1 million and Rari Arbitrum exploiter took $3.4 million.
After this major attack Nomad has landed on the list of biggest exploits in 2022. However, this hack was slightly different from the others as the funds drained out the protocol over hours and in small batches.
First hackers were not well skilled
Mudit Gupta, CISO at Polygon, in a Twitter thread said that the attacker could have taken everything in a single transaction in the Nomad hack. However, they didn’t do that and got the front run. He mentioned that the front run was done from both whitehats and blackhats.
He added that if the first attacker had the required and right skills they could have taken all the funds using smart contracts in a single transaction. However, this was a smart contract hack and not a key compromise.
Gupta mentioned that this could have been avoided by better tests, fuzzing, and some formal verification. Meanwhile, he concluded that Decentralized bridges are complex and hard to secure.
Zellic, a blockchain security firm mentioned understanding bugs isn’t enough. It is important to stop merging them. It mentioned that the first hack transaction recorded was $2.322 million worth of Wrapped Bitcoin (WBTC).
However, he added this was initiated directly with the bridge by calling a single function, process (). This function is solely responsible for executing cross chain exchanges and it is very critical.
The presented content may include the personal opinion of the author and is subject to market condition. Do your market research before investing in cryptocurrencies. The author or the publication does not hold any responsibility for your personal financial loss.
Source: https://coingape.com/breaking-over-41-addresses-identified-in-190-million-nomad-hack/