Hackers stole nearly $200 million in crypto from the crypto startup Nomad on the evening of Aug. 1, 2022. The Nomad crypto hack is the most recent theft in a long history of crypto heists.
Nomad is a cross-chain bridge that allows users to trade cryptocurrency from one blockchain to another. At about 6:00 pm ET, the company tweeted they were aware of an “incident” involving their token bridge. About two hours later, hackers made off with nearly all of Nomad’s crypto.
What made the Nomad crypto hack possible?
Bad actors were able to capitalize on faulty code in a recent update to Nomad’s infrastructure. In a shockingly simple exploit, the cross-chain bridge validated transactions before they finished. As a result, thieves withdrew nearly unlimited amounts of crypto in what experts called a “free-for-all.”
“We are working around the clock to address the situation and have notified law enforcement and retained leading firms for blockchain intelligence and forensics,” Nomad tweeted in response to the attack. However, it is unclear if the startup will reimburse users for their lost crypto. Sam Sun, a partner at crypto investment firm Paradigm, called the attack “one of the most chaotic hacks that Web3 has ever seen.”
Blockchain bridge attacks
The Nomad crypto hack is the newest in a string of recent attacks on blockchain bridges. In April, hackers used a bridge exploit to steal over $600 million from the blockchain game Axie Infinity’s Ronin network. And in June, thieves made off with about $100 million from the Harmony blockchain’s Horizon bridge.
Crypto’s ongoing security issues
According to Yahoo Finance, hackers already stole over $2 billion in crypto in 2022. The statistic comes from reports by crypto security firms Certik and Beosin for Q1 and Q2 2022, respectively. Though crypto bridge exploits make up a small portion of 130 incidents, they tend to be the most effective.
The nomad crypto hack comes just a week after they announced the backers from a $22 million seed fundraiser round. The backers included Coinbase, OpenSea, and Crypto.com. The investment- tightened cross-chain security protocols.