Nomad reportedly ignored security vulnerability that led to $190M exploit

Nomad reportedly ignored security vulnerability that led to $190M exploit
Crypto Security
Like? Do Rank It! Likes

The Nomad token bridge hack on Aug. 3 was the fourth largest crypto hack in history that saw nearly $200 million worth of crypto assets drained from the platform. However, more than the hack, the methodology behind it garnered widespread attention.

The exploit took place due to a smart contract vulnerability that saw hundreds of users other than the hacker also get involved, taking away as much as they can by simply copy-pasting the transaction data used by the initial hacker and changing the wallet address to theirs. The event was later deemed as a decentralized robbery by many due to the involvement of normal community members.

Later, the Nomad team revealed to Cointelegraph that some of the people who took funds were acting benevolently to protect the crypto from getting into the wrong hands.

In the aftermath of the hack, the crypto analysis group BestBrokers found that the first exploit took place on Aug. 1, which drained 400 Bitcoin () in four different transactions. The hackers later diverted all 22,880 Ether (), then moved on to the over $107 million worth of stablecoins and finally started diverting the altcoins supported by the project.

The incident has seen WBTC, Wrapped Ether (WETH), USD Coin (), Frax (FRAX), Covalent Query Token (CQT), Hummingbird Governance Token (HBOT), IAGON (IAG), Dai (DAI), GeroWallet (GERO), Card Starter (CARDS), Saddle DAO (SDL) and Charli3 (C3) tokens taken from the bridge.

Related: Ongoing Solana-based wallet hack seeing millions drained

Some altcoins that were stolen from the platform suffered as much as a 94% decline. Data collected by the analysis firm showed that the following altcoins suffered the biggest collapse after the hack:

The smart contract vulnerability that was exploited was highlighted in a security audit report done by Quantstamp in the first week of June. The Nomad team even responded to the vulnerability by claiming it to be "effectively impossible to find the preimage of the empty leaf.”

The auditors believed that the Nomad team has misunderstood the issue at the time, and within two months, the same vulnerability has been the reason behind nearly $200 million in losses.

Cointelegraph reached out to Nomad with queries related to the discovery and will update the story accordingly.

Crypto Daily - Crypto And Financial News 11/08/2022 Ripple Buying Celsius?
japan eu eth/usd
5 hours ago

In Todays Headline TV CryptoDaily News: BitPay partners Cardlytics for cash back rewards. BitPay, the world’s largest provider of Bitcoin and cryptocurrency payment services, added a reward program to its BitPay Prepaid Card. Cardlytics, a cash-back rewards platform, is managing the rewards where the BitPay cardholder automatically receives cash back on purchases. Hackers have stolen $1.4 billion this year using crypto bridges. Crypto bridges, which link blockchain networks together, have become major targets for cybercriminals. A total of around $1.4 billion has been lost to breaches on cross-chain bridges this year, according to figures from blockchain analytics firm Chainalysis. Ripple Labs 'interested' in bankrupt crypto lender Celsius' assets. San Francisco-based blockchain payments company Ripple Labs Inc is interested in potentially purchasing assets of bankrupt crypto lender Celsius Network, according to a company spokesperson. BTC/USD exploded 2.9% in the last session. The Bitcoin-Dollar pair exploded 2.9% in the last session. The Stochastic indicator is giving a negative signal. Support is at 22289.6667 and resistance at 24337.6667. The Stochastic indicator is giving a negative signal. ETH/USD skyrocketed 7.5% in the last session. The Ethereum-Dollar pair skyrocketed 7.5% in the last session. According to the CCI, we are in an overbought market. Support is at 1599.2733 and resistance at 1841.3733. The CCI points to an overbought market. XRP/USD skyrocketed 2.6% in the last session. The Ripple-Dollar pair skyrocketed 2.6% in the last session. The MACD is giving a negative signal. Support is at 0.3499 and resistance at 0.3887. The MACD is currently in negative territory. LTC/USD skyrocketed 4.3% in the last session. The Litecoin-Dollar pair gained 4.3% in the last session after rising as much as 5.2% during the session. The Stochastic-RSI is giving a negative signal. Support is at 55.5833 and resistance at 64.6433. The Stochastic-RSI is currently in negative territory. Daily Economic Calendar: IE Consumer Price Index The Consumer Price Index is a measure of price movements made by comparing the retail prices of a representative shopping basket of goods and services. The Irish Consumer Price Index will be released at 10:00 GMT, Japan's Foreign Investment in Japan Stocks at 23:50 GMT, the US Continuing Jobless Claims at 12:30 GMT. JP Foreign Investment in Japanese Stocks Securities investment referrers to bonds issued in a domestic market by a foreign entity in the domestic market’s currency. US Continuing Jobless Claims The Counting Jobless Claims measure the number of individuals who are unemployed and are currently receiving unemployment benefits. JP Foreign Bond Investment The Foreign Bond Investment refers to bonds issued in a domestic market by a foreign entity in the domestic market’s currency. Japan's Foreign Bond Investment will be released at 23:50 GMT, the US Initial Jobless Claims at 12:30 GMT, the Irish HICP at 10:00 GMT. US Initial Jobless Claims The Initial Jobless Claims is a measure of the number of people filing first-time claims for state unemployment insurance. IE HICP The HICP is a measure of price movements or inflation harmonized across EU Member States. It is similar to the national Consumer Price Indices (CPI). Disclaimer: This article is provided for informational purposes only. It is not offered or intended to be used as legal, tax, investment, financial, or other advice.

BlackRock announces the launch of a new private spot Bitcoin trust
18 hours ago

The move comes one week after its partnership with Coinbase to provide institutional clients with crypto trading access.