The exploit has led the attackers to drain the project’s funds and has put a big question mark on cross chain token bridges.
On Monday, Nomad, was hacked wherein the attackers drained its funds and it has lost $200 million in the heist.
A researcher in Paradigm, an investment firm, wrote on Twitter, “It turns out that during a routine upgrade, the Nomad team initialized the trusted root to be 0x00. To be clear, using zero values as initialization values is a common practice. Unfortunately, in this case it had a tiny side effect of auto-proving every message.”
He also added, “a routine upgrade marked the zero hash as a valid root, which had the effect of allowing messages to be spoofed on Nomad. Attackers abused this to copy/paste transactions and quickly drained the bridge in a frenzied free-for-all.”
This attack comes from the recent hacks and attacks done in cryptocurrency and trading. “We are working around the clock to address the situation and have notified law enforcement and retained leading firms for blockchain intelligence and forensics,” a statement issued through Twitter by Nomad on Tuesday.
Nomad: Is it the beginning of an end
A cross-chain token bridge connects independent blockchains, enabling the transfer of assets and information that allow users to access other protocols.
The wrapped tokens lose their backing if the smart contract where they were initially deposited is compromised, as in Nomad’s instance, making them worthless.
Is this beginning to be a trend? Or is this part of the development cycle since vulnerabilities are being exposed? Be as it may, it still costs a lot of money, and the amounts taken are serious.
Moreover, it will pose a more significant challenge in establishing integrity in the infrastructure and trust of the public towards decentralized systems.
Afterword
Blockchain bridges have become the new targets for hackers.
The reason is the massive value of the asset they hold and the complexity of smart contracts.
By far, two such attacks have been witnessed. The first was the Wormhole bridge platform, in which $325 million were hacked, and the other was Ronin, where $625 million were hacked.
