QUADRIGA INITIATIVE
CRYPTO WATCHDOG & FRAUD RECOVERY PLATFORM
A COMMUNITY-BASED, NOT-FOR-PROFIT
$190 740 000 USD
AUGUST 2022
GLOBAL
NOMAD BRIDGE
DESCRIPTION OF EVENTS
"Nomad is a security-first cross-chain messaging protocol. By leveraging an optimistic mechanism, Nomad only requires one honest actor to keep the entire system safe."
"Secure Nomad allows off-chain watchers to challenge messages via fraud proofs, without relying on custodians or validators.
Gas-Efficient Nomad reduces gas fees by a factor of 10x relative to traditional header relay systems, while remaining decentralized.
Extensible Nomad smart contracts can be deployed quickly on any smart contract chain without requiring any custom logic."
"Nomad is a bridging protocol supporting Ethereum, Moonbeam, and other chains. Nomad’s bridging protocol is built using both on-chain and off-chain components. On-chain smart contracts are used to collect and distribute bridged funds while off-chain agents relay and verify messages between different blockchains. Each blockchain deploys a Replica contract which validates and stores messages in a Merkle tree structure. Messages can be validated by either providing proof with the proveAndProcess() call or for already verified messages they can be simply submitted with the process() call. Verified messages are forwarded to a Bridge handler (e.g. ERC20 Router) which can distribute bridged assets."
"Nomad enables applications to send data between blockchains (including rollups). Applications interact with Nomad core contracts to enqueue messages to be sent, after which off-chain agents verify and ferry these messages between chains. In order to ensure that message-passing is secure, Nomad uses an optimistic verification mechanism, inspired by fraud-proof based designs like optimistic rollups. This makes Nomad more secure, cheaper, and easier to deploy compared to validator / proof-of-stake based interoperability protocols."
"Nomad was audited by Quantstamp in June 2022."
"Because bridges offer a means of interoperability between multiple separate blockchain networks, they must hold large amounts of all tokens associated with each blockchain it bridges—thus creating a massive liquidity pool and an enticing target for hackers, whether that pool is managed by a centralized custodian or a smart-contract."
"According to Nomad’s post-mortem, an implementation bug in a June 21 smart contract upgrade caused the Replica contract to fail to authenticate messages properly. This issue meant that any message could be forged as long as it had not already been processed."
"Similar to the issue Theori had with Qubit, this is a path you don't expect just looking at it. "Why would they set 0 as a proof root?" is similar to "Why would they try to run address(0).transfer?""
"The first transactions started at Ethereum block 15259101 on August 1, 21:32:31 UTC. There were four relevant transactions within this same block, at indices 0, 1, 3, and 124. Each of these transactions drained 100 WBTC from the bridge."
"a routine upgrade marked the zero hash as a valid root, which had the effect of allowing messages to be spoofed on Nomad. Attackers abused this to copy/paste transactions and quickly drained the bridge in a frenzied free-for-all"
"It turns out that during a routine upgrade, the Nomad team initialized the trusted root to be 0x00. To be clear, using zero values as initialization values is a common practice. Unfortunately, in this case it had a tiny side effect of auto-proving every message"
"you didn't need to know about Solidity or Merkle Trees or anything like that. All you had to do was find a transaction that worked, find/replace the other person's address with yours, and then re-broadcast it"
"you just had to copy tx data and replace address lol"
"Nomad’s bridge got owned in a similar manner to Qubit’s QBridge. An insecure configuration of the bridge caused a specific path to allow any transaction sent. The error is inside the Replica’s “process” function."
"Nomad bridge getting rugged??? Looks very very sus"
"Not only was this hack one of the largest with over $190 million siphoned out of the Nomad liquidity pool, making it one of the more sizeable decentralized-finance (DeFi) hacks in history, but also one of the most chaotic as the technique used to steal funds required little technical knowledge, resulting in a fury of cash-grabbing copycats once news of the exploit spread on social media (Figure 1)."
"After a frenzied hack from hundreds of wallets, the bridge’s TVL dropped from $190,740,000 to $1,794 in mere hours. The hack involved a total of 960 transactions with 1,175 individual withdrawals from the bridge."
"The Security team at @a16z Crypto has investigated and found the root cause of the @nomadxyz_ bridge hack. Nothing to be done at this time except getting funds back from whitehats that drained preventively."
"Attention: White Hat Hacker Friends. Please return ETH or ERC-20 tokens to this wallet address: 0x94A84433101A10aEda762968f6995c574D1bF154"
"Nomad put forth a bounty following this hack—the bounty allowed attackers to keep 10 percent of their funds and face no legal action if the other 90 percent was returned. Oh, plus a Whitehat non-fungible token (NFT) as a thank you (Figure 2). Ultimately $36 million of the $190 million stolen was returned."
Nomad Bridge was a popular bridging platform between different blockchains. The smart contract was audited by Quantstamp and held over $190m. An upgrade to the smart contract allowed for anyone to replace a valid withdrawal transaction with their own address, and the transaction would succeed. Over the course of hours the entire contract was quickly drained. Some white hat attackers returned a total of $36m of what had been taken, in exchange for a 10% bounty.
HOW COULD THIS HAVE BEEN PREVENTED?
All of the funds were placed in a hot wallet, when this could have been better secured by a multi-signature setup. Further reviews/audits of the smart contract could have been performed. Only one firm was used.
@Coachkcrypto Twitter (Sep 22)
@samczsun Twitter (Apr 10)
@samczsun Twitter (Apr 10)
@samczsun Twitter (Apr 10)
@spreekaway Twitter (Apr 10)
@fbsloXBT Twitter (Apr 10)
@fbsloXBT Twitter (Apr 10)
@nassyweazy Twitter (Apr 10)
@mg_486662 Twitter (Apr 10)
@mg_486662 Twitter (Apr 10)
Audits - Nomad Docs (Apr 10)
Nomad (Apr 10)
Introduction - Nomad Docs (Apr 10)
Nomad (Apr 10)
Decentralized Robbery: Dissecting the Nomad Bridge Hack and Following the Money | Mandiant (Apr 10)
The Nomad Bridge Hack: A Deeper Dive (Apr 10)
Nomad Bridge Hack Root Cause Analysis (Apr 10)
Hackers Return $9M to Nomad Bridge After $190M Exploit (Apr 10)
https://www.coinbase.com/blog/nomad-bridge-incident-analysis (Apr 10)
GitHub - nomad-xyz/hack-data: Data pertaining to the Nomad Bridge Hack (Apr 10)
https://cexplorer.io/article/cardano-survives-nomad-bridge-hack (Apr 10)
theverge.com/2022/8/2/23288785/nomad-bridge-200-million-chaotic-hack-smart-contract-cryptocurrency (Apr 10)
Nomad crypto bridge loses $200 million in ‘chaotic’ hack - The Verge (Apr 10)
