Nomad Bridge Hack - Revision history

Azoundria: Another 30 minutes complete. Additional sources merged in. Moving around information and fairly extensive restructuring.

2023-11-16T19:02:27Z

Another 30 minutes complete. Additional sources merged in. Moving around information and fairly extensive restructuring.

Show changes

Azoundria: Another 30 minutes complete. Additional sources merged in.

2023-09-29T21:31:51Z

Another 30 minutes complete. Additional sources merged in.

Show changes

Azoundria: Another 30 minutes complete.

2023-06-05T21:36:58Z

Another 30 minutes complete.

← Older revision		Revision as of 15:36, 5 June 2023
Line 144:		Line 144:
	\|Mandiant Publishes Analysis		\|Mandiant Publishes Analysis
	\|Mandiant, a cybersecurity firm, published a blog post about the Nomad bridge smart-contract exploit<ref>[https://web.archive.org/web/20221129194757/https://www.mandiant.com/resources/blog/dissecting-nomad-bridge-hack Decentralized Robbery: Dissecting the Nomad Bridge Hack and Following the Money - Mandiant Archive November 29th, 2022 12:47:57 PM MST] (Apr 28, 2023)</ref>, in which it analyses the on-chain transactions post-compromise. The firm uses the blockchain investigative software, CryptoVoyant, developed by Cyber Team Six, to uncover the way the hack was conducted. In August 2022, a bridge attack was performed on the Nomad token bridge, resulting in the theft of over $190m from the Nomad liquidity pool. This was one of the largest decentralised finance (DeFi) hacks in history and required little technical knowledge to perform. This lack of expertise led to numerous copycat attacks, resulting in a greater financial loss. Bridges, whether custodial or non-custodial, offer a means of interoperability between multiple separate blockchain networks, and hold large amounts of all tokens associated with each blockchain it bridges, making them an enticing target for hackers<ref name="mandiant-10696" />. TBD - More details could be gathered from this post to add to other sections.		\|Mandiant, a cybersecurity firm, published a blog post about the Nomad bridge smart-contract exploit<ref>[https://web.archive.org/web/20221129194757/https://www.mandiant.com/resources/blog/dissecting-nomad-bridge-hack Decentralized Robbery: Dissecting the Nomad Bridge Hack and Following the Money - Mandiant Archive November 29th, 2022 12:47:57 PM MST] (Apr 28, 2023)</ref>, in which it analyses the on-chain transactions post-compromise. The firm uses the blockchain investigative software, CryptoVoyant, developed by Cyber Team Six, to uncover the way the hack was conducted. In August 2022, a bridge attack was performed on the Nomad token bridge, resulting in the theft of over $190m from the Nomad liquidity pool. This was one of the largest decentralised finance (DeFi) hacks in history and required little technical knowledge to perform. This lack of expertise led to numerous copycat attacks, resulting in a greater financial loss. Bridges, whether custodial or non-custodial, offer a means of interoperability between multiple separate blockchain networks, and hold large amounts of all tokens associated with each blockchain it bridges, making them an enticing target for hackers<ref name="mandiant-10696" />. TBD - More details could be gathered from this post to add to other sections.
			\|-
			\|December 7th, 2022 6:03:00 AM MST
			\|Bridge Relaunch Guide
			\|The Nomad team published a bridge relaunch guide on their Medium<ref name=":3">[https://medium.com/nomad-xyz-blog/nomad-bridge-relaunch-guide-3a4ef6624f90 Nomad Bridge Relaunch Guide - Nomad Medium] (Jun 5, 2023)</ref> and links it from Twitter<ref>[https://twitter.com/nomadxyz_/status/1600476119924322305 Nomad Bridge - "The Nomad team would like to share a more in-depth guide on how the bridge relaunch will actually work" - Twitter] (Jun 5, 2023)</ref>
			\|-
			\|December 14th, 2022 1:54:00 PM MST
			\|KYC Requirement Reminder
			\|The Nomad team announces to remind everything that KYC/KYB will be required for all bridge back claims<ref>[https://twitter.com/nomadxyz_/status/1603131381512429568 Nomad - "With the upcoming bridge relaunch, madAsset holders will be required to complete KYC/KYB verification to bridge back and mint NFTs." - Twitter] (Jun 5, 2023)</ref>.
			\|-
			\|December 20th, 2022 12:01:00 PM MST
			\|Bridge Relaunch Announcment
			\|Nomad announces that the bridge has now been relaunched and reminds users of the recovery program through the madAsset token<ref name=":4">[https://twitter.com/nomadxyz_/status/1605277301322702848 Nomad - "The Nomad Bridge is now relaunched and can be accessed at: https://app.nomad.xyz. This relaunch will allow madAsset holders to access recovered funds via the upgraded bridge." - Twitter] (Jun 5, 2023)</ref>.
			\|-
			\|January 12th, 2023 3:30:00 PM MST
			\|Bridge Relaunch Announcment
			\|Nomad again announces that the bridge has now been relaunched and they've accessed $9m in recovered funds via the upgraded bridge<ref name=":5">[https://twitter.com/nomadxyz_/status/1613664676289859592 Nomad - "The Nomad Bridge has been relaunched at https://app.nomad.xyz. To date, madAsset holders have accessed $9m in recovered funds via the upgraded bridge." - Twitter] (Jun 5, 2023)</ref>.
	\|}		\|}

Line 203:		Line 219:

	A bounty of $3,600,000 USD was paid for the discovery.		A bounty of $3,600,000 USD was paid for the discovery.

			=== Nomad Bridge Relaunching ===
			The Nomad bridge released a relaunch guide<ref name=":3" /> and the bridge was successfully relaunched<ref name=":4" /><ref name=":5" /> in December 2022.

	== Total Amount Recovered ==		== Total Amount Recovered ==
Line 214:		Line 233:
	All of the funds were placed in a hot wallet, when this could have been better secured by a multi-signature setup. Further reviews/audits of the smart contract could have been performed. Only one firm was used.		All of the funds were placed in a hot wallet, when this could have been better secured by a multi-signature setup. Further reviews/audits of the smart contract could have been performed. Only one firm was used.
	== Individual Prevention Policies ==		== Individual Prevention Policies ==
	{{Prevention:~~Individuals~~:~~Placeholder~~}}		Victims were limited to those with funds providing liquidity to the smart contract.

			{{Prevention:Individual:Safe Smart Contract Usage}}

	{{Prevention:Individuals:End}}		{{Prevention:Individuals:End}}

	== Platform Prevention Policies ==		== Platform Prevention Policies ==
	{{Prevention:Platforms:~~Placeholder~~}}		All upgrades to the platform should have been subject to the scrutiny of proper third party security audits. Having audits from 2 or more reputable firms would be unlikely to allow such a change to pass through.

			{{Prevention:Platforms:Regular Audit Procedures}}

			In the unlikely even that both firms fail to detect the potential exploit, then an established industry insurance fund could cover some of the lost funds.

			{{Prevention:Platforms:Establish Industry Insurance Fund}}

			One potential first line of defense and way to reduce damages would be having less funds in the smart contract. A model where a majority of funds are held separately and released into the contract as-needed for additional liquidity could reduce the amount of funds that could be taken at one time through an exploit. This could be secured through limiting the withdrawals to the single smart contract and a multi-signature requirement.

			{{Prevention:Platforms:Implement Multi-Signature}}

	{{Prevention:Platforms:End}}		{{Prevention:Platforms:End}}

	== Regulatory Prevention Policies ==		== Regulatory Prevention Policies ==
	{{Prevention:Regulators:~~Placeholder~~}}		The first line of defense would be security assessments, including on upgrades. This would add an additional layer of inspection on the protocol upgrades.

			{{Prevention:Regulators:Platform Security Assessments}}

			Failing this, the establishment of an industry insurance fund could provide some protection for affected users.

			{{Prevention:Regulators:Establish Industry Insurance Fund}}

	{{Prevention:Regulators:End}}		{{Prevention:Regulators:End}}

Azoundria: Completed initial 30 minutes. Down to 4 sources left.

2023-04-28T19:55:43Z

Completed initial 30 minutes. Down to 4 sources left.

Show changes

Azoundria: Down to 15 sources left to sort through. Working further on the article.

2023-04-11T17:05:58Z

Down to 15 sources left to sort through. Working further on the article.

Show changes

Azoundria: Created page with "{{Imported Case Study 2|source=https://www.quadrigainitiative.com/casestudy/nomadbridgehack.php}} {{Unattributed Sources}} Nomad Bridge WebsiteNomad Bridge was a popular bridging platform between different blockchains. The smart contract was audited by Quantstamp and held over $190m. An upgrade to the smart contract allowed for anyone to replace a valid withdrawal transaction with their own address, and the transaction would succeed. Over..."

2023-04-10T21:14:09Z

Created page with "{{Imported Case Study 2|source=https://www.quadrigainitiative.com/casestudy/nomadbridgehack.php}} {{Unattributed Sources}} thumb|Nomad Bridge WebsiteNomad Bridge was a popular bridging platform between different blockchains. The smart contract was audited by Quantstamp and held over $190m. An upgrade to the smart contract allowed for anyone to replace a valid withdrawal transaction with their own address, and the transaction would succeed. Over..."

New page

{{Imported Case Study 2|source=https://www.quadrigainitiative.com/casestudy/nomadbridgehack.php}}
{{Unattributed Sources}}

[[File:Nomadbridge.jpg|thumb|Nomad Bridge Website]]Nomad Bridge was a popular bridging platform between different blockchains. The smart contract was audited by Quantstamp and held over $190m. An upgrade to the smart contract allowed for anyone to replace a valid withdrawal transaction with their own address, and the transaction would succeed. Over the course of hours the entire contract was quickly drained. Some white hat attackers returned a total of $36m of what had been taken, in exchange for a 10% bounty.

This is a global/international case not involving a specific country.<ref name="coachkcryptotwitter-10682" /><ref name="samczsuntwitter-10683" /><ref name="samczsuntwitter-10684" /><ref name="samczsuntwitter-10685" /><ref name="spreekawaytwitter-10686" /><ref name="fbsloxbttwitter-10687" /><ref name="fbsloxbttwitter-10688" /><ref name="nassyweazytwitter-10689" /><ref name="mg486662twitter-10690" /><ref name="mg486662twitter-10691" /><ref name="nomaddocs-10692" /><ref name="nomad-10693" /><ref name="nomaddocs-10694" /><ref name="nomadarchive-10695" /><ref name="mandiant-10696" /><ref name="halborn-10697" /><ref name="nomadxyzblogmedium-10698" /><ref name="coindesk-10699" /><ref name="coinbase-10700" /><ref name="nomadxyzgithub-10701" /><ref name="cexplorer-10702" /><ref name="unnamed-10703" /><ref name="unnamed-10704" />

== About Nomad Bridge ==
"Nomad is a security-first cross-chain messaging protocol. By leveraging an optimistic mechanism, Nomad only requires one honest actor to keep the entire system safe."

"Secure
Nomad allows off-chain watchers to challenge messages via fraud proofs, without relying on custodians or validators.

Gas-Efficient
Nomad reduces gas fees by a factor of 10x relative to traditional header relay systems, while remaining decentralized.

Extensible
Nomad smart contracts can be deployed quickly on any smart contract chain without requiring any custom logic."

"Nomad is a bridging protocol supporting Ethereum, Moonbeam, and other chains. Nomad’s bridging protocol is built using both on-chain and off-chain components. On-chain smart contracts are used to collect and distribute bridged funds while off-chain agents relay and verify messages between different blockchains. Each blockchain deploys a Replica contract which validates and stores messages in a Merkle tree structure. Messages can be validated by either providing proof with the proveAndProcess() call or for already verified messages they can be simply submitted with the process() call. Verified messages are forwarded to a Bridge handler (e.g. ERC20 Router) which can distribute bridged assets."

"Nomad enables applications to send data between blockchains (including rollups). Applications interact with Nomad core contracts to enqueue messages to be sent, after which off-chain agents verify and ferry these messages between chains. In order to ensure that message-passing is secure, Nomad uses an optimistic verification mechanism, inspired by fraud-proof based designs like optimistic rollups. This makes Nomad more secure, cheaper, and easier to deploy compared to validator / proof-of-stake based interoperability protocols."

"Nomad was audited by Quantstamp in June 2022."

"Because bridges offer a means of interoperability between multiple separate blockchain networks, they must hold large amounts of all tokens associated with each blockchain it bridges—thus creating a massive liquidity pool and an enticing target for hackers, whether that pool is managed by a centralized custodian or a smart-contract."

"According to Nomad’s post-mortem, an implementation bug in a June 21 smart contract upgrade caused the Replica contract to fail to authenticate messages properly. This issue meant that any message could be forged as long as it had not already been processed."

"Similar to the issue Theori had with Qubit, this is a path you don't expect just looking at it. "Why would they set 0 as a proof root?" is similar to "Why would they try to run address(0).transfer?""

"The first transactions started at Ethereum block 15259101 on August 1, 21:32:31 UTC. There were four relevant transactions within this same block, at indices 0, 1, 3, and 124. Each of these transactions drained 100 WBTC from the bridge."

"a routine upgrade marked the zero hash as a valid root, which had the effect of allowing messages to be spoofed on Nomad. Attackers abused this to copy/paste transactions and quickly drained the bridge in a frenzied free-for-all"

"It turns out that during a routine upgrade, the Nomad team initialized the trusted root to be 0x00. To be clear, using zero values as initialization values is a common practice. Unfortunately, in this case it had a tiny side effect of auto-proving every message"

"you didn't need to know about Solidity or Merkle Trees or anything like that. All you had to do was find a transaction that worked, find/replace the other person's address with yours, and then re-broadcast it"

"you just had to copy tx data and replace address lol"

"Nomad’s bridge got owned in a similar manner to Qubit’s QBridge. An insecure configuration of the bridge caused a specific path to allow any transaction sent. The error is inside the Replica’s “process” function."

"Nomad bridge getting rugged??? Looks very very sus"

"Not only was this hack one of the largest with over $190 million siphoned out of the Nomad liquidity pool, making it one of the more sizeable decentralized-finance (DeFi) hacks in history, but also one of the most chaotic as the technique used to steal funds required little technical knowledge, resulting in a fury of cash-grabbing copycats once news of the exploit spread on social media (Figure 1)."

"After a frenzied hack from hundreds of wallets, the bridge’s TVL dropped from $190,740,000 to $1,794 in mere hours. The hack involved a total of 960 transactions with 1,175 individual withdrawals from the bridge."

"The Security team at @a16z Crypto has investigated and found the root cause of the @nomadxyz_ bridge hack. Nothing to be done at this time except getting funds back from whitehats that drained preventively."

"Attention: White Hat Hacker Friends. Please return ETH or ERC-20 tokens to this wallet address: 0x94A84433101A10aEda762968f6995c574D1bF154"

"Nomad put forth a bounty following this hack—the bounty allowed attackers to keep 10 percent of their funds and face no legal action if the other 90 percent was returned. Oh, plus a Whitehat non-fungible token (NFT) as a thank you (Figure 2). Ultimately $36 million of the $190 million stolen was returned."

This is a global/international case not involving a specific country.

The background of the exchange platform, service, or individuals involved, as it would have been seen or understood at the time of the events.

Include:

* Known history of when and how the service was started.
* What problems does the company or service claim to solve?
* What marketing materials were used by the firm or business?
* Audits performed, and excerpts that may have been included.
* Business registration documents shown (fake or legitimate).
* How were people recruited to participate?
* Public warnings and announcements prior to the event.

Don't Include:
* Any wording which directly states or implies that the business is/was illegitimate, or that a vulnerability existed.
* Anything that wasn't reasonably knowable at the time of the event.
There could be more than one section here. If the same platform is involved with multiple incidents, then it can be linked to a main article page.

== The Reality ==
This sections is included if a case involved deception or information that was unknown at the time. Examples include:

* When the service was actually started (if different than the "official story").
* Who actually ran a service and their own personal history.
* How the service was structured behind the scenes. (For example, there was no "trading bot".)
* Details of what audits reported and how vulnerabilities were missed during auditing.

== What Happened ==
The specific events of the loss and how it came about. What actually happened to cause the loss and some of the events leading up to it.
{| class="wikitable"
|+Key Event Timeline - Nomad Bridge Hack
!Date
!Event
!Description
|-
|August 1st, 2022 3:32:31 PM MDT
|First Malicious Transaction
|The first malicious transaction happens to drain funds from the bridge.
|-
|August 1st, 2022 3:37:00 PM MDT
|Twitter Mention of Events
|The suspicious withdrawal transactions are first posted to Twitter.
|}

== Total Amount Lost ==
The total amount lost has been estimated at $190,740,000 USD.

How much was lost and how was it calculated? If there are conflicting reports, which are accurate and where does the discrepancy lie?

== Immediate Reactions ==
How did the various parties involved (firm, platform, management, and/or affected individual(s)) deal with the events? Were services shut down? Were announcements made? Were groups formed?

== Ultimate Outcome ==
What was the end result? Was any investigation done? Were any individuals prosecuted? Was there a lawsuit? Was any tracing done?

A bounty of $3,600,000 USD was paid for the discovery.

== Total Amount Recovered ==
The total amount recovered has been estimated at $36,000,000 USD.

What funds were recovered? What funds were reimbursed for those affected users?

== Ongoing Developments ==
What parts of this case are still remaining to be concluded?
== General Prevention Policies ==
All of the funds were placed in a hot wallet, when this could have been better secured by a multi-signature setup. Further reviews/audits of the smart contract could have been performed. Only one firm was used.
== Individual Prevention Policies ==
{{Prevention:Individuals:Placeholder}}

{{Prevention:Individuals:End}}

== Platform Prevention Policies ==
{{Prevention:Platforms:Placeholder}}

{{Prevention:Platforms:End}}

== Regulatory Prevention Policies ==
{{Prevention:Regulators:Placeholder}}

{{Prevention:Regulators:End}}

== References ==
<references><ref name="coachkcryptotwitter-10682">[https://twitter.com/Coachkcrypto/status/1554271389934268416 @Coachkcrypto Twitter] (Sep 22, 2022)</ref>

<ref name="samczsuntwitter-10683">[https://twitter.com/samczsun/status/1554260106107179010 @samczsun Twitter] (Apr 10, 2023)</ref>

<ref name="samczsuntwitter-10684">[https://twitter.com/samczsun/status/1554261104674496512 @samczsun Twitter] (Apr 10, 2023)</ref>

<ref name="samczsuntwitter-10685">[https://twitter.com/samczsun/status/1554262891271860224 @samczsun Twitter] (Apr 10, 2023)</ref>

<ref name="spreekawaytwitter-10686">[https://twitter.com/spreekaway/status/1554219768462426115 @spreekaway Twitter] (Apr 10, 2023)</ref>

<ref name="fbsloxbttwitter-10687">[https://twitter.com/fbsloXBT/status/1554246005054398464 @fbsloXBT Twitter] (Apr 10, 2023)</ref>

<ref name="fbsloxbttwitter-10688">[https://twitter.com/fbsloXBT/status/1554249145556373504 @fbsloXBT Twitter] (Apr 10, 2023)</ref>

<ref name="nassyweazytwitter-10689">[https://twitter.com/nassyweazy/status/1554258812193964034 @nassyweazy Twitter] (Apr 10, 2023)</ref>

<ref name="mg486662twitter-10690">[https://twitter.com/mg_486662/status/1554256949004292096 @mg_486662 Twitter] (Apr 10, 2023)</ref>

<ref name="mg486662twitter-10691">[https://twitter.com/mg_486662/status/1554261084756131840 @mg_486662 Twitter] (Apr 10, 2023)</ref>

<ref name="nomaddocs-10692">[https://docs.nomad.xyz/operational-security/audits Audits - Nomad Docs] (Apr 10, 2023)</ref>

<ref name="nomad-10693">[https://www.nomad.xyz/ Nomad] (Apr 10, 2023)</ref>

<ref name="nomaddocs-10694">[https://docs.nomad.xyz/nomad-101/introduction Introduction - Nomad Docs] (Apr 10, 2023)</ref>

<ref name="nomadarchive-10695">[https://web.archive.org/web/20220726091723/https://www.nomad.xyz/ Nomad] (Apr 10, 2023)</ref>

<ref name="mandiant-10696">[https://www.mandiant.com/resources/blog/dissecting-nomad-bridge-hack Decentralized Robbery: Dissecting the Nomad Bridge Hack and Following the Money | Mandiant] (Apr 10, 2023)</ref>

<ref name="halborn-10697">[https://www.halborn.com/blog/post/the-nomad-bridge-hack-a-deeper-dive The Nomad Bridge Hack: A Deeper Dive] (Apr 10, 2023)</ref>

<ref name="nomadxyzblogmedium-10698">[https://medium.com/nomad-xyz-blog/nomad-bridge-hack-root-cause-analysis-875ad2e5aacd Nomad Bridge Hack Root Cause Analysis] (Apr 10, 2023)</ref>

<ref name="coindesk-10699">[https://www.coindesk.com/business/2022/08/03/hackers-send-back-9m-to-nomad-bridge-after-190m-exploit/ Hackers Return $9M to Nomad Bridge After $190M Exploit] (Apr 10, 2023)</ref>

<ref name="coinbase-10700">[https://www.coinbase.com/blog/nomad-bridge-incident-analysis https://www.coinbase.com/blog/nomad-bridge-incident-analysis] (Apr 10, 2023)</ref>

<ref name="nomadxyzgithub-10701">[https://github.com/nomad-xyz/hack-data GitHub - nomad-xyz/hack-data: Data pertaining to the Nomad Bridge Hack] (Apr 10, 2023)</ref>

<ref name="cexplorer-10702">[https://cexplorer.io/article/cardano-survives-nomad-bridge-hack https://cexplorer.io/article/cardano-survives-nomad-bridge-hack] (Apr 10, 2023)</ref>

<ref name="unnamed-10703">[theverge.com/2022/8/2/23288785/nomad-bridge-200-million-chaotic-hack-smart-contract-cryptocurrency theverge.com/2022/8/2/23288785/nomad-bridge-200-million-chaotic-hack-smart-contract-cryptocurrency] (Apr 10, 2023)</ref>

<ref name="unnamed-10704">[https://theverge.com/2022/8/2/23288785/nomad-bridge-200-million-chaotic-hack-smart-contract-cryptocurrency Nomad crypto bridge loses $200 million in ‘chaotic’ hack - The Verge] (Apr 10, 2023)</ref></references>