Nomad Bridge Hack

From Quadriga Initiative Cryptocurrency Hacks, Scams, and Frauds Repository
Jump to navigation Jump to search

Notice: This page is a new case study and some aspects have not been fully researched. Some sections may be incomplete or reflect inaccuracies present in initial sources. Please check the References at the bottom for further information and perform your own additional assessment. Please feel free to contribute by adding any missing information or sources you come across. If you are new here, please read General Tutorial on Wikis or Anatomy of a Case Study for help getting started.

Notice: This page contains sources which are not attributed to any text. The unattributed sources follow the initial description. Please assist by visiting each source, reviewing the content, and placing that reference next to any text it can be used to support. Feel free to add any information that you come across which isn't present already. Sources which don't contain any relevant information can be removed. Broken links can be replaced with versions from the Internet Archive. See General Tutorial on Wikis, Anatomy of a Case Study, and/or Citing Your Sources Guide for additional information. Thanks for your help!

Nomad Bridge Website

Nomad Bridge was a popular bridging platform between different blockchains. The smart contract was audited by Quantstamp and held over $190m. An upgrade to the smart contract allowed for anyone to replace a valid withdrawal transaction with their own address, and the transaction would succeed. Over the course of hours the entire contract was quickly drained. Some white hat attackers returned a total of $36m of what had been taken in exchange for a 10% bounty.

This is a global/international case not involving a specific country.[1][2]

https://twitter.com/nomadxyz_/status/1554413278406721537

https://twitter.com/nomadxyz_/status/1554246853348036608

About Nomad Bridge

Nomad, similar to other cross-chain bridges, facilitates the transfer of tokens between different blockchains[3].

"Nomad is a security-first cross-chain messaging protocol. By leveraging an optimistic mechanism, Nomad only requires one honest actor to keep the entire system safe."

"Secure Nomad allows off-chain watchers to challenge messages via fraud proofs, without relying on custodians or validators.

Gas-Efficient Nomad reduces gas fees by a factor of 10x relative to traditional header relay systems, while remaining decentralized.

Extensible Nomad smart contracts can be deployed quickly on any smart contract chain without requiring any custom logic."

"Nomad is a bridging protocol supporting Ethereum, Moonbeam, and other chains. Nomad’s bridging protocol is built using both on-chain and off-chain components. On-chain smart contracts are used to collect and distribute bridged funds while off-chain agents relay and verify messages between different blockchains. Each blockchain deploys a Replica contract which validates and stores messages in a Merkle tree structure. Messages can be validated by either providing proof with the proveAndProcess() call or for already verified messages they can be simply submitted with the process() call. Verified messages are forwarded to a Bridge handler (e.g. ERC20 Router) which can distribute bridged assets."

"Nomad enables applications to send data between blockchains (including rollups). Applications interact with Nomad core contracts to enqueue messages to be sent, after which off-chain agents verify and ferry these messages between chains. In order to ensure that message-passing is secure, Nomad uses an optimistic verification mechanism, inspired by fraud-proof based designs like optimistic rollups. This makes Nomad more secure, cheaper, and easier to deploy compared to validator / proof-of-stake based interoperability protocols."

"Nomad was audited by Quantstamp in June 2022."

Homepage: [4][5][6]

Audits: [7]

The Reality

Nomad is a bridge protocol designed to facilitate the transfer of tokens across different blockchains, enhancing interoperability between networks. Bridges have been targeted in several crypto hacks, with approximately $2 billion in tokens stolen from them in 2022, according to Chainalysis.[8] The incident follows a series of bridge attacks, including the Ronin bridge attack in April and the Wormhole bridge attack a few months prior[3].

"Because bridges offer a means of interoperability between multiple separate blockchain networks, they must hold large amounts of all tokens associated with each blockchain it bridges—thus creating a massive liquidity pool and an enticing target for hackers, whether that pool is managed by a centralized custodian or a smart-contract."

"According to Nomad’s post-mortem, an implementation bug in a June 21 smart contract upgrade caused the Replica contract to fail to authenticate messages properly. This issue meant that any message could be forged as long as it had not already been processed."

"a routine upgrade marked the zero hash as a valid root, which had the effect of allowing messages to be spoofed on Nomad. Attackers abused this to copy/paste transactions and quickly drained the bridge in a frenzied free-for-all"

"It turns out that during a routine upgrade, the Nomad team initialized the trusted root to be 0x00. To be clear, using zero values as initialization values is a common practice. Unfortunately, in this case it had a tiny side effect of auto-proving every message"

"Similar to the issue Theori had with Qubit, this is a path you don't expect just looking at it. "Why would they set 0 as a proof root?" is similar to "Why would they try to run address(0).transfer?""

"Nomad’s bridge got owned in a similar manner to Qubit’s QBridge. An insecure configuration of the bridge caused a specific path to allow any transaction sent. The error is inside the Replica’s “process” function."

What Happened

The cross-chain token bridge Nomad experienced an exploit, resulting in the draining of nearly $200 million worth of cryptocurrency by multiple actors[3].

Nomad, a cryptocurrency bridge enabling token swaps between blockchains, suffered an exploit resulting in the loss of nearly $200 million[9]. The attack, characterized as "chaotic," was made possible by a misconfiguration in the project's main smart contract[9]. The vulnerability allowed individuals with basic coding knowledge to authorize withdrawals to themselves[9]. According to a blockchain security auditing firm, this dynamic created a self-sustaining cycle where those observing the exploit could replicate it by substituting their addresses, leading to what was described as the "first decentralized crowd-looting of a 9-figure bridge in history."[9] Blockchain bridges, due to the substantial value of assets they hold and the complexity of their smart contracts, have become frequent targets for high-profile cryptocurrency hacks[9].

Key Event Timeline - Nomad Bridge Hack
Date Event Description
August 1st, 2022 3:32:31 PM MDT First Malicious Transaction The first malicious transaction happens to drain funds from the bridge.
August 1st, 2022 3:37:00 PM MDT Twitter Mention of Events The suspicious withdrawal transactions are first posted to Twitter by user @spreekaway[10].
August 1st, 2022 3:46:00 PM MDT Events Shared To Telegram The tweet is reposted on Telegram, where it will shortly get the attention of samczsun[11].
August 1st, 2022 5:21:00 PM MDT Fbslo Reports Accidental Exploit Twitter user fbsloXBT reports accidentally exploiting the bridge and he "will return the funds asap"[12]. He clarified that it was really easy because "you just had to copy tx data and replace address lol"[13].
August 1st, 2022 5:45:00 PM MDT Samczsun Starts His Summary Well-known blockchain researcher samczsun posts an analysis of the situation. He describes the losses as "over $150m" and the situation as "one of the most chaotic hacks that Web3 has ever seen"[14].
August 1st, 2022 6:05:00 PM MDT Matt Gleason Publishes Root Cause A16z crypto researcher Matt Gleason publishes the root cause in a series of tweets[15][16][17], which are then spread through Twitter[18].
August 1st, 2022 6:17:00 PM MDT Samczsun Publishes Root Cause The cause is published as the routine upgrade completed by the Nomad team to initialize the "trusted root" to be 0x00[19].
August 1st, 2022 7:02:00 PM MDT Coach K Crypto Warning Coach K recommends everyone to "[d]on't use bridges" since "they aren't safe"[20].
August 1st, 2022 8:59:21 PM MDT 0xFoobar Analysis Twitter user 0xFoobar posts an analysis of the exploit situation, calling it "the first decentralized crowd-looting of a 9-figure bridge"[21].
August 1st, 2022 9:35:19 PM MDT CoinDesk Article On Attack CoinDesk reports that Nomad experienced an exploit, resulting in the draining of nearly $200 million worth of cryptocurrency[3]. Attackers took advantage of a smart contract update, allowing them to spoof transactions and withdraw funds that didn't belong to them[3]. Unlike some bridge attacks, where a single culprit is involved, this exploit allowed multiple users to participate[3]. The attack raises concerns about the security of cross-chain bridges, especially as they play a crucial role in enabling asset swaps between different blockchains[3]. The incident follows a series of bridge attacks, including the Ronin bridge attack in April and the Wormhole bridge attack a few months prior[3]. The Nomad team is actively investigating the incident, working with blockchain intelligence and forensics firms and notifying law enforcement[3].
August 2nd, 2022 9:43:30 AM MDT The Verge Article Published The Verge reports on the attack, characterizing it as "chaotic," and attributes the cause to a misconfiguration in the project's main smart contract. The vulnerability allowed individuals with basic coding knowledge to authorize withdrawals to themselves. According to a blockchain security auditing firm, this dynamic created a self-sustaining cycle where those observing the exploit could replicate it by substituting their addresses, leading to what was described as the "first decentralized crowd-looting of a 9-figure bridge in history." Blockchain bridges, due to the substantial value of assets they hold and the complexity of their smart contracts, have become frequent targets for high-profile cryptocurrency hacks[9].
August 3rd, 2022 3:52:00 AM MDT CoinDesk Article On Funds Returned CoinDesk publishes an article reporting that the Nomad Bridge has received $9 million back from hackers a day after the protocol was exploited for $190.4 million. Blockchain security firm PeckShield said that the amount returned equates to around 4.75% of the total loss. Nomad Bridge is working with law enforcement and a leading chain analysis firm to trace funds, and Anchorage Digital will handle and safeguard the returned assets. The majority of the returned funds have been stablecoins, with $3.8 million USDC and $2 million USDT being sent back by multiple addresses[22]. TBD history of article.
August 4th, 2022 9:30:00 PM MDT Bloomberg Article Published Bloomberg reports that Nomad has recovered approximately $20 million of the $190 million stolen funds so far. Nomad is offering a 10% bounty to recover funds stolen in the $190 million hack. They are encouraging hackers to return at least 90% of the stolen tokens, and those who do so will be considered "white-hat hackers," highlighting vulnerabilities rather than seeking malicious gains. The remaining 10% will serve as a reward. Nomad has stated that they will not prosecute white-hat hackers but will collaborate with partners, intelligence firms, and law enforcement to pursue malicious actors. Nomad is working with crypto forensics specialist TRM Labs and law enforcement to identify the hackers and have partnered with crypto platform Anchorage Digital to accept and secure the funds that can be retrieved[8]. The hack on Nomad is one of the largest crypto thefts to date, and underscores ongoing cryptocurrency security challenges.
August 5th, 2022 11:34:16 AM MDT Nomad Publishes Root Cause Analysis Nomad publishes a post-mortem analysis of the incident[23], noting that it allowed attackers to mint counterfeit tokens on several Ethereum-based decentralized finance (DeFi) protocols. The security incident was caused by an implementation bug that allowed any message to be forged as long as it had not already been processed, resulting in fraudulent messages being passed to the Nomad BridgeRouter contract. This authentication failure resulted in fraudulent messages being passed to the Nomad BridgeRouter contract, allowing attackers to mint counterfeit tokens on several Ethereum-based decentralized finance protocols. Nomad BridgeRouter is a contract that is used to route messages to their destination chains. Nomad has stated that it has not identified any loss of funds or any other adverse consequences for its customers or users, and it has taken steps to prevent similar incidents from occurring in the future. The security incident occurred on June 22, 2022, and was disclosed to the public on June 25, 2022[24]. TBD further analysis for other information to review.
August 15th, 2022 Halborn Analysis Published Halborn publishes an article on their analysis of the hack[25]. On August 1, the DeFi bridge Nomad was hacked for over $190m. Following the hack, the bridge's total value locked (TVL) dropped from $190,740,000 to $1,794 in mere hours. Nomad is a cross-chain bridge used for swapping tokens between Ethereum, Avalanche, Evmos, Milkomeda C1, and Moonbeam. Nomad confirmed on Twitter that the vulnerability was not exploited on any chain except for Ethereum, and only Ethereum-based assets were involved in the hack. The hack was caused by an implementation bug in a June 21 smart contract upgrade that caused the Replica contract to fail to authenticate messages properly, leading to fraudulent messages being passed to the Nomad BridgeRouter contract. As of August 15, over $33m has been returned to Nomad's wallet by whitehat hackers[26]. The article was ghost written by Jason Levin[27].
September 17th, 2022 11:22:05 AM MDT CoinBase Publishes Analysis CoinBase publishes a highly detailed analysis of the exploit[28]. They report the attack resulted in the loss of more than $186m in a few hours. Nomad Bridge was built using on-chain and off-chain components, with smart contracts being used to collect and distribute bridged funds. On April 21, 2022, Nomad deployed a Replica proxy contract to handle processing and validation of users’ claims of bridged assets. It set initial contract parameters and defined an entry for a trusted value. However, during the initialization process, the trusted value was set to 0, resulting in an issue when fraudulent messages are sent directly to the process() method, allowing authorization of fraudulent messages. Attackers used this vulnerability to send a specially crafted payload, stealing 100 Wrapped BTC (WBTC) from Nomad Bridge. Coinbase has published a blog post about the Nomad Bridge incident analysis to share lessons about the vulnerability, exploitation methodology, and on-chain analysis of attacker behaviour[29]. TBD further details are in this blog post.
September 28th, 2022 3:00:37 AM MDT New York Times Article Inclusion The New York Times reports on the cryptocurrency project Beanstalk, which offered a stablecoin, experiencing a major hack in April 2022, resulting in the theft of over $180 million from users. Beanstalk was one of several decentralized finance (DeFi) ventures targeted by hackers this year, leading to significant losses in the DeFi sector, including Nomad[30].
November 29th, 2022 12:47:57 PM MST Mandiant Publishes Analysis Mandiant, a cybersecurity firm, published a blog post about the Nomad bridge smart-contract exploit[31], in which it analyses the on-chain transactions post-compromise. The firm uses the blockchain investigative software, CryptoVoyant, developed by Cyber Team Six, to uncover the way the hack was conducted. In August 2022, a bridge attack was performed on the Nomad token bridge, resulting in the theft of over $190m from the Nomad liquidity pool. This was one of the largest decentralised finance (DeFi) hacks in history and required little technical knowledge to perform. This lack of expertise led to numerous copycat attacks, resulting in a greater financial loss. Bridges, whether custodial or non-custodial, offer a means of interoperability between multiple separate blockchain networks, and hold large amounts of all tokens associated with each blockchain it bridges, making them an enticing target for hackers[32]. TBD - More details could be gathered from this post to add to other sections.
December 7th, 2022 6:03:00 AM MST Bridge Relaunch Guide The Nomad team published a bridge relaunch guide on their Medium[33] and links it from Twitter[34]
December 14th, 2022 1:54:00 PM MST KYC Requirement Reminder The Nomad team announces to remind everything that KYC/KYB will be required for all bridge back claims[35].
December 20th, 2022 12:01:00 PM MST Bridge Relaunch Announcment Nomad announces that the bridge has now been relaunched and reminds users of the recovery program through the madAsset token[36].
December 20th, 2022 3:02:38 PM MST Recovered Fund Amounts The amount of recovered funds is increased to reflect the latest amount recovered[37].
January 12th, 2023 3:30:00 PM MST Bridge Relaunch Announcment Nomad again announces that the bridge has now been relaunched and they've accessed $9m in recovered funds via the upgraded bridge[38].

Technical Analysis

The hack on Nomad is one of the largest crypto thefts to date, and it underscores the ongoing security challenges in the cryptocurrency space.[8] In this incident, attackers took advantage of a smart contract update, allowing them to spoof transactions and withdraw funds that didn't belong to them[3]. Unlike some bridge attacks, where a single culprit is involved, this exploit allowed multiple users to participate[3].

The situation has been technically analyzed by multiple community experts.

"The first transactions started at Ethereum block 15259101 on August 1, 21:32:31 UTC. There were four relevant transactions within this same block, at indices 0, 1, 3, and 124. Each of these transactions drained 100 WBTC from the bridge."

"you didn't need to know about Solidity or Merkle Trees or anything like that. All you had to do was find a transaction that worked, find/replace the other person's address with yours, and then re-broadcast it"

"you just had to copy tx data and replace address lol"

"Nomad’s bridge got owned in a similar manner to Qubit’s QBridge. An insecure configuration of the bridge caused a specific path to allow any transaction sent. The error is inside the Replica’s “process” function."

"The Security team at @a16z Crypto has investigated and found the root cause of the @nomadxyz_ bridge hack. Nothing to be done at this time except getting funds back from whitehats that drained preventively."

GitHub Data Available

A GitHub repository has been made available providing an overview of the Nomad Bridge Hack[1]. A "Data" section contains raw data that is available for analysis, including details on the hack's transactions, events emitted within these transactions, lifecycle events of Nomad messages used to identify hack-related transactions, ERC20 transfer events, and token amounts sent to the Official Nomad Recovery Address. White hat addresses identified by TRM (Transaction Risk Management) and addresses still considered "bad actors" are included[1]. Information is provided for white hat hackers to return funds to the Official Nomad Recovery Address[1].

An "Analysis" section contains aggregated data resulting from the analysis of the raw data. This aggregated data provides insights into various aspects of the hack, such as transactions, tokens involved, and the recipients of these tokens[1]. A "Source Code" section includes scripts and code that were used for querying data and performing the analysis. It encompasses scripts dedicated to aggregating insights from raw data and others designed to query external services to compile the raw data needed for analysis[1].

Matt Gleason's Analysis

Researcher for A16Z Matt Gleason published a summary of the the technical issue[15][16][17].

1/ Nomad’s bridge got owned in a similar manner to Qubit’s QBridge. An insecure configuration of the bridge caused a specific path to allow any transaction sent. The error is inside the Replica’s “process” function.

2/ Process is designed to ensure that a message has been proven, then processes the message, which should normally be fine.

3/ It does this using acceptableRoot, which will check that the root has either been proven or the it was confirmed before the current time.

4/ The problem occurs because in solidity if a map key hasn’t been seen before it will default to zero, resulting in attempting to confirm a root of zero. However, because they initialized with the confirmedRoot of 0, that means zero is technically a confirmed root.

5/ As a result, the system will accept any message that it has never seen before and process it as if it were genuine, meaning that all you need to do is ask for all the bridge’s money and you’ll get it.

Samczsun's Analysis

Blockchain researcher samczsun was one of the first to start providing a full explanation of the events which unfolded and get to the root cause of the issue. His series of Tweets outlined his analysis in real-time as he composed it[14][11][19][39][40]:

1/ Nomad just got drained for over $150M in one of the most chaotic hacks that Web3 has ever seen. How exactly did this happen, and what was the root cause? Allow [him] to take you behind the scenes

2/ It all started [for him] when @officer_cia shared @spreekaway's tweet in the ETHSecurity Telegram channel. Although [he] had no idea what was going on at the time, just the sheer volume of assets leaving the bridge was clearly a bad sign

3/ [His] first thought was that there was some misconfiguration for the token's decimals. After all, it seemed as though the bridge was running a "send 0.01 WBTC, get 100 WBTC back" promotion

4/ However, after some painful manual digging on the Moonbeam network, [he] confirmed that while the Moonbeam transaction did bridge out 0.01 WBTC, somehow the Ethereum transaction bridged in 100 WBTC

5/ Furthermore, the transaction to bridge in the WBTC didn't actually prove anything. It simply called `process` directly. Suffice to say, being able to process a message without proving it first is extremely Not Good

6/ At this point, there were two possibilities. Either the proof had been submitted separately in an earlier block, or there was something extremely wrong with the Replica contract. However, there was absolutely no indication that anything had been proven recently

7/ This left only one possibility - there was a fatal flaw within the Replica contract. But how? A quick look suggests that the message submitted must belong to an acceptable root. Otherwise, the check on line 185 would fail

8/ Fortunately, there's an easy way to sanity check this assumption. [He] knew that the root of a message which had not been proven would be 0x00, because messages[_messageHash] would be uninitialized. All [he] had to do was check whether the contract would accept that as a root

9/ Oops

10/ It turns out that during a routine upgrade, the Nomad team initialized the trusted root to be 0x00. To be clear, using zero values as initialization values is a common practice. Unfortunately, in this case it had a tiny side effect of auto-proving every message

11/ This is why the hack was so chaotic - you didn't need to know about Solidity or Merkle Trees or anything like that. All you had to do was find a transaction that worked, find/replace the other person's address with yours, and then re-broadcast it

12/ tl;dr a routine upgrade marked the zero hash as a valid root, which had the effect of allowing messages to be spoofed on Nomad. Attackers abused this to copy/paste transactions and quickly drained the bridge in a frenzied free-for-all

Total Amount Lost

The total amount lost has been estimated at $190,740,000 USD.

"After a frenzied hack from hundreds of wallets, the bridge’s TVL dropped from $190,740,000 to $1,794 in mere hours. The hack involved a total of 960 transactions with 1,175 individual withdrawals from the bridge."

According to the latest numbers from the repository[37], the total amount lost is:

Numbers from the repository[37], the total amount recovered is:

Asset Lost Market Price Total
WBTC 1,028.2907
WETH 22,868.5953
USDC 87,250,743.9820
FRAX 6,683,295.7269
USDT 8,626,248.9749
DAI 4,533,681.0255
CQT 113,403,891.4872
CARDS 736,498.1347
IAG 516,231,512.0111
C3 7,221,941.6529
FXS 106,595.1223
GERO 58,808,241.5612
HBOT 11,802,082.7239
SDL 322,589.3248
Total

The total amount recovered has been estimated at $36,000,000 USD.

How much was lost and how was it calculated? If there are conflicting reports, which are accurate and where does the discrepancy lie?

Immediate Reactions

Because the exploit required a very limited amount of technical knowledge to exploit, it was exploited widely, including by accident. Multiple analysis were published about the events in real-time, while the attack was going on, which only acted to accelerate the rate of asset depletion from the bridge.

"Not only was this hack one of the largest with over $190 million siphoned out of the Nomad liquidity pool, making it one of the more sizeable decentralized-finance (DeFi) hacks in history, but also one of the most chaotic as the technique used to steal funds required little technical knowledge, resulting in a fury of cash-grabbing copycats once news of the exploit spread on social media (Figure 1)."

"After a frenzied hack from hundreds of wallets, the bridge’s TVL dropped from $190,740,000 to $1,794 in mere hours. The hack involved a total of 960 transactions with 1,175 individual withdrawals from the bridge."


"Nomad bridge getting rugged??? Looks very very sus"

Technical Analyses Shared

Both Matt Gleason[15] and Samczsun[14] shared a technical analysis of the events through Twitter.

Twitter user 0xFoobar posts an analysis of the exploit situation, calling it "the first decentralized crowd-looting of a 9-figure bridge"[21].

Community Reactions on Twitter

Coach K

Ultimate Outcome

"Nomad put forth a bounty following this hack—the bounty allowed attackers to keep 10 percent of their funds and face no legal action if the other 90 percent was returned. Oh, plus a Whitehat non-fungible token (NFT) as a thank you (Figure 2). Ultimately $36 million of the $190 million stolen was returned."

"Attention: White Hat Hacker Friends. Please return ETH or ERC-20 tokens to this wallet address: 0x94A84433101A10aEda762968f6995c574D1bF154"

Bloomberg reports that Nomad is offering a 10% bounty to recover funds stolen in the $190 million hack. They are encouraging hackers to return at least 90% of the stolen tokens, and those who do so will be considered "white-hat hackers," highlighting vulnerabilities rather than seeking malicious gains. The remaining 10% will serve as a reward. Nomad has stated that they will not prosecute white-hat hackers but will collaborate with partners, intelligence firms, and law enforcement to pursue malicious actors.[8]

The Nomad team is actively investigating the incident, working with blockchain intelligence and forensics firms and notifying law enforcement[3]. The attack raises concerns about the security of cross-chain bridges, especially as they play a crucial role in enabling asset swaps between different blockchains[3].

Nomad has recovered approximately $20 million of the $190 million stolen funds so far. They are working with crypto forensics specialist TRM Labs and law enforcement to identify the hackers and have partnered with crypto platform Anchorage Digital to accept and secure the funds that can be retrieved.[8]

A bounty of $3,600,000 USD was paid for the discovery.

Nomad Bridge Relaunching

The Nomad bridge released a relaunch guide[33] and the bridge was successfully relaunched[36][38] in December 2022.

Total Amount Recovered

Nomad has recovered approximately $20 million of the $190 million stolen funds so far. They are working with crypto forensics specialist TRM Labs and law enforcement to identify the hackers and have partnered with crypto platform Anchorage Digital to accept and secure the funds that can be retrieved.[8] According to the latest numbers from the repository[37], the total amount recovered is:

Asset Lost Recovered Percentage
WBTC 1,028.2907 280.73117399 27.3008%
WETH 22,868.5953 1,049.63562980 4.5899%
USDC 87,250,743.9820 12,890,538.932401 14.7741%
FRAX 6,683,295.7269 2,644,469.91860909 39.5684%
USDT 8,626,248.9749 4,673,863.595197 54.1819%
DAI 4,533,681.0255 866,070.75687635 19.1030%
CQT 113,403,891.4872 34,082,775.75159970 30.0543%
CARDS 736,498.1347 165,005.81948028 22.4041%
IAG 516,231,512.0111 349,507,392.18740200 67.7036%
C3 7,221,941.6529 1,684,711.12239136 23.3277%
FXS 106,595.1223 46,895.68804450 43.9942%
GERO 58,808,241.5612 23,245,641.66618310 39.5279%
HBOT 11,802,082.7239 900,239.99796600 7.6278%
SDL 322,589.3248 9,790.82405700 3.0351%

The total amount recovered has been estimated at $36,000,000 USD.

What funds were recovered? What funds were reimbursed for those affected users?

Ongoing Developments

Despite claims of enhanced security, Nomad's exploit questions the reliability of bridging platforms[3].

General Prevention Policies

All of the funds were placed in a hot wallet, when this could have been better secured by a multi-signature setup. Further reviews/audits of the smart contract could have been performed. Only one firm was used.

Individual Prevention Policies

Victims were limited to those with funds providing liquidity to the smart contract.

Avoid the use of smart contracts unless necessary. Minimize the level of exposure by removing or withdrawing assets whenever possible. Aim to choose smart contracts which have obtained third party security audits, preferably having been audited by at least three separate reputable firms. Pay attention to the audit reports, which smart contracts are covered, and whether the smart contract has been upgraded or modified since the report. Ensure that any administrative functions with the ability to remove funds from the smart contract are under the authority of a multi-signature wallet which is controlled by at least three separate and reputable entities.

For the full list of how to protect your funds as an individual, check our Prevention Policies for Individuals guide.

Platform Prevention Policies

All upgrades to the platform should have been subject to the scrutiny of proper third party security audits. Having audits from 2 or more reputable firms would be unlikely to allow such a change to pass through.

All aspects of any platform should undergo a regular validation/inspection by experts. This validation should include a security audit of any smart contracts, reporting any risks to the backing (of any customer assets, ensuring treasuries or minting functions are properly secured under the control of a multi-signature wallet, and finding any inadequacies in the level of training or integrity of the team. The recommended interval is twice prior to launch or significant system upgrade, once after 3 months, and every 6 months thereafter. It is recommended that the third party performing the inspection not be repeated within a 14 month period.

In the unlikely even that both firms fail to detect the potential exploit, then an established industry insurance fund could cover some of the lost funds.

Work with other industry platforms to set up a multi-signature wallet with private keys held separately by delegate signatories from seven prominent platforms and services within the industry. Establish requirements for contributions by all platforms and services, designed to be affordable for small platforms yet large enough to cover anticipated breach events. Any breach event can be brought forth by a member platform or a petition of 100 signatures for consideration by the delegate signatories. A vote of 4 or more delegate signatures is required to release any funds, which could partially or fully restore lost funds based on their assessment.

One potential first line of defense and way to reduce damages would be having less funds in the smart contract. A model where a majority of funds are held separately and released into the contract as-needed for additional liquidity could reduce the amount of funds that could be taken at one time through an exploit. This could be secured through limiting the withdrawals to the single smart contract and a multi-signature requirement.

All wallets, minting functions, and critical infrastructure should be implemented with a multi-signature requirement, with a recommended minimum of 3 signatures required. This means that making important changes or approving spending will require the keys held by at least 3 separate individuals within the organization to approve. The multi-signature should be implemented at the lowest layer possible, all key holders should have security training, and all key holders should be empowered and encouraged to exercise diligence.

For the full list of how to protect your funds as a financial service, check our Prevention Policies for Platforms guide.

Regulatory Prevention Policies

The first line of defense would be security assessments, including on upgrades. This would add an additional layer of inspection on the protocol upgrades.

All platforms should undergo published security and risk assessments by independent third parties. Two assessments are required at founding or major upgrade, one after 3 months, and one every 6 months thereafter. The third parties must not repeat within the past 14 months. A risk assessment needs to include what assets back customer deposits and the risk of default from any third parties being lent to. The security assessment must include ensuring a proper multi-signature wallet, and that all signatories are properly trained. Assessments must be performed on social media, databases, and DNS security.

Failing this, the establishment of an industry insurance fund could provide some protection for affected users.

Set up a multi-signature wallet with private keys held separately by delegate signatories from seven prominent platforms and services within the industry. Establish requirements for contributions by all platforms and services within the country, designed to be affordable for small platforms yet large enough to cover anticipated breach events. Any breach event can be brought forth by a member platform or a petition of 100 signatures for consideration by the delegate signatories. A vote of 4 or more delegate signatures is required to release any funds, which could partially or fully restore lost funds based on their assessment.

For the full list of regulatory policies that can prevent loss, check our Prevention Policies for Regulators guide.

References

  1. 1.0 1.1 1.2 1.3 1.4 1.5 GitHub - nomad-xyz/hack-data: Data pertaining to the Nomad Bridge Hack (Apr 10, 2023)
  2. https://cexplorer.io/article/cardano-survives-nomad-bridge-hack (Apr 10, 2023)
  3. 3.00 3.01 3.02 3.03 3.04 3.05 3.06 3.07 3.08 3.09 3.10 3.11 3.12 3.13 Crypto Bridge Nomad Drained of Nearly $200M in Exploit - CoinDesk (Jan 9, 2023)
  4. Nomad (Apr 10, 2023)
  5. Introduction - Nomad Docs (Apr 10, 2023)
  6. Nomad (Apr 10, 2023)
  7. Audits - Nomad Docs (Apr 10, 2023)
  8. 8.0 8.1 8.2 8.3 8.4 8.5 Crypto Bridge Nomad Offers 10% Bounty After $190 Million Hack - Bloomberg Archive.ph (Sep 29, 2023)
  9. 9.0 9.1 9.2 9.3 9.4 9.5 Nomad crypto bridge loses $200 million in ‘chaotic’ hack - The Verge (Apr 10, 2023)
  10. spreekaway - "Nomad bridge getting rugged??? Looks very very sus" - Twitter (Apr 10, 2023)
  11. 11.0 11.1 samczsun - "It all started when @officer_cia shared @spreekaway's tweet in the ETHSecurity Telegram channel." - Twitter (Apr 11, 2023)
  12. fbsloXBT - "Accidently exploited Nomad bridge (for 17k), will return the funds asap" - Twitter (Apr 10, 2023)
  13. fbsloXBT - "you just had to copy tx data and replace address lol" - Twitter (Apr 10, 2023)
  14. 14.0 14.1 14.2 samczsun - "Nomad just got drained for over $150M in one of the most chaotic hacks that Web3 has ever seen." - Twitter (Apr 11, 2023)
  15. 15.0 15.1 15.2 Matt Gleason - "Nomad’s bridge got owned in a similar manner to Qubit’s QBridge. An insecure configuration of the bridge caused a specific path to allow any transaction sent. The error is inside the Replica’s “process” function." - Twitter (Apr 10, 2023)
  16. 16.0 16.1 Matt Gleason - "An insecure configuration of the bridge caused a specific path to allow any transaction sent." - Twitter (Apr 11, 2023)
  17. 17.0 17.1 Matt Gleason - "Similar to the issue Theori had with Qubit, this is a path you don't expect just looking at it. "Why would they set 0 as a proof root?" is similar to "Why would they try to run address(0).transfer?"" - Twitter (Apr 10, 2023)
  18. nassyweazy - "The Security team at @a16z Crypto has investigated and found the root cause of the @nomadxyz_ bridge hack." - Twitter (Apr 10, 2023)
  19. 19.0 19.1 samczsun - "It turns out that during a routine upgrade, the Nomad team initialized the trusted root to be 0x00." - Twitter (Apr 10, 2023)
  20. Coachkcrypto - "Don’t use bridges they aren’t safe!" - Twitter (Sep 22, 2022)
  21. 21.0 21.1 0xfoobar - "Explaining the Nomad bridge hack All credit to @samczsun for doing the heavy lifting of diagnosing the precise vulnerability in his postmortem How did we get the first decentralized crowd-looting of a 9-figure bridge in history?" - Twitter (Nov 16, 2023)
  22. Hackers Return $9M to Nomad Bridge After $190M Exploit - CoinDesk (Apr 10, 2023)
  23. Nomad Bridge Hack: Root Cause Analysis - Nomad Medium Archive August 5th, 2022 12:26:00 PM MDT (Apr 28, 2023)
  24. Nomad Bridge Hack Root Cause Analysis - Nomad Medium (Apr 10, 2023)
  25. The Nomad Bridge Hack: A Deeper Dive - Halborn Archive August 16th, 2022 11:49:45 AM MDT (Apr 28, 2023)
  26. The Nomad Bridge Hack: A Deeper Dive - Halborn (Apr 10, 2023)
  27. Halborn - Jason Levin's Website (Apr 28, 2023)
  28. Nomad Bridge incident analysis - CoinBase Blog Archive September 28th, 2022 7:49:19 AM MDT (Apr 28, 2023)
  29. Nomad Bridge incident analysis - CoinBase Blog (Apr 10, 2023)
  30. The Crypto World Is on Edge After a String of Hacks - The New York Times (Nov 28, 2022)
  31. Decentralized Robbery: Dissecting the Nomad Bridge Hack and Following the Money - Mandiant Archive November 29th, 2022 12:47:57 PM MST (Apr 28, 2023)
  32. Decentralized Robbery: Dissecting the Nomad Bridge Hack and Following the Money - Mandiant (Apr 10, 2023)
  33. 33.0 33.1 Nomad Bridge Relaunch Guide - Nomad Medium (Jun 5, 2023)
  34. Nomad Bridge - "The Nomad team would like to share a more in-depth guide on how the bridge relaunch will actually work" - Twitter (Jun 5, 2023)
  35. Nomad - "With the upcoming bridge relaunch, madAsset holders will be required to complete KYC/KYB verification to bridge back and mint NFTs." - Twitter (Jun 5, 2023)
  36. 36.0 36.1 Nomad - "The Nomad Bridge is now relaunched and can be accessed at: https://app.nomad.xyz. This relaunch will allow madAsset holders to access recovered funds via the upgraded bridge." - Twitter (Jun 5, 2023)
  37. 37.0 37.1 37.2 37.3 Nomad Bridge Recovery Repository Commit December 20th, 2022 (Sep 29, 2023)
  38. 38.0 38.1 Nomad - "The Nomad Bridge has been relaunched at https://app.nomad.xyz. To date, madAsset holders have accessed $9m in recovered funds via the upgraded bridge." - Twitter (Jun 5, 2023)
  39. samczsun - "All you had to do was find a transaction that worked, find/replace the other person's address with yours, and then re-broadcast" - Twitter (Apr 10, 2023)
  40. samczsun - "Attackers abused this to copy/paste transactions and quickly drained the bridge in a frenzied free-for-all" - Twitter (Apr 10, 2023)

Cite error: <ref> tag with name "unnamed-10703" defined in <references> is not used in prior text.