Cointime

Download App
iOS & Android

On Nomad Theft: Security of Chain-to-Chain Bridge

Cointime Official

Another tragedy in the history of the Chain-to-Chain Bridge or Cross-Chain Bridge happened this August and the protagonist is Nomad Bridge. More than $190 million was stolen and the theft was turned into the largest and most chaotic "decentralized" heist in DeFi history.

As a new Chain-to-Chain Bridge launched this year, Nomad, with popular concepts such as cross-chain communication, has not only won the love of Coinbase Ventures, OpenSea, Polychain and other venture capital institutions, but also completed a $22 million of financing in April. It also quickly became the official Chain-to-Chain Bridge of EVMOS, Moonbeam, Milkomeda and other EVM public chains, and its lock-up volume quickly rose to nearly $200 million.

Still, no amount of endorsements is a safety net. Less than a week after the new list was released, hackers targeted Nomad and its total lock-up fell from $190 million to less than $2,000 in a matter of hours.

For a start-up project, tens of millions of dollars of financing can be regarded as the starting line to win. What is the advantage of Nomad in terms of team and design mechanism? And what vulnerabilities triggered the hack? What is the security of Chain-to-Chain Bridges we’re talking about today?

What does a Chain-to-Chain bridge tell us about the rapidly changing blockchain market?

Essentially, the initial overwhelming traffic driven by Ethereum is segmented bit by bit until a fragmented “value island" is formed. This phenomenon has become more and more evident in the past two years with the increase of the L2 projects. In essence, multi-chain coexistence is a new market pattern. As more public chains emerge, L2 projects continue to evolve and the corresponding ecosystem improves, the need for cross-chain asset transfers will explode.

However, at present, there are different types of assets and protocols on different public chains, which makes it impossible for them to communicate directly and that brings a lot of inconvenience to users.

The development of Chain-to-Chain technology makes it possible for users to interoperate between different blockchains, such as asset transactions and information exchange. The most widely used implementation is Chain-to-Chain bridge in the Web3 domain. This connection is important because without a blockchain “bridge”, blockchains would be isolated from each other, unable to communicate with each other.

What makes Nomad bridge stand out and win over those famous capitals?

Nomad is a security-first cross-chain messaging protocol whose goal is to provide connective tissue that enables end-users to securely interact across blockchains and developers to build cross-chain applications such as token bridges, native cross-chain assets, cross-chain governance applications, and more.

According to Nomad's official profile, members of its founding team have been involved in interoperability research for more than four years, and in 2017 several of them worked at Summa, a cross-chain interoperability R&D company.

Pranay Mohan, CEO and co-founder of Nomad, has 8 years of development experience. He started as a software engineer at IBM in 2014, and then co-founded software media company SE Daily. He has since worked at Snapchat, O(1) Labs, and Celo.

Nomad realized that while header relays or light client were theoretically considered the most secure way to build cross-chain bridges, they were not scalable and difficult to deploy across heterogeneous ecosystems. Light client require expertise in proof-of-work and proof-of-stake implementation and are not friendly to new developers.

Thus, Nomad, taking inspiration from Optimistic Rollups, is exploring ways to avoid light client and use fraud proofs in Optimistic Rollups to build a trust-minimizing bridge that is also easy to deploy in various ecosystems. As a result, Nomad expects to reduce gas fees by 90% compared to traditional block header relays. This is also an Optics design.

Nomad wants to provide a security-first interoperability solution where developers can securely build cross-chain applications (xApps) and bridge assets between chains. Currently, Nomad has launched the Nomad Token Bridge, which supports cross-chain assets on Ethereum, Moonbeam, and Milkomeda C1, with more chains to come.

With the security-first slogan, why this $190 million still occurred to Nomad?

Nomad Bridge was hacked on August 2 after bad actors discovered a security hole in Nomad smart contracts that enabled them to withdraw funds that did not belong to them through suspicious transactions.

According to the Slow fog analysis, this attack was caused by the fact that the trusted root of the Nomad bridge Replica contract was set to 0x0 during initialization, and the old root was not invalid when the trusted root was modified. As a result, the attack can construct any message to steal funds from the bridge.

In addition to professional analysis, there are also many people in the industry who have explained the attack in layman's terms. For example, @0x_Todd from Nothing Research said:

“Nomad had a trivial error in upgrading contracts, which resulted in ordinary people being able to hack, find past successful transactions, and then change the address and broadcast again. ”

However, the amount of money cannot be changed, so the hackers also wanted to steal one piece after another, which gave others an opportunity to grab the remaining Nomad assets, some even with ENS attached to them, such as ?? .eth this man robbed more than $3 million.

Samczsun, Paradigm partner, said:

“Nomad just got drained for over $150M in one of the most chaotic hacks that Web3 has ever seen. You didn't need to know about Solidity or Merkle Trees or anything like that. All you had to do was find a transaction that worked, find/replace the other person's address with yours, and then re-broadcast it.”

The very special point about this theft is that it was not caused by a single or several of hackers, but after the initial attacker attacked, hundreds of different accounts found this way and copied their way to get stolen funds.

Among the skepticism on the team, how does Nomad cope with the ‘most chaotic theft’?

The professionalism of the Nomad team was questioned during the theft.

At the beginning of the hack, the Nomad team said in the Discord community that they were investigating the case. At the time, about $100 million in assets had not yet been stolen from the Nomad contract address.

"The Nomad bridge is an upgradeable proxy contract. Why didn't the multisig block transactions when the slow-motion hack started?" "Says CrocSwap founder @0xdoug.

It's also worth noting that Nomad founder James Prestwich was accused of wrongdoing when he launched the project earlier this year. In November, the Celo public cross-chain bridge Optics was temporarily suspended. James Prestwich, the engineer at the time, was blamed for the incident.

Nomad was then offering a 10% reward to recover $190 million after it was hacked. Nomad has since issued a statement saying that whoever returns at least 90 per cent of the stolen tokens will be considered a so-called "white hat" -- a hacker whose goal is to find vulnerabilities rather than acquire them maliciously.

"We are not suing white hats," Nomad Chief Executive Pranay Mohan said in a statement. "But we will continue to work with our partners, intelligence firms and law enforcement to fully hold all other malicious actors accountable to the full extent of the law."

"If you haven’t yet returned funds, you can still do so now! Metagame checks your on-chain tx history automatically. "the Nomad team said via Twitter.

As of August 8, the white hat hackers had returned about $32.6 million of the total $190 million stolen, Cointelegraph reported.

BlockBeats news, on September 21, the cross-chain interoperability protocol Nomad released the cross-chain bridge restart update, called support restart made significant changes to the code, including vulnerability exploitation fixes, bridging GUI patches, processing recovered funds, etc., will be released after the completion of the audit code.

Back to technical solitons, Nomad stated that bridging recovered funds to madAssets is not a simple process, and users need to follow the following process:

1. The bridge. Bridging madAssets back into Ethereum results in an NFT that specifies the type and number of bridged assets.

2. Use an NFT (for example, 100 USDC). This NFT grants rights to a portion of the asset equivalent to a percentage of the recovered asset. In addition, users who are added to the whitelist will only be able to receive the recovered funds, the recovered funds will be accounted for by token, the tokens returned in different forms will be released, and Nomad will work with blockchain forensics companies to determine which tokens are affected.

Summary

Among the well-known cross-chain bridges, only Stargate, Hop Protocol, and Connext have not been successfully attacked so far. How long can they survive? Nomad provides a cross-chain solution that considers speed, cost, and network security by imitating optimistic system with fraud proof utilization. With complementary cooperation with cross-chain infrastructure such as Connext and later integration with other DEX protocols, Nomad may play a key role in interoperability solutions after it really learns the lesson from the historic theft.

Comments

All Comments

Recommended for you

  • Whale Transfers 1,133 BTC to Coinbase Prime, Valued at $71.48 Million

    According to Onchain Lens monitoring, a whale transferred 1,133 BTC from Coinbase to Coinbase Prime through an intermediary wallet, valued at $71.48 million.

  • U.S. AI Chip Stocks Decline Before Market Open, Intel Falls Over 3%

    On July 7, U.S. AI chip stocks experienced widespread declines before the market opened. Intel dropped over 3%, while AMD, Qualcomm, and NXP fell more than 2%. TSMC, Broadcom, and Tesla decreased by over 1%, and NVIDIA declined by 0.7%.

  • China's Central Bank Increases Gold Reserves for the 20th Consecutive Month

    As of the end of June, China's gold reserves stood at 75.44 million ounces (approximately 2,346.446 tons), an increase of 480,000 ounces (about 14.93 tons) from the end of May, which reported 74.96 million ounces (approximately 2,331.52 tons). This marks the 20th consecutive month of gold accumulation.

  • China's Foreign Exchange Reserves in June at $341.6262 Billion

    On July 7, China's foreign exchange reserves for June stood at $341.6262 billion, a decrease of $26 billion from the end of May, representing a decline of 0.75%, with expectations set at $343.2 billion.

  • U.S. Storage Stocks Drop Pre-Market, SanDisk and Micron Down Over 4%

    On July 7, U.S. storage concept stocks collectively fell in pre-market trading. Western Digital dropped over 5%, SanDisk and Micron Technology fell over 4%, Seagate Technology declined over 3%, Rambus fell over 2%, and SMI fell over 1%.

  • U.S. Stocks in Optical Communication Sector Drop Pre-Market

    On July 7, stocks in the optical communication sector of the U.S. market collectively fell pre-market. Astera Labs dropped over 4%, while Marvell Technology, Credo Technology, and AXT Inc. fell more than 3%. Tower Semiconductor, MaxLinear, Corning, Applied Optoelectronics, GlobalFoundries, Lumentum, and Qorvo all declined by more than 2%. Coherent, Nokia, Amphenol, and Broadcom dropped over 1%.

  • Pre-market Decline in U.S. Storage Stocks

    In pre-market trading, U.S. storage concept stocks experienced a widespread decline, with Micron Technology falling by 4.8%, SanDisk dropping over 4%, Corning down more than 2%, and Intel decreasing by over 3%.

  • Two Departments: Support for Reinsurance Institutions to Increase Capital and Issue Supplementary Capital Tools

    On July 7, the National Financial Supervision and Administration Bureau and the Shanghai Municipal Government released several measures to accelerate the construction of the Shanghai International Reinsurance Center. Among these measures, they proposed to enhance the quality and efficiency of the reinsurance industry, support reinsurance institutions in increasing capital and expanding shares, and issuing supplementary capital tools to improve the capacity for internal capital accumulation and external capital supplementation, thereby strengthening the reinsurance industry's capabilities. The initiative aims to guide the insurance industry to focus on major national projects, strategic emerging industries, and livelihood security, consolidating insurance and reinsurance underwriting capabilities to enhance risk protection levels. It also supports reinsurance institutions in leveraging their professional technical advantages to assist the insurance industry in reducing risk.

  • Sources: Saudi Arabia Plans to Expand Oil Pipeline to Red Sea, Increasing Capacity by 2 Million Barrels Daily to Bypass Strait of Hormuz

    On July 7, five informed sources revealed that Saudi Arabia is considering expanding the crude oil pipeline capacity to its western coast on the Red Sea, allowing Saudi Arabia and its neighbors to transport more oil without passing through the Strait of Hormuz. This east-west pipeline, built in the early 1980s, has gained strategic importance since the outbreak of the Iran war in February and the disruption of shipping in the Strait of Hormuz. The pipeline can deliver up to 7 million barrels of crude oil per day to the Red Sea port. The CEO of Saudi Aramco stated in May that approximately 2 million barrels are supplied to west coast refineries, while about 5 million barrels are for export. Sources indicate that Saudi Arabia is in preliminary discussions with some neighboring countries regarding the pipeline expansion, aiming to add about 2 million barrels of pipeline capacity per day. It remains unclear whether Aramco's planned expansion involves upgrading existing infrastructure or constructing new pipelines. One source mentioned that the expansion plan also includes a smaller refined oil pipeline. Two sources indicated that the expansion scale could range from 1 million to 2 million barrels per day, with refined oil also being considered. Another source stated that the project would take several years and cost billions of dollars, requiring adjustments to Saudi crude pricing mechanisms.

  • Citi: Tencent's WorkBuddy Gains Momentum, Maintains 'Buy' Rating

    On July 7, Citi released a research report stating that, according to the latest industry data, Tencent's AI agent product WorkBuddy has reached 20 million monthly active users (MAU) and over 13 million daily active users (DAU), with a DAU/MAU ratio between 65% and 75%. Considering the product has only been launched for a few months, user stickiness and daily engagement are performing strongly. Citi quoted Tencent's management as saying that in terms of daily active users, Tencent is leading its Chinese peers in the deployment of AI agents. Early user data reflects strong natural growth for both CodeBuddy and WorkBuddy, with high retention rates. Early users are interacting with the AI agents for long durations and with high frequency, creating a positive feedback loop. It is expected that AI products will become a key revenue source for Tencent Cloud. The firm believes that WorkBuddy's success demonstrates the strength of Tencent's ecosystem, the synergy between various productivity tools, and users' trust in Tencent's products and security. Citi maintains a 'Buy' rating on Tencent with a target price of HKD 763 unchanged.