Hackers withdrew more than $190 million from the Nomad project

Unknown people managed to hack into the network bridge of the decentralized finance project Nomad and completely devastate it. Experts called the attack “the most chaotic hack” in the industry.

The smart contract of the Nomad bridge contained various tokens worth $190.7 million. On Wednesday morning, August 2, the hackers managed to withdraw almost everything, the smart contract had about $650 worth of assets left. At the same time, they devastated the bridge with the help of many transactions and it seems that at least a few people participated in the attack.

According to a computer security specialist under the pseudonym saczsun, during the usual minor update of a smart contract, the developers made a mistake, as a result of which almost any transaction sent to the contract was automatically approved. As a result, the attackers did not need to have a good knowledge of the Solidity programming language or understand information security. In fact, anyone could take an already completed transaction, change the recipient’s address in it to their own and send it to the contract.

The developers said they are investigating the issue and will provide more details later. However, given that the project was completely devastated, this is unlikely to console users who have lost funds.

The attackers removed WBTC, WETH, USDC, FRAX, CQT, HBOT, IAG, DAI, GERO, CARDS, SDL, and C3 tokens from the Nomad gateway. It allowed the exchange of tokens between the Ethereum networks, Avalanche, Evmos, Mikomeda C1 and Moonbeam.

Just a few days ago, the Nomad project raised over $22 million in funding from companies including Coinbase Ventures and OpenSea. The capitalization of the project reached $225 million.

The Nirvana Finance DeFi project on the Solana blockchain was recently hacked. The hacker managed to withdraw $3.5 million.