Nomad Loses 100 Bitcoins In An Exploit That Shows The Difficulty Involved In Building A Safe Bridge

Nomad Exploit

Misaka, a web 3 value developer, said that the recent hack of the Nomad bridge is an indication of the difficulty involved in building a secure bridge that links two blockchains. Misaka made the comment following the Monday hack that saw the Nomad platform lose more than $200 million, a large chunk of all its funds.

The Nomad team said in the hours after the hack that it is investigating it and would make public their findings as soon as they can.

The Bridging Difficulty

In his reaction, Misaka wrote:

“Nomad is definitely one of the best teams in crypto. This hack simply shows how hard it is to create a secure bridge infra”

In his explanation at what happened, @samczsun, a researcher at Paradigm, said that there was a flaw in the Replica contract,

“A quick look suggests that the message submitted must belong to an acceptable root. Otherwise, the check on line 185 would fail”

Nomad

He added that during a routine upgrade that the Nomad team had initiated a command line that had the unintended effect of auto proving every message.

According to him,

“This is why the hack was so chaotic – you didn’t need to know about Solidity or Merkle Trees or anything like that. All you had to do was find a transaction that worked, find/replace the other person’s address with yours, and then re-broadcast it”

Low Standard for Crypto

In a twist to the developing story, a Twitter user, MyInvestingAccount.iota said that the team did not do enough to prevent the exploit, considering that the bug was documented in a report.

Another user, Haze, said that the low crypto standard is responsible for hacks such as this. They highlighted that teams mostly do not run projects on testnets before public rollouts.


“The standard in crypto is just extremely low, these projects come out mostly without any time running on testnet to start with, we see this all the time, stuff is just released out nowhere in prod like a team managed by fresh out of college students would do.”

 

Share:

Author: Jofor Humani

Jofor is a crypto journalist with passion for investigative review of projects with the aim to determine the authenticity of their claims.

Leave a Reply