Bridge exploits continue to prove to be a major concern for DeFi and crypto in general, as bridges have repeatedly proven to be a major point of vulnerability. Enter yet another great example with the latest 9 digit feat, this time on the Multi-Chain Nomad Bridge.
In the first hours following the exploit, we’re looking at an exploit in the range of $160-190 million – let’s take a look at that and more from what we know so far.
According Llama Challenge, the bridge closed in July with a TVL of around $190 million, and in early August many crypto Twitter users started watching the bridge being mined and essentially drained to 0. most of it was in USDC, WETH and WBTC. However, around half a dozen different tokens have been drained, ranging from tens of thousands to nearly $100 million.
It was first noted by Twitter user @spreekaway:
The nomadic bridge becomes robust ??? Seems very very sus pic.twitter.com/nvtMIjf0rD
— Spreek (@spreekaway) August 1, 2022
Seed investors in Nomad include Polygon, Coinbase Ventures, OpenSea and others, and the bridge undertook a $22 million fundraising just 4 months ago.
Ether (ETH) can be wrapped to be used to transfer across networks, through bridges, at a lower cost than ETH. | Source: ETH-USD on TradingView.com
Another bridge bites the dust
However, the Nomad team is looking to recover, it will be a long way to go. Bridges continue to be a focal point of vulnerability in crypto as 9-digit exploits continue to wreak havoc. Earlier this year, wormhole suffered a loss of over $300 million in one of the biggest losses in DeFi history. Cross-chain activity should be a major point of attention for crypto security, as many have touted it as “the future of crypto” – but also offers areas of vulnerabilities.
Unlike many vulnerabilities seen in crypto, this one was apparently just a contract exploit used by various addresses (some of which said they planned to return the funds). In this case, a user manipulated the code noted in the bridge audit, taking advantage of a vulnerable function to make every message on the bridge valid. Other users have seen this happen and have been looking to see if they can do it themselves.
Perhaps enough funds will be returned to keep the bridge moving forward once the dust settles. At press time, the TVL of the bridge sits at just under $5,000 – a tiny fraction of the locked pre-exploit of almost $200 million, but still a small bounce from the sub-1 value. $000 which was observed immediately after the exploit.
Related Reading | Ethereum investors clamor to take profits as profitability soars
Featured image from Pixabay, Charts from TradingView.com The writer of this content is not associated or affiliated with any of the parties mentioned in this article. This is not financial advice.