Breaking: Over 41 Addresses Identified In $190 Million Nomad Hack

The global digital asset market wakes to the 5th largest DeFi hack of all time. Nearly $200 million were drained from the Nomad, a bridge protocol. According to a blockchain security firm, more than 41 addresses have been identified which grabbed millions of dollars during the theft.

41 address grabbed over $152 million in Nomad Hack

As per PeckShield, 41 addresses grabbed over $152 million in the Nomad bridge exploit. It amounted to 80% of the total hack. This includes 7 MEV Bots, 7 Rari Capital Arbitrum exploiter, and 6 White Hat.

It added that around 10% of these addresses with the ENS names got $6.1 million out of this exploit. While MEV Bots grabbed $7.1 million and Rari Arbitrum exploiter took $3.4 million.

After this major attack Nomad has landed on the list of biggest exploits in 2022. However, this hack was slightly different from the others as the funds drained out the protocol over hours and in small batches.

First hackers were not well skilled

Mudit Gupta, CISO at Polygon, in a Twitter thread said that the attacker could have taken everything in a single transaction in the Nomad hack. However, they didn’t do that and got the front run. He mentioned that the front run was done from both whitehats and blackhats.

He added that if the first attacker had the required and right skills they could have taken all the funds using smart contracts in a single transaction. However, this was a smart contract hack and not a key compromise.

Gupta mentioned that this could have been avoided by better tests, fuzzing, and some formal verification. Meanwhile, he concluded that Decentralized bridges are complex and hard to secure.

Zellic, a blockchain security firm mentioned understanding bugs isn’t enough. It is important to stop merging them. It mentioned that the first hack transaction recorded was $2.322 million worth of Wrapped Bitcoin (WBTC).

However, he added this was initiated directly with the bridge by calling a single function, process (). This function is solely responsible for executing cross chain exchanges and it is very critical.

What’s Nomad’s take over it?

During the hack, Nomad took to Twitter and wrote that they are aware that some people are posing as Nomad and providing fraudulent addresses. It mentioned that they are not providing instructions on the return of bridge funds.

Later it reported that they are investigating the hack and will provide updates on it. However, no further update has been given by the team.