Crypto Crimes: Nomad Bridge Hack

Crypto Insurance, and Anonymity

If you’re new and have a question, please read the FAQ post first.

Please refer to Definitions page for any terms or abbreviations that I use that you don’t understand. If a term is missing, please let me know.

This post will be too long for the email, please come to the substack website.

Substack has launched an iOS app for those of you using apple devices. I am an android peasant and can’t tell you if its good or not, but check it out if you have an iPhone or some other such trappings of royalty.

This was originally going to be a part of the Friday’s Crypto Macro section in this weeks review post, but it got too long. So now its a standalone post.

---

Table of Contents

1. Nature is Healing

2. Insuring the Insecure

3. Crime on The Blockchain

4. Nomad Hack Consequences

5. Conclusion

---

1. Nature Is Healing

Now that the market seems to have bottomed in the mid-term, we can get back to normal market activities. On Monday afternoon, within the span of ~1 hour, the Nomad bridge was hacked for $150 million (which was the entire amount of assets on the bridge). The assets exploited from the bridge were wBTC, wETH, USDC, and other stablecoins. (Since then a number of other shitcoins have been exploited from the bridge as well, but these are essentially just the crumbs).

Nomad bridge exploited - chart courtesy of DefiLlama

If you want to read more in depth about how the bridge was exploited, Samczsun gives a technical explanation of the exploit below.

samczsun @samczsun

1/ Nomad just got drained for over $150M in one of the most chaotic hacks that Web3 has ever seen. How exactly did this happen, and what was the root cause? Allow me to take you behind the scenes 👇

11:45 PM ∙ Aug 1, 2022

---

Bridge hacks are unfortunately a fact of life because bridge’s by their very nature are centralized and unsecure, in much the same way that CeFi protocols like Celsius are also centralized and unsecure. Bridges all have a clock attached to them. The more secure bridges will last longer, while the insecure bridges tend to break far quicker. But regardless of the bridge, they are all heading to the same place at some point. They will be exploited, and the more money that is locked into the bridge, the more incentive there is for someone to hack it.

I don’t mean to dance on graves, but read this blurb that Nomad wrote about themselves back in April.

“In just the past half year, over $1.5B of value has been exploited due to bridge vulnerabilities. Figuring out how to provide more secure cross-chain messaging is key to uniting DeFi ecosystems on thriving Layer 1 protocols and unlocking their combined value,” said Pranay Mohan, CEO and Co-founder of Nomad. “By prioritizing security-first design, Nomad lets users send messages and bridge assets safely, with the assurance that honest watchers can flag fraudulent activity and protect the system.”