Are bridge attacks avoidable?
The attack on Nomad Bridge where nearly $200 million was stolen is not just another hack, it’s the fourth largest crypto hack in history and it’s a blatant exploitation of the vulnerabilities within these protocols that highlights the weaknesses within the De-Fi space.
Who is Nomad Bridge?
Nomad bridge is a cross chain bridge, a protocol that overcomes the challenges of blockchains working together. Nomad bridge, as with all blockchain bridges, enables users to exchange digital assets between different blockchains and avoid congestion and high transaction costs.
Crypto analysis group, Bestbrokers found that 400 Bitcoin was drained on August 1 over four different transactions.
On August 2, Nomad announced that they were aware of an incident that they were investigating. Very quickly, the crypto community were commentating and speculating what had happened with predictions that it was a smart contract hack which would ultimately lead to the draining of the full amount of the funds.
The hack involved the exploitation of a flaw in a Smart Contract, something that it is becoming common in these bridge attacks. One user tweeted "...the bridge seems to allow the user to pass in an arbitrary amount when they withdraw that does not necessarily correlate with the amount they deposited into nomad on the other chain."
Hundreds were involved but the orchestration of the attack is not yet clear. It is likely to be the initial hacker inspiring a number of independent users who saw the open opportunity then simply copied and pasted the transaction data, swapping the wallet address for theirs.
What does that mean?
In previous Bridge attacks, such as the Wormhole and Ronin hacks, we have seen the businesses involved commit to reimbursing investors who suffered a loss, as to whether that is 100% of the stolen funds, this is unclear but either way, there is a loss to the business and to the investor.
Beyond the financial hit, these incidents are extremely damaging for the reputation of the business involved. There is a lack of trust in the ability of protocols to protect funds from theft and this is driving users to demand more when it comes to protecting their digital assets. As a result, the community are seeking out organisations that have additional layers of protective security such as Coincover’s Theft Protection and Disaster Recovery.
It’s unavoidable right?
While Bridges rely on smart contracts and while smart contracts are flawed in that they are immutable and not easy to fix any vulnerabilities quickly, it feels unavoidable. However, if anomalous transactions could be flagged and stopped, these attacks could be avoided. The truth is, this technology exists, in fact, this is exactly what Coincover is here to do, protect digital assets from theft. Businesses including bridges can integrate Coincover technology into their system to protect their users and themselves from these hacks.
Speak to the team to find out more