$190 Million Stolen from Cryptocurrency Bridge Protocol Nomad

Another day, another cryptocurrency hack. This time, there was $190 million stolen from the cryptocurrency protocol known as Nomad. Hackers didn’t even have to do any sophisticated technological tricks to steal the money. There is a vulnerability present in the protocol’s code, and that made it very easy to exploit.

What Is Nomad?

Cryptocurrency bridges allow users to send assets from one kind of blockchain to another. Typically, different blockchain types are not compatible with one another, but bridges like the Nomad protocol allow for funds to be sent cross different blockchains with different requirements.

The Nomad bridge takes in one kind of coin that’s sent to it and then wraps the currency in a way so that other blockchain will accept it. It doesn’t change what that currency is, but it does change the way it appears to the other blockchain. Another way of looking at it is that a token is created and sent to the second blockchain to serve as a promise of funds from the first blockchain. The wrapped asset can easily be sent through this secondary block chain where the additional asset would be unacceptable.

To make all this happen, protocols like Nomad have to keep a lot of coins on reserve. Numerous assets have to be held to back up the wrapped tokens, and it’s from those stores of reserved assets that the $190 million was taken recently.

There is supposed to be protection for these assets to make sure that they’re not taken, but with such an obvious target, hackers were able to bypass the security protocols and deposit funds into various accounts around the world. Cryptocurrency bridges and other types of asset bridges are attractive for hackers because of all the money they contain that’s just sitting there. To date, nearly $2 billion has been stolen from bridges. Most of that has happened in 2022, with thefts from Ronin (which powers the Axie Infinity coin), Harmony, and now Nomad.

A lot the funds were stolen by accounts that impersonated Nomad and then sent the funds to fraudulent addresses.

What’s Going to Happen with the Missing Money?

Nomad security experts are working hard to get that money back. They even offered to not punish people who return at least 90% of the funds they’ve stolen. They said they would consider those hackers who returned the majority of the stolen funds to be white hat hackers and not worth pursuing. Nomad is also working with TRM labs (which is a chain analysis firm) to locate the funds and put them back where they belong.

As Nomad continues to try to trace its stolen funds, it has not issued a statement yet on how much has been recovered yet or whether anyone has voluntarily returned stolen funds.