Hackers stole nearly $200 million in cryptocurrency after the Nomad crypto bridge protocol was breached.
Blockchain security group CertiK said Nomad lost around $190 million in the hack, which it said was “due to a flawed upgrade.” Nomad said Tuesday that the company was “working around the clock to address the situation and have notified law enforcement and retained leading firms for blockchain intelligence and forensics.”
The breach was uncovered Monday after Nomad detected “impersonators posing as Nomad and providing fraudulent addresses to collect funds,” the company said in a tweet. Nomad told users to disregard communications “from all channels other than Nomad’s official channel.”
CertiK said hackers struck “after a routine upgrade allowed verification messages to be bypassed” allowing the attacker “to essentially copy/paste transactions and subsequently drain the bridge of nearly all its funds over a long series of transactions before it could be stopped.”
The Nomad breach is another example of how bridge protocols used to move tokens from one blockchain to another have become increasingly vulnerable to hacks.
Nomad announced last week it had raised $22.4 million from investors including Coinbase Ventures and OpenSea. The company described itself in the press release announcing its funding as a "security-first cross-chain messaging protocol" and said its "primary goal is to create a safer crypto ecosystem where blockchains can communicate seamlessly and securely with each other."
CEO Pranay Mohan described Nomad's security model as the "gold standard" in the press release.
"With more than $1.5 billion stolen this year by hackers exposing vulnerabilities in cross-chain bridges, the industry is in need of security-first solutions that maximize the safety of users, funds, and messages," the company added.