Coinbase-Backed Cross-Chain Protocol Exploited For More Than $190 Million
KEY POINTS
- Nomad was drained in series of transaction starting at 5:32 p.m. ET Monday
- Hackers first drained 100 WBTC worth almost $2.3 million in a single transaction
- Nomad secured funding from Coinbase, Polygon, OpenSea and others in April
Nomad, a cross-chain protocol, was hacked Monday and funds were drained from the platform via a series of transactions. Overall, more than $190 million in cryptocurrencies were lost while leftover tokens are also at risk.
One of the first people to point out the attack was Sam Sun, a Research Partner and the Head of Security at crypto firm Paradigm. Sun pointed out an outflow of $150 million "in one of the most chaotic hacks that Web3 has ever seen." However, the amount was higher than anticipated.
Sun noted that the transactions saw an influx of 0.01 WBTC and an outflow of 100 WBTC which seemed like Nomad was running a "send 0.01 WBTC, get 100 WBTC back" promotion.
Meanwhile, a Twitter account by @0xfoobar, which is owned by a DeFi and NFT developer, pointed out a series of transactions wherein he stated that only $126 million funds are remaining of all the sum deposited in the Nomad protocol, warning users to withdraw funds.
However, according to the data from DeFi aggregator DefiLlama, as of 11:13 p.m. ET Monday, the total value locked (TVL) in Nomad was around $4,500 and crashed significantly from $190.38 million a few hours earlier. Almost all the funds have been drained by hackers.
The first suspicious transaction was seen at 5:32 p.m. ET Monday wherein hackers drained around 100 WBTC worth around $2.3 million. WBTC is a wrapped version of Bitcoin (BTC), i.e., it is simply an Ethereum ERC-20-based token that represents the price of Bitcoin.
The hack was later confirmed by the Nomad team on Twitter as well.
The tokens which were lost include WBTC, Wrapped Ether (WETH), USD Coin (USDC), Frax (FRAX), Covalent Query Token (CQT), Hummingbird Governance Token (HBOT), IAGON (IAG), Dai (DAI), GeroWallet (GERO), Card Starter (CARDS), Saddle DAO (SDL) and Charli3 (C3).
Interestingly, the hack event comes just a few days after Nomad revealed that it had secured $22.4 million from Coinbase Ventures, OpenSea, Crypto.com Capital, Wintermute, Gnosis, Algaé, and Polygon in an April seed funding round.
"With more than $1.5 billion stolen this year by hackers exposing vulnerabilities in cross-chain bridges, the industry is in need of security-first solutions that maximize the safety of users, funds, and messages," the firm said in an ironic July statement.
© Copyright IBTimes 2024. All rights reserved.