Nomad loses $200 million in latest attack

In the latest assault on cryptocurrencies, hackers stole nearly $200 million worth of ether and stablecoins from crypto bridge Nomad, outlets reported Tuesday morning.

Over the course of the two-hour attack, Nomad’s holdings dropped from $190.7 million to just $651.54. In a tweet early Tuesday, Nomad said it had alerted law enforcement and recruited blockchain intelligence and forensics firms, and was “working around the clock” to trace and recover the funds.

The hack underscores an ever-present fear in decentralized finance, which, by principle, has limited recourse when such crises strike as authorities cannot simply snatch back the funds. According to blockchain analytics firm Chainalysis, hackers bagged $3.2 billion in 2021, and are on pace to match that number in 2022. Loot can sometimes be recovered if the perpetrator is identified and arrested, or if a bounty price is paid to restore the funds.

But complicating matters is the “chaotic” nature of Nomad’s hack: While many attacks involve a single culprit, Nomad’s was a “frenzied free-for-all,” a researcher at crypto investment firm Paradigm wrote on Twitter. The funds were siphoned into more than 41 different wallet addresses, as vultures flocked to pillage Nomad once word of the exploit began to spread.

Enabling the scrum was the fact that hacking Nomad required scant complex coding. The exploit came through a routine software upgrade, which then failed to verify the amounts involved in any given transaction, allowing users to “spoof” transactions by manually rewriting the code to withdraw more cryptocurrencies than were held in their own accounts—thus treating Nomad like an unlimited ATM machine, spewing forth free cash. Once one hacker figured this out, others needed only copy-paste the malicious code to glom onto the scheme.

However, a tweet from Nomad suggested some of the funds might be in the care of “white hat” do-gooders, i.e., hackers who withdrew the coins in order to safeguard them once the “black hat” theft was underway.

The attack was the third major hack this year of a so-called crypto “bridge,” a class of crypto services that has been particularly vulnerable. According to…