"Hackers Abuse ‘Chaotic’ Nomad Exploit to Drain Almost $200M in Crypto"

Cross-chain messaging protocol Nomad has become the target of crypto’s latest nine-figure attack after hackers abused a “chaotic” security exploit to steal almost $200 million in digital assets.  Nomad is a token bridge that allows users to send and receive tokens between Avalanche (AVAX), Ethereum (ETH), Evmos (EVMOS), Moonbeam (GLMR), and Milkomeda C1 blockchains.  The attack on Monday allowed the hackers to drain almost all of the protocol’s funds.  Approximately $190.7 million in crypto was stolen from the bridge, according to decentralized finance tracking platform DeFi Llama.  Nomad has yet to confirm how hackers were able to steal the funds.  But according to samczsun, the head of security at web3 investment firm Paradigm, a recent update to one of Nomad’s smart contracts made it easy for users to spoof transactions.  Samczsun noted that this meant that when a user transferred funds from one blockchain to another, Nomad allegedly never checked the amount, enabling the user to withdraw funds that didn’t belong to them.  For example, a user could send 1 ETH and then manually call the smart contract on the other blockchain to receive 100 ETH.  Blockchain audit company Zellic also came to the same conclusion.
 

TechCruch reports: "Hackers Abuse ‘Chaotic’ Nomad Exploit to Drain Almost $200M in Crypto"