Úvod › Forums › Performalita ARTISTIC MONEYFEST › Nomad Crypto Exploit Let People Steal Millions by Copy-Pasting a Script
- This topic is empty.
-
AuthorPosts
-
ashlybatemanGuest
id=”article-body” class=”row ” section=”article-body” data-component=”trackCWV”>
Bad code has resulted in $190 million being drained from Nomad’s bridge, a cryptocurrency protocol that allows people to move crypto coins between different blockchains. In what’s being called a “decentralized robbery,” a flaw in Nomad’s coding allowed people to steal money just by copy-and-pasting a script.<br>All blockchains may be indistinguishable to the uninitiated, but crypto traders often use several different ones, like ethereum, avalanche and solana. Trading tokens between different blockchains — like taking bitcoins and using them on ethereum’s blockchain, or taking ether coins and using them on solana — can actually be quite complex. To service this demand, several companies, including Nomad, have created “cross-chain” bridges. You deposit cryptocurrency in a smart contract on one blockchain and “bridge” those tokens to a different blockchain. <br><br>The key point, as it pertains to Monday’s exploit, is that this whole process relies on cryptocurrency being locked into the smart contract. A single ether deposited into an ethereum smart contract acts as collateral for the ether the user receives on, say, Avalanche’s blockchain. Nomad had over $190 million in people’s funds in its smart contract before the exploit. At the time of writing, only $9,000 remains locked in the smart contract. <br>
<br>Unfortunately, an “upgrade” to that smart contract led to an exploit that anyone could take advantage of. Decentralized finance being what it is — anonymous and susceptible to shady maneuvers — meant that $190 million was sucked out of the protocol in a number of hours. <br>
Messages popping up in public Discord servers of random people grabbing $3K-$20K from the Nomad bridge – all one had to do was copy the first hacker’s transaction and change the
window.CnetFunctions.logWithLabel(‘%c One Trust ‘, “Service loaded: script_twitterwidget with class optanon-category-C0005”);
Nomad bridge getting actively hacked. WETH and WBTC being taken out in million-dollar increments. Withdraw all funds if you can, still $126m remaining in the contract that’s likely at risk <br>— foobar (@0xfoobar)
window.CnetFunctions.logWithLabel(‘%c One Trust ‘, “Service loaded: script_twitterwidget with class optanon-category-C0005”);
This attack against Nomad was something, I’ve never seen before.<br><br>People started replicating the attack after a few minutes, while the initial attacker drained out the pool systematica
window.CnetFunctions.logWithLabel(‘%c One Trust ‘, “Service loaded: script_twitterwidget with class optanon-category-C0005”);
You’d need to know ethereum’s development language, Solidity, to . The gist is that the smart contract broke. Certain transactions that shouldn’t be approved could be pushed through and replicated. It appears that suspicious transactions began occurring at around 9:13 a.m. PT, when several wallets removed 100 bitcoin ($1.7 million) from the bridge. All anyone had to do from there was copy and paste the exact script the scammer used, 비트겟 replacing the original exploiter’s wallet number with their own, and push it through. Others took out funds in ether and the USDC stablecoin, among other tokens<br>p>”This is why the hack was so chaotic,” said Sam Sun, 코인거래소 a researcher for crypto investment firm Paradigm, in a . “You didn’t need to know about Solidity or Merkle Trees or anything like that. All y in the USDC stablecoin at a time, for ins<br>br>In the blockchain equivalent of “America’s Dumbest Criminals” types who rob gas stations with their nametag on, some people exploited their smart contract with public wallet addresses that are designed to be traceable. Many sent the funds back. Others claimed to be acting in good faith, withdrawing funds that they pledged to protect and send back when the smart contract was s<br>br>”We are aware of the incident involving the Nomad token bridge,” Nomad said in a statement on Twitter. “We are currently investigating and will provide updates when we have <br>br>Nomad didn’t immediately respond to a request for further c<br>nt.
-
AuthorPosts