A Hack of Nomad protocol: $190 Million Were Stolen Due To A Security Vulnerability
The Nomad hack, which took place on August 3, was the fourth largest hack in the history of cryptography. The exploit was due to a smart contract vulnerability involving hundreds of other users besides the hacker.
Users simply repeated the actions of the hacker and took as much as possible. They simply copied and pasted the transaction data used by the original hacker, changing the wallet address to their own.
Because of this, many considered this event a decentralized robbery.
The Nomad team later told Cointelegraph that some of the people who carried out the scam acted benevolently to protect the cryptocurrency from falling into the wrong hands.
After the hack, the BestBrokers cryptanalysis team discovered that the first exploit was committed on August 1st, resulting in 400 Bitcoin (BTC) debits in four different transactions. Later, the hackers withdrew all 22,880 ethers (ETH), then moved on to more than $107 million worth of stablecoins, and finally began to remove project-backed altcoins from the protocol.
In general, WBTC, Wrapped Ether (WETH), USD Coin (USDC), Frax (FRAX), Covalent Query Token (CQT), Hummingbird Governance Token (HBOT), IAGON (IAG), Dai (DAI), GeroWallet ( GERO), Card Starter (CARDS), Saddle DAO (SDL), and Charli3 (C3) tokens were carried out of the protocol.
Some altcoins stolen from the platform have dropped by 94%. Data compiled by the analytics firm showed that the following altcoins were the most affected after the hack:
The smart contract vulnerability that was exploited was noted in a security audit report prepared by Quantstamp in early June. The Nomad team even responded to the vulnerability by stating that “it’s virtually impossible to find a pre-image of an empty slate.”
The auditors believed that the Nomad team misunderstood the problem at the time, and within two months, the same vulnerability caused nearly $200 million in losses.