To facilitate the movement of cryptocurrencies and NFTs from one blockchain to another, cross-chain bridges have been developed as a framework of smart contracts and communication scripts. Tokens are put into a smart contract on the “original” chain, and a “wrapped” form of the committed tokens is minted on the second chain. Users may get their native tokens out of the bridge by placing their wrapped tokens straight into the bridge and having them burnt.
Wrapped Bitcoin (WBTC) is a popular method for transferring Bitcoin from the Bitcoin blockchain to the Ethereum blockchain, where it may be utilized in Decentralized Financial (or “DeFi”) applications. Both stablecoins and non-fungible tokens (NFTs) may be encased in bridges. Bridges pose the greatest security risk to the blockchain ecosystem because they serve as huge pools of locked up cryptocurrency and digital assets that hackers may easily access.
The Nomad blockchain bridge was hacked yesterday, as reported by TechCrunch and Gizmodo, but the attack was so easy that hundreds of more users copied the transaction and emptied the bridge of $190M, in what blockchain engineer and Twitter user @0xfoobar is dubbing “the first decentralized crowd-looting of a 9-figure bridge in history.” Almost $200 million was stored in the Nomad bridge’s infrastructure before it was hacked. The bridge linked Ethereum, Avalanche, Evmos, Moonbeam, and Milkomeda.
Following the hack, the smart contracts in the bridge had only around $1700 in assets left. Many people have come forward, confessed to taking part in the theft, and offered to return the cash if a secure location could be disclosed. There have also been others who claim to be white-hat hackers that targeted the bridge in order to safeguard the cryptocurrency stored there.
To facilitate a future where several blockchains collaborate and exchange resources, bridges will be an essential part of the underlying architecture. In the same way that the early internet was a jumble of competing protocols until a single one won out, blockchain is still a jumble of protocols attempting to communicate with each other. Strong development standards for cross-chain bridges, improved regulation, and solutions to problems with privacy are all necessary for consumers to feel confident in Web3.
The current state of blockchain technology makes it tough for the average person to make use of; crypto wallets lack names that are understandable by humans; users are unaware of how to protect themselves from phishing scams; and hacks happen on a weekly basis. Bridges are the most valuable of these targets since they contain hundreds of millions of dollars’ worth of assets, and because there are no security standards in place, they are all constructed and handled differently.
But although the harm has been done, many people will do the right thing and give back the items they stole. Since every bitcoin taken from the Nomad bridge is now linked to the breach, any effort to deposit it into an exchange account will notify authorities. However, dishonest individuals will likely retain what they stole and will need to find a means to launder and pay out their crypto. The addresses used in the Nomad looting frenzy will be monitored by blockchain research and security organizations, and Nomad will likely make a call for honest players to refund the funds they took.