On August 1, 2022, the Nomad bridging protocol was rocked by a series of exploits that would later result in a token-stealing spree that totaled $88 million. The exploit exposed 90% of addresses that make up $186 million. This technique happens when the first hack successfully breaches the smart contracts, attracting new hackers and multiplying into new exploits.
According to crypto security professionals, the hackers used a so-called “copycat” scheme.
The Copycat Hack in a Nutshell
Coinbase’s internal investigators and researchers, Heidi Wilder and Peter Kacherginsky, claimed that hundreds of copycats happened when the first batch of hackers discovered the way to steal the money from the bridge.
The copycat hackers used the same code as the two original breachers and became a clustered competition within themselves regarding who could steal the most money from Nomad. They first targeted wrapped Bitcoin, then the stablecoin USDC, and the wrapped ETH. These tokens had the highest volumes, making them the perfect chance for the first hackers to attack.
The Whitehats Arrive
Miraculously, on August 9, 49% of the stolen tokens were returned. The stolen wBTC and wETH were converted into USDC and USDT thanks to some white hat hackers disguising themselves as copycat attackers.
The first three returned addresses claimed back their money through Tornado Cash.
Last August 7, the US Treasury sanctioned USDC and ETH addresses associated with the protocol.
The Nomad Bridge hack is one of the worst exploits of the year but not as large as the Wormhole Bridge heist of February 2022 and the Ronin
Bridge attack of March 2022. The Wormhole Bridge saw a $250 million loss while the Ronin Bridge lost $540 million, making these the most malicious digital breaches of the year.
Analysts and the blockchain community have criticized cross-chain bridges for their centralization,
making the point that it defeats the point of cryptocurrency. The centralized hub makes it a target-rich
environment for hackers.