Here’s How the $190M Nomad Bridge Hack Happened

The story dominating crypto news today is the devastating $190 million Nomad bridge hack. Nomad is one of a number of cross-chain bridges in crypto, which let users exchange ERC-20 tokens.

“While most crypto hacks are caused by lone wolves, Monday’s $190 million exploit of the Nomad cross-bridge appears to have been driven by a feeding frenzy of hundreds of bad actors.

“Nomad’s cross-chain bridge was hacked for $190 million in various crypto assets yesterday after a software update exposed a critical vulnerability that allowed anyone to drain funds from the bridge.

“The vulnerability was initially discovered on Monday by an unknown hacker who quickly stole nearly $95 million, blockchain security firm PeckShield told The Block today. As the news of the initial exploit spread in crypto circles, others rushed to join the original hacker to take money for themselves.”

More than 300 addresses jumped in and looted whatever they could — with 41 of the addresses taking almost 80% of the stolen funds. A small number of whitehats managed to protect about 4.2% of the funds, but the rest went in the free-for-all.

How did it happen?

“According to PeckShield, the vulnerability was introduced by Nomad developers during a smart contract update. The bug came from the developers erroneously modifying the bridge’s smart contract and deploying the code without proper audit.

“’The Nomad bridge hack is made possible due to an improper initialization leading to the zero address (0x00) being marked as a trusted root, which led to every message being proven valid by default,’ PeckShield said.

“Marking 0x00 (also called as the zero address) the trusted root accidentally turned off a smart contract check that ensured withdrawals were made to valid addresses only.”

Smart contracts like Nomad, sometimes called “bridges,” exist to help coordinate transactions between chains. Nomad’s smart contract relied on being able to prove that the user had made a deposit prior to making a withdrawal. By trusting the zero address, this constraint was eliminated, and users could make any withdrawal they liked. This is the sort of bug that’s endemic to platforms like Ethereum, whose Solidity programming language offers no features nor any tools that might help programmers maintain such constraints.

That’s why we’re developing Symmetry — a programming language that includes a sophisticated type system and integrates cutting edge tools for ensuring code correctness. We believe it needs to be easier to write correct smart contracts and harder to accidentally introduce bugs like this.